From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jiri Pirko <jiri@resnulli.us>
Subject: Re: [PATCH net 2/4] net/sched: act_police: disallow 'goto chain' on
 fallback control action
Date: Mon, 22 Oct 2018 22:57:26 +0200
Message-ID: <20181022205726.GB2556@nanopsycho.orion>
References: <cover.1540070509.git.dcaratti@redhat.com>
 <c2f076b0758b8cd997574b45c2abe064e28aca74.1540070509.git.dcaratti@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Cong Wang <xiyou.wangcong@gmail.com>,
        Jamal Hadi Salim <jhs@mojatatu.com>,
        "David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org
To: Davide Caratti <dcaratti@redhat.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-wm1-f65.google.com ([209.85.128.65]:51986 "EHLO
        mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728956AbeJWFXZ (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 23 Oct 2018 01:23:25 -0400
Received: by mail-wm1-f65.google.com with SMTP id 143-v6so11639426wmf.1
        for <netdev@vger.kernel.org>; Mon, 22 Oct 2018 14:03:15 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <c2f076b0758b8cd997574b45c2abe064e28aca74.1540070509.git.dcaratti@redhat.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

Sat, Oct 20, 2018 at 11:33:08PM CEST, dcaratti@redhat.com wrote:
>in the following command:
>
> # tc action add action police rate <r> burst <b> conform-exceed <c1>/<c2>
>
>'goto chain x' is allowed only for c1: setting it for c2 makes the kernel
>crash with NULL pointer dereference, since TC core doesn't initialize the
>chain handle.
>
>Signed-off-by: Davide Caratti <dcaratti@redhat.com>
>---
> net/sched/act_police.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
>diff --git a/net/sched/act_police.c b/net/sched/act_police.c
>index 5d8bfa878477..3b793393efd1 100644
>--- a/net/sched/act_police.c
>+++ b/net/sched/act_police.c
>@@ -150,6 +150,16 @@ static int tcf_police_init(struct net *net, struct nlattr *nla,
> 		goto failure;
> 	}
> 
>+	if (tb[TCA_POLICE_RESULT]) {
>+		police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
>+		if (TC_ACT_EXT_CMP(police->tcfp_result, TC_ACT_GOTO_CHAIN)) {
>+			NL_SET_ERR_MSG(extack,
>+				       "goto chain not allowed on fallback");

Also, no need for line-wrap

Acked-by: Jiri Pirko <jiri@mellanox.com>



>+			err = -EINVAL;
>+			goto failure;
>+		}
>+	}
>+
> 	spin_lock_bh(&police->tcf_lock);
> 	/* No failure allowed after this point */
> 	police->tcfp_mtu = parm->mtu;
>@@ -173,8 +183,6 @@ static int tcf_police_init(struct net *net, struct nlattr *nla,
> 		police->peak_present = false;
> 	}
> 
>-	if (tb[TCA_POLICE_RESULT])
>-		police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
> 	police->tcfp_burst = PSCHED_TICKS2NS(parm->burst);
> 	police->tcfp_toks = police->tcfp_burst;
> 	if (police->peak_present) {
>-- 
>2.17.1
>