]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commitdiff
net_sched: check error pointer in tcf_dump_walker()
authorCong Wang <xiyou.wangcong@gmail.com>
Fri, 2 Oct 2020 19:13:34 +0000 (12:13 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sun, 4 Oct 2020 21:53:06 +0000 (14:53 -0700)
Although we take RTNL on dump path, it is possible to
skip RTNL on insertion path. So the following race condition
is possible:

rtnl_lock() // no rtnl lock
mutex_lock(&idrinfo->lock);
// insert ERR_PTR(-EBUSY)
mutex_unlock(&idrinfo->lock);
tc_dump_action()
rtnl_unlock()

So we have to skip those temporary -EBUSY entries on dump path
too.

Reported-and-tested-by: syzbot+b47bc4f247856fb4d9e1@syzkaller.appspotmail.com
Fixes: 0fedc63fadf0 ("net_sched: commit action insertions together")
Cc: Vlad Buslov <vladbu@mellanox.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sched/act_api.c

index 5612b336e18e208a7768068d64a7072b4be9d53e..798430e1a79f1ec49eaa11aab269433237230d24 100644 (file)
@@ -235,6 +235,8 @@ static int tcf_dump_walker(struct tcf_idrinfo *idrinfo, struct sk_buff *skb,
                index++;
                if (index < s_i)
                        continue;
+               if (IS_ERR(p))
+                       continue;
 
                if (jiffy_since &&
                    time_after(jiffy_since,