From mboxrd@z Thu Jan 1 00:00:00 1970 From: Davide Caratti Subject: [PATCH net 2/4] net/sched: act_police: disallow 'goto chain' on fallback control action Date: Sat, 20 Oct 2018 23:33:08 +0200 Message-ID: References: To: Jiri Pirko , Cong Wang , Jamal Hadi Salim , "David S. Miller" , netdev@vger.kernel.org Return-path: Received: from mx1.redhat.com ([209.132.183.28]:36864 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726710AbeJUFpH (ORCPT ); Sun, 21 Oct 2018 01:45:07 -0400 In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: in the following command: # tc action add action police rate burst conform-exceed / 'goto chain x' is allowed only for c1: setting it for c2 makes the kernel crash with NULL pointer dereference, since TC core doesn't initialize the chain handle. Signed-off-by: Davide Caratti --- net/sched/act_police.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/net/sched/act_police.c b/net/sched/act_police.c index 5d8bfa878477..3b793393efd1 100644 --- a/net/sched/act_police.c +++ b/net/sched/act_police.c @@ -150,6 +150,16 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, goto failure; } + if (tb[TCA_POLICE_RESULT]) { + police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); + if (TC_ACT_EXT_CMP(police->tcfp_result, TC_ACT_GOTO_CHAIN)) { + NL_SET_ERR_MSG(extack, + "goto chain not allowed on fallback"); + err = -EINVAL; + goto failure; + } + } + spin_lock_bh(&police->tcf_lock); /* No failure allowed after this point */ police->tcfp_mtu = parm->mtu; @@ -173,8 +183,6 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, police->peak_present = false; } - if (tb[TCA_POLICE_RESULT]) - police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); police->tcfp_burst = PSCHED_TICKS2NS(parm->burst); police->tcfp_toks = police->tcfp_burst; if (police->peak_present) { -- 2.17.1