lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 27 Jan 2020 10:52:15 +0100 (CET)
From:   David Miller <>
Subject: Re: [Patch net] net_sched: fix ops->bind_class() implementations

From: Cong Wang <>
Date: Thu, 23 Jan 2020 16:26:18 -0800

> The current implementations of ops->bind_class() are merely
> searching for classid and updating class in the struct tcf_result,
> without invoking either of cl_ops->bind_tcf() or
> cl_ops->unbind_tcf(). This breaks the design of them as qdisc's
> like cbq use them to count filters too. This is why syzbot triggered
> the warning in cbq_destroy_class().
> In order to fix this, we have to call cl_ops->bind_tcf() and
> cl_ops->unbind_tcf() like the filter binding path. This patch does
> so by refactoring out two helper functions __tcf_bind_filter()
> and __tcf_unbind_filter(), which are lockless and accept a Qdisc
> pointer, then teaching each implementation to call them correctly.
> Note, we merely pass the Qdisc pointer as an opaque pointer to
> each filter, they only need to pass it down to the helper
> functions without understanding it at all.
> Fixes: 07d79fc7d94e ("net_sched: add reverse binding for tc class")
> Reported-and-tested-by:
> Reported-and-tested-by:
> Cc: Jamal Hadi Salim <>
> Cc: Jiri Pirko <>
> Signed-off-by: Cong Wang <>

Applied and queued up for -stable.

Powered by blists - more mailing lists