mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-29 15:42:46 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/sched
History
Toke Høiland-Jørgensen 9efd23297c sch_sfb: Don't assume the skb is still around after enqueueing to child 
The sch_sfb enqueue() routine assumes the skb is still alive after it has
been enqueued into a child qdisc, using the data in the skb cb field in the
increment_qlen() routine after enqueue. However, the skb may in fact have
been freed, causing a use-after-free in this case. In particular, this
happens if sch_cake is used as a child of sfb, and the GSO splitting mode
of CAKE is enabled (in which case the skb will be split into segments and
the original skb freed).

Fix this by copying the sfb cb data to the stack before enqueueing the skb,
and using this stack copy in increment_qlen() instead of the skb pointer
itself.

Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-18231
Fixes: e13e02a3c6 ("net_sched: SFB flow scheduler")
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-09-02 12:23:26 +01:00
..
act_api.c net/sched: act_api: Notify user space if any actions were flushed before error 2022-06-27 21:51:23 -07:00
act_bpf.c bpf: Keep the (rcv) timestamp behavior for the existing tc-bpf@ingress 2022-03-03 14:38:48 +00:00
act_connmark.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_csum.c net/sched: act_api: Add extack to offload_act_setup() callback 2022-04-08 13:45:43 +01:00
act_ct.c net/sched: act_ct: set 'net' pointer when creating new nf_flow_table 2022-07-11 16:25:14 +02:00
act_ctinfo.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_gact.c net/sched: act_gact: Add extack messages for offload failure 2022-04-08 13:45:43 +01:00
act_gate.c net/sched: act_api: Add extack to offload_act_setup() callback 2022-04-08 13:45:43 +01:00
act_ife.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_ipt.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
act_mpls.c net/sched: act_mpls: Add extack messages for offload failure 2022-04-08 13:45:43 +01:00
act_nat.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_pedit.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-19 11:23:59 -07:00
act_police.c net/sched: act_police: allow 'continue' action offload 2022-07-06 12:44:39 +01:00
act_sample.c net/sched: act_api: Add extack to offload_act_setup() callback 2022-04-08 13:45:43 +01:00
act_simple.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_skbedit.c net: sched: support hash selecting tx queue 2022-04-19 12:20:45 +02:00
act_skbmod.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_tunnel_key.c net/sched: act_tunnel_key: Add extack message for offload failure 2022-04-08 13:45:43 +01:00
act_vlan.c net/sched: act_vlan: Add extack message for offload failure 2022-04-08 13:45:43 +01:00
cls_api.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-07-21 13:03:39 -07:00
cls_basic.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_bpf.c bpf: Keep the (rcv) timestamp behavior for the existing tc-bpf@ingress 2022-03-03 14:38:48 +00:00
cls_cgroup.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_flow.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_flower.c net/sched: flower: Add PPPoE filter 2022-07-26 10:20:29 -07:00
cls_fw.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_matchall.c net/sched: matchall: Avoid overwriting error messages 2022-04-08 13:45:43 +01:00
cls_route.c net_sched: cls_route: disallow handle of 0 2022-08-15 11:46:30 +01:00
cls_rsvp.c
cls_rsvp.h net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_rsvp6.c
cls_tcindex.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_u32.c net/sched: cls_u32: fix possible leak in u32_init_knode() 2022-04-15 14:26:11 -07:00
em_canid.c
em_cmp.c
em_ipset.c
em_ipt.c
em_meta.c net_sched: em_meta: add READ_ONCE() in var_sk_bound_if() 2022-05-16 10:31:06 +01:00
em_nbyte.c net: sched: Return the correct errno code 2021-02-06 11:15:28 -08:00
em_text.c
em_u32.c
ematch.c net: sched: Fix spelling mistakes 2021-05-31 22:44:56 -07:00
Kconfig
Makefile
sch_api.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
sch_atm.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_blackhole.c
sch_cake.c Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" 2022-08-31 20:02:28 -07:00
sch_cbq.c net/sched: sch_cbq: change the type of cbq_set_lss to void 2022-07-27 18:30:18 -07:00
sch_cbs.c
sch_choke.c net: sched: validate stab values 2021-03-10 15:47:52 -08:00
sch_codel.c
sch_drr.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_dsmark.c net/sched: store the last executed chain also for clsact egress 2021-07-29 22:17:37 +01:00
sch_etf.c
sch_ets.c net/sched: sch_ets: don't remove idle classes from the round-robin list 2021-12-13 12:30:23 +00:00
sch_fifo.c net_sched: fix NULL deref in fifo_set_limit() 2021-10-01 14:59:10 -07:00
sch_fq.c
sch_fq_codel.c fq_codel: generalise ce_threshold marking for subset of traffic 2021-10-20 15:24:36 -07:00
sch_fq_pie.c net/sched: fq_pie: prevent dismantle issue 2021-12-09 08:01:00 -08:00
sch_frag.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-12-31 14:35:40 +00:00
sch_generic.c net/sched: fix netdevice reference leaks in attach_default_qdiscs() 2022-08-30 15:10:08 +02:00
sch_gred.c net: sched: gred: dynamically allocate tc_gred_qopt_offload 2021-10-27 12:06:52 -07:00
sch_hfsc.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_hhf.c
sch_htb.c sch_htb: Fail on unsupported parameters when offload is requested 2022-01-25 20:00:02 -08:00
sch_ingress.c
sch_mq.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_mqprio.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_multiq.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_netem.c net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms 2022-06-17 20:29:38 -07:00
sch_pie.c
sch_plug.c
sch_prio.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_qfq.c sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc 2022-01-04 12:36:51 +00:00
sch_red.c net: sched: validate stab values 2021-03-10 15:47:52 -08:00
sch_sfb.c sch_sfb: Don't assume the skb is still around after enqueueing to child 2022-09-02 12:23:26 +01:00
sch_sfq.c net/sched: store the last executed chain also for clsact egress 2021-07-29 22:17:37 +01:00
sch_skbprio.c
sch_taprio.c time64.h: consolidate uses of PSEC_PER_NSEC 2022-06-30 21:18:16 -07:00
sch_tbf.c net: sched: tbf: don't call qdisc_put() while holding tree lock 2022-08-30 11:41:24 +02:00
sch_teql.c net: sched: sch_teql: fix null-pointer dereference 2021-04-08 14:14:42 -07:00