lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 27 Jan 2020 10:52:15 +0100 (CET)
From:   David Miller <davem@...emloft.net>
To:     xiyou.wangcong@...il.com
Cc:     netdev@...r.kernel.org,
        syzbot+0a0596220218fcb603a8@...kaller.appspotmail.com,
        syzbot+63bdb6006961d8c917c6@...kaller.appspotmail.com,
        jhs@...atatu.com, jiri@...nulli.us
Subject: Re: [Patch net] net_sched: fix ops->bind_class() implementations

From: Cong Wang <xiyou.wangcong@...il.com>
Date: Thu, 23 Jan 2020 16:26:18 -0800

> The current implementations of ops->bind_class() are merely
> searching for classid and updating class in the struct tcf_result,
> without invoking either of cl_ops->bind_tcf() or
> cl_ops->unbind_tcf(). This breaks the design of them as qdisc's
> like cbq use them to count filters too. This is why syzbot triggered
> the warning in cbq_destroy_class().
> 
> In order to fix this, we have to call cl_ops->bind_tcf() and
> cl_ops->unbind_tcf() like the filter binding path. This patch does
> so by refactoring out two helper functions __tcf_bind_filter()
> and __tcf_unbind_filter(), which are lockless and accept a Qdisc
> pointer, then teaching each implementation to call them correctly.
> 
> Note, we merely pass the Qdisc pointer as an opaque pointer to
> each filter, they only need to pass it down to the helper
> functions without understanding it at all.
> 
> Fixes: 07d79fc7d94e ("net_sched: add reverse binding for tc class")
> Reported-and-tested-by: syzbot+0a0596220218fcb603a8@...kaller.appspotmail.com
> Reported-and-tested-by: syzbot+63bdb6006961d8c917c6@...kaller.appspotmail.com
> Cc: Jamal Hadi Salim <jhs@...atatu.com>
> Cc: Jiri Pirko <jiri@...nulli.us>
> Signed-off-by: Cong Wang <xiyou.wangcong@...il.com>

Applied and queued up for -stable.

Powered by blists - more mailing lists