| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260114160243.913069-1-jhs@mojatatu.com>
Date: Wed, 14 Jan 2026 11:02:40 -0500
From: Jamal Hadi Salim <jhs@...atatu.com>
To: davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com,
horms@...nel.org,
andrew+netdev@...n.ch
Cc: netdev@...r.kernel.org,
xiyou.wangcong@...il.com,
jiri@...nulli.us,
victor@...atatu.com,
km.kim1503@...il.com,
security@...nel.org,
Jamal Hadi Salim <jhs@...atatu.com>
Subject: [PATCH net 0/3] net/sched: teql: Enforce hierarchy placement
GangMin Kim <km.kim1503@...il.com> managed to create a UAF on qfq by inserting
teql as a child qdisc and exploiting a qlen sync issue.
teql is not intended to be used as a child qdisc. Lets enforce that rule in
patch #1. Although patch #1 fixes the issue, we prevent another potential qlen
exploit in qfq in patch #2 by enforcing the child's active status is not
determined by inspecting the qlen. In patch #3 we add a tdc test case.
Jamal Hadi Salim (2):
net/sched: Enforce that teql can only be used as root qdisc
net/sched: qfq: Use cl_is_active to determine whether class is active
in qfq_rm_from_ag
Victor Nogueira (1):
selftests/tc-testing: Try to add teql as a child qdisc
net/sched/sch_qfq.c | 2 +-
net/sched/sch_teql.c | 5 ++++
.../tc-testing/tc-tests/qdiscs/teql.json | 25 +++++++++++++++++++
3 files changed, 31 insertions(+), 1 deletion(-)
--
2.34.1
Powered by blists - more mailing lists