diff options
author | Davide Caratti <dcaratti@redhat.com> | 2018-10-21 00:33:08 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-10-23 05:42:50 +0300 |
commit | c08f5ed5d625926f38552b734b587a28e947b55c (patch) | |
tree | 558eb27811f3c42a1a0d2ce53de8f1687cc579f8 | |
parent | 9469f375ab0900075bd3f1f58083c19b0224d978 (diff) | |
download | linux-c08f5ed5d625926f38552b734b587a28e947b55c.tar.xz |
net/sched: act_police: disallow 'goto chain' on fallback control action
in the following command:
# tc action add action police rate <r> burst <b> conform-exceed <c1>/<c2>
'goto chain x' is allowed only for c1: setting it for c2 makes the kernel
crash with NULL pointer dereference, since TC core doesn't initialize the
chain handle.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/sched/act_police.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/net/sched/act_police.c b/net/sched/act_police.c index 92649d2667ed..052855d47354 100644 --- a/net/sched/act_police.c +++ b/net/sched/act_police.c @@ -185,8 +185,6 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, new->peak_present = false; } - if (tb[TCA_POLICE_RESULT]) - new->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); new->tcfp_burst = PSCHED_TICKS2NS(parm->burst); new->tcfp_toks = new->tcfp_burst; if (new->peak_present) { @@ -198,6 +196,16 @@ static int tcf_police_init(struct net *net, struct nlattr *nla, if (tb[TCA_POLICE_AVRATE]) new->tcfp_ewma_rate = nla_get_u32(tb[TCA_POLICE_AVRATE]); + if (tb[TCA_POLICE_RESULT]) { + new->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); + if (TC_ACT_EXT_CMP(new->tcfp_result, TC_ACT_GOTO_CHAIN)) { + NL_SET_ERR_MSG(extack, + "goto chain not allowed on fallback"); + err = -EINVAL; + goto failure; + } + } + spin_lock_bh(&police->tcf_lock); new->tcfp_t_c = ktime_get_ns(); police->tcf_action = parm->action; |