All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH net] sch_sfq: fix null pointer dereference at timer expiration
@ 2017-11-28 13:28 Paolo Abeni
  2017-11-28 17:50 ` Cong Wang
  2017-11-28 20:54 ` David Miller
  0 siblings, 2 replies; 4+ messages in thread
From: Paolo Abeni @ 2017-11-28 13:28 UTC (permalink / raw)
  To: netdev
  Cc: Jamal Hadi Salim, Cong Wang, Jiri Pirko, David S. Miller, Kees Cook

While converting sch_sfq to use timer_setup(), the commit cdeabbb88134
("net: sched: Convert timers to use timer_setup()") forgot to
initialize the 'sch' field. As a result, the timer callback tries to
dereference a NULL pointer, and the kernel does oops.

Fix it initializing such field at qdisc creation time.

Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
 net/sched/sch_sfq.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c
index 890f4a4564e7..09c1203c1711 100644
--- a/net/sched/sch_sfq.c
+++ b/net/sched/sch_sfq.c
@@ -724,6 +724,7 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt)
 	int i;
 	int err;
 
+	q->sch = sch;
 	timer_setup(&q->perturb_timer, sfq_perturbation, TIMER_DEFERRABLE);
 
 	err = tcf_block_get(&q->block, &q->filter_list, sch);
-- 
2.13.6

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH net] sch_sfq: fix null pointer dereference at timer expiration
  2017-11-28 13:28 [PATCH net] sch_sfq: fix null pointer dereference at timer expiration Paolo Abeni
@ 2017-11-28 17:50 ` Cong Wang
  2017-11-28 20:16   ` Kees Cook
  2017-11-28 20:54 ` David Miller
  1 sibling, 1 reply; 4+ messages in thread
From: Cong Wang @ 2017-11-28 17:50 UTC (permalink / raw)
  To: Paolo Abeni
  Cc: Linux Kernel Network Developers, Jamal Hadi Salim, Jiri Pirko,
	David S. Miller, Kees Cook

On Tue, Nov 28, 2017 at 5:28 AM, Paolo Abeni <pabeni@redhat.com> wrote:
> While converting sch_sfq to use timer_setup(), the commit cdeabbb88134
> ("net: sched: Convert timers to use timer_setup()") forgot to
> initialize the 'sch' field. As a result, the timer callback tries to
> dereference a NULL pointer, and the kernel does oops.
>
> Fix it initializing such field at qdisc creation time.
>
> Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>

Acked-by: Cong Wang <xiyou.wangcong@gmail.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH net] sch_sfq: fix null pointer dereference at timer expiration
  2017-11-28 17:50 ` Cong Wang
@ 2017-11-28 20:16   ` Kees Cook
  0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2017-11-28 20:16 UTC (permalink / raw)
  To: David S. Miller
  Cc: Paolo Abeni, Linux Kernel Network Developers, Jamal Hadi Salim,
	Jiri Pirko, Cong Wang

On Tue, Nov 28, 2017 at 9:50 AM, Cong Wang <xiyou.wangcong@gmail.com> wrote:
> On Tue, Nov 28, 2017 at 5:28 AM, Paolo Abeni <pabeni@redhat.com> wrote:
>> While converting sch_sfq to use timer_setup(), the commit cdeabbb88134
>> ("net: sched: Convert timers to use timer_setup()") forgot to
>> initialize the 'sch' field. As a result, the timer callback tries to
>> dereference a NULL pointer, and the kernel does oops.
>>
>> Fix it initializing such field at qdisc creation time.
>>
>> Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()")
>> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
>
> Acked-by: Cong Wang <xiyou.wangcong@gmail.com>

Thanks for the catch! Yup, this was a goof on my end (all other timers
correctly initialize that value, but the one in sfq_init() got
missed). Thanks!

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

-- 
Kees Cook
Pixel Security

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH net] sch_sfq: fix null pointer dereference at timer expiration
  2017-11-28 13:28 [PATCH net] sch_sfq: fix null pointer dereference at timer expiration Paolo Abeni
  2017-11-28 17:50 ` Cong Wang
@ 2017-11-28 20:54 ` David Miller
  1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2017-11-28 20:54 UTC (permalink / raw)
  To: pabeni; +Cc: netdev, jhs, xiyou.wangcong, jiri, keescook

From: Paolo Abeni <pabeni@redhat.com>
Date: Tue, 28 Nov 2017 14:28:39 +0100

> While converting sch_sfq to use timer_setup(), the commit cdeabbb88134
> ("net: sched: Convert timers to use timer_setup()") forgot to
> initialize the 'sch' field. As a result, the timer callback tries to
> dereference a NULL pointer, and the kernel does oops.
> 
> Fix it initializing such field at qdisc creation time.
> 
> Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>

Applied, thank you.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-11-28 20:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-28 13:28 [PATCH net] sch_sfq: fix null pointer dereference at timer expiration Paolo Abeni
2017-11-28 17:50 ` Cong Wang
2017-11-28 20:16   ` Kees Cook
2017-11-28 20:54 ` David Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.