mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net
History
Jamal Hadi Salim c0931e464b net_sched: cls_route: disallow handle of 0 
commit 0279957171 upstream.

Follows up on:
https://lore.kernel.org/all/20220809170518.164662-1-cascardo@canonical.com/

handle of 0 implies from/to of universe realm which is not very
sensible.

Lets see what this patch will do:
$sudo tc qdisc add dev $DEV root handle 1:0 prio

//lets manufacture a way to insert handle of 0
$sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 \
route to 0 from 0 classid 1:10 action ok

//gets rejected...
Error: handle of 0 is not valid.
We have an error talking to the kernel, -1

//lets create a legit entry..
sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 route from 10 \
classid 1:10 action ok

//what did the kernel insert?
$sudo tc filter ls dev $DEV parent 1:0
filter protocol ip pref 100 route chain 0
filter protocol ip pref 100 route chain 0 fh 0x000a8000 flowid 1:10 from 10
	action order 1: gact action pass
	 random type none pass val 0
	 index 1 ref 1 bind 1

//Lets try to replace that legit entry with a handle of 0
$ sudo tc filter replace dev $DEV parent 1:0 protocol ip prio 100 \
handle 0x000a8000 route to 0 from 0 classid 1:10 action drop

Error: Replacing with handle of 0 is invalid.
We have an error talking to the kernel, -1

And last, lets run Cascardo's POC:
$ ./poc
0
0
-22
-22
-22

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-08-21 15:18:56 +02:00
..
6lowpan net: don't include ndisc.h from ipv6.h 2022-02-04 14:15:11 -08:00
9p net/9p: Initialize the iounit field during fid creation 2022-08-17 14:42:24 +02:00
802
8021q vlan: fix memory leak in vlan_newlink() 2022-07-22 10:21:33 +02:00
appletalk net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
atm net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
ax25 ax25: fix incorrect dev_tracker usage 2022-08-17 14:41:14 +02:00
batman-adv batman-adv: tracing: Use the new __vstring() helper 2022-08-17 14:42:29 +02:00
bluetooth Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression 2022-08-17 14:42:36 +02:00
bpf bpf, x86: Generate trampolines from bpf_tramp_links 2022-08-17 14:41:04 +02:00
bpfilter uaccess: remove CONFIG_SET_FS 2022-02-25 09:36:06 +01:00
bridge bridge: Do not send empty IFLA_AF_SPEC attribute 2022-08-03 12:05:20 +02:00
caif net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
can can: bcm: use call_rcu() instead of costly synchronize_rcu() 2022-07-12 16:42:12 +02:00
ceph libceph: fix misleading ceph_osdc_cancel_request() comment 2022-05-18 21:21:29 +02:00
core bpf: Fix bpf_xdp_pointer return pointer 2022-08-17 14:41:11 +02:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-03 08:01:55 -08:00
dccp dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock 2022-08-17 14:41:16 +02:00
decnet net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-08-03 12:05:26 +02:00
dns_resolver
dsa net: dsa: fix reference counting for LAG FDBs 2022-08-03 12:05:27 +02:00
ethernet
ethtool ethtool: Fix get module eeprom fallback 2022-06-29 09:04:31 +02:00
hsr net: add per-cpu storage and net->core_stats 2022-03-11 23:17:24 -08:00
ieee802154 net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
ife
ipv4 raw: fix a typo in raw_icmp_error() 2022-08-17 14:42:34 +02:00
ipv6 raw: remove unused variables from raw6_icmp_error() 2022-08-17 14:42:34 +02:00
iucv net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
kcm
key net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
l2tp net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-15 14:27:24 -07:00
lapb
llc llc: only change llc->dev when bind() succeeds 2022-03-25 16:55:41 -07:00
mac80211 wifi: mac80211: fix queue selection for mesh/OCB interfaces 2022-07-22 10:21:20 +02:00
mac802154
mctp net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
mpls net: mpls: Fix GCC 12 warning 2022-02-10 15:29:39 +00:00
mptcp mptcp: refine memory scheduling 2022-08-17 14:42:34 +02:00
ncsi
netfilter netfilter: nft_queue: only allow supported familes and hooks 2022-08-17 14:40:27 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-03-21 10:59:11 +00:00
netlink net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
netrom net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
nfc net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
nsh
openvswitch net: openvswitch: fix parsing of nw_proto for IPv6 fragments 2022-06-29 09:04:25 +02:00
packet net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
phonet net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
psample
qrtr net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
rds net: rds: use maybe_get_net() when acquiring refcount on TCP sockets 2022-05-05 16:44:49 -07:00
rfkill rfkill: make new event layout opt-in 2022-03-18 13:09:17 +02:00
rose net: rose: fix netdev reference changes 2022-08-17 14:41:16 +02:00
rxrpc rxrpc: Fix decision on when to generate an IDLE ACK 2022-06-09 10:30:20 +02:00
sched net_sched: cls_route: disallow handle of 0 2022-08-21 15:18:56 +02:00
sctp sctp: leave the err path free in sctp_stream_init to sctp_stream_free 2022-08-03 12:05:28 +02:00
smc tcp: Fix data-races around keepalive sysctl knobs. 2022-07-29 17:28:04 +02:00
strparser
sunrpc SUNRPC: Fix READ_PLUS crasher 2022-07-07 17:54:47 +02:00
switchdev net: switchdev: remove lag_mod_cb from switchdev_handle_fdb_event_to_device 2022-02-24 21:31:43 -08:00
tipc net: Fix data-races around sysctl_[rw]mem(_offset)?. 2022-08-03 12:05:26 +02:00
tls net/tls: Remove the context from the list in tls_device_down 2022-08-03 12:05:23 +02:00
unix net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
vmw_vsock net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
wireless cfg80211: declare MODULE_FIRMWARE for regulatory.db 2022-06-09 10:30:50 +02:00
x25 net: remove noblock parameter from skb_recv_datagram() 2022-06-22 14:28:02 +02:00
xdp xsk: Clear page contiguity bit when unmapping pool 2022-07-12 16:42:21 +02:00
xfrm ip: Fix data-races around sysctl_ip_no_pmtu_disc. 2022-07-29 17:28:00 +02:00
Kconfig page_pool: Add allocation stats 2022-03-03 09:55:28 +00:00
Kconfig.debug
Makefile
compat.c
devres.c
socket.c fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
sysctl_net.c