Merge branch 'forbid-goto_chain-fallback'
Davide Caratti says: ==================== net/sched: forbid 'goto_chain' on fallback actions the following command: # tc actions add action police rate 1mbit burst 1k conform-exceed \ > pass / goto chain 42 generates a NULL pointer dereference when packets exceed the configured rate. Similarly, the following command: # tc actions add action pass random determ goto chain 42 2 makes the kernel crash with NULL dereference when the first packet does not match the 'pass' action. gact and police allow users to specify a fallback control action, that is stored in the action private data. 'goto chain x' never worked for these cases, since a->goto_chain handle was never initialized. There is only one goto_chain handle per TC action, and it is designed to be non-NULL only if tcf_action contains a 'goto chain' command. So, let's forbid 'goto chain' on fallback actions. Patch 1/4 and 2/4 change the .init() functions of police and gact, to let them return an error when users try to set 'goto chain x' in the fallback action. Patch 3/4 and 4/4 add TDC selftest coverage to this new behavior. ==================== Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
ec7f0ee2c1
@ -88,6 +88,11 @@ static int tcf_gact_init(struct net *net, struct nlattr *nla,
|
||||
p_parm = nla_data(tb[TCA_GACT_PROB]);
|
||||
if (p_parm->ptype >= MAX_RAND)
|
||||
return -EINVAL;
|
||||
if (TC_ACT_EXT_CMP(p_parm->paction, TC_ACT_GOTO_CHAIN)) {
|
||||
NL_SET_ERR_MSG(extack,
|
||||
"goto chain not allowed on fallback");
|
||||
return -EINVAL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -185,8 +185,6 @@ static int tcf_police_init(struct net *net, struct nlattr *nla,
|
||||
new->peak_present = false;
|
||||
}
|
||||
|
||||
if (tb[TCA_POLICE_RESULT])
|
||||
new->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
|
||||
new->tcfp_burst = PSCHED_TICKS2NS(parm->burst);
|
||||
new->tcfp_toks = new->tcfp_burst;
|
||||
if (new->peak_present) {
|
||||
@ -198,6 +196,16 @@ static int tcf_police_init(struct net *net, struct nlattr *nla,
|
||||
if (tb[TCA_POLICE_AVRATE])
|
||||
new->tcfp_ewma_rate = nla_get_u32(tb[TCA_POLICE_AVRATE]);
|
||||
|
||||
if (tb[TCA_POLICE_RESULT]) {
|
||||
new->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
|
||||
if (TC_ACT_EXT_CMP(new->tcfp_result, TC_ACT_GOTO_CHAIN)) {
|
||||
NL_SET_ERR_MSG(extack,
|
||||
"goto chain not allowed on fallback");
|
||||
err = -EINVAL;
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
|
||||
spin_lock_bh(&police->tcf_lock);
|
||||
new->tcfp_t_c = ktime_get_ns();
|
||||
police->tcf_action = parm->action;
|
||||
|
@ -536,5 +536,29 @@
|
||||
"matchPattern": "^[ \t]+index [0-9]+ ref",
|
||||
"matchCount": "0",
|
||||
"teardown": []
|
||||
},
|
||||
{
|
||||
"id": "8e47",
|
||||
"name": "Add gact action with random determ goto chain control action",
|
||||
"category": [
|
||||
"actions",
|
||||
"gact"
|
||||
],
|
||||
"setup": [
|
||||
[
|
||||
"$TC actions flush action gact",
|
||||
0,
|
||||
1,
|
||||
255
|
||||
]
|
||||
],
|
||||
"cmdUnderTest": "$TC actions add action pass random determ goto chain 1 2 index 90",
|
||||
"expExitCode": "255",
|
||||
"verifyCmd": "$TC actions list action gact",
|
||||
"matchPattern": "action order [0-9]*: gact action pass random type determ goto chain 1 val 2.*index 90 ref",
|
||||
"matchCount": "0",
|
||||
"teardown": [
|
||||
"$TC actions flush action gact"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
@ -715,5 +715,29 @@
|
||||
"teardown": [
|
||||
"$TC actions flush action police"
|
||||
]
|
||||
},
|
||||
{
|
||||
"id": "b48b",
|
||||
"name": "Add police action with exceed goto chain control action",
|
||||
"category": [
|
||||
"actions",
|
||||
"police"
|
||||
],
|
||||
"setup": [
|
||||
[
|
||||
"$TC actions flush action police",
|
||||
0,
|
||||
1,
|
||||
255
|
||||
]
|
||||
],
|
||||
"cmdUnderTest": "$TC actions add action police rate 1mbit burst 1k conform-exceed pass / goto chain 42",
|
||||
"expExitCode": "255",
|
||||
"verifyCmd": "$TC actions ls action police",
|
||||
"matchPattern": "action order [0-9]*: police 0x1 rate 1Mbit burst 1Kb mtu 2Kb action pass/goto chain 42",
|
||||
"matchCount": "0",
|
||||
"teardown": [
|
||||
"$TC actions flush action police"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
Loading…
x
Reference in New Issue
Block a user