mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,094,295 Commits 103 Branches 4,995 Tags 5.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Go to file
Jamal Hadi Salim c0931e464b net_sched: cls_route: disallow handle of 0 
commit 0279957171 upstream.

Follows up on:
https://lore.kernel.org/all/20220809170518.164662-1-cascardo@canonical.com/

handle of 0 implies from/to of universe realm which is not very
sensible.

Lets see what this patch will do:
$sudo tc qdisc add dev $DEV root handle 1:0 prio

//lets manufacture a way to insert handle of 0
$sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 \
route to 0 from 0 classid 1:10 action ok

//gets rejected...
Error: handle of 0 is not valid.
We have an error talking to the kernel, -1

//lets create a legit entry..
sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 route from 10 \
classid 1:10 action ok

//what did the kernel insert?
$sudo tc filter ls dev $DEV parent 1:0
filter protocol ip pref 100 route chain 0
filter protocol ip pref 100 route chain 0 fh 0x000a8000 flowid 1:10 from 10
	action order 1: gact action pass
	 random type none pass val 0
	 index 1 ref 1 bind 1

//Lets try to replace that legit entry with a handle of 0
$ sudo tc filter replace dev $DEV parent 1:0 protocol ip prio 100 \
handle 0x000a8000 route to 0 from 0 classid 1:10 action drop

Error: Replacing with handle of 0 is invalid.
We have an error talking to the kernel, -1

And last, lets run Cascardo's POC:
$ ./poc
0
0
-22
-22
-22

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-08-21 15:18:56 +02:00
Documentation xen-blkfront: Apply 'feature_persistent' parameter when connect 2022-08-17 14:42:33 +02:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
arch powerpc/kexec: Fix build failure from uninitialised variable 2022-08-17 14:42:35 +02:00
block block: don't allow the same type rq_qos add more than once 2022-08-17 14:42:24 +02:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:28:03 +02:00
crypto KEYS: asymmetric: enforce SM2 signature use pkey algo 2022-08-17 14:42:32 +02:00
drivers tee: add overflow check in register_shm_helper() 2022-08-21 15:18:56 +02:00
fs f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data 2022-08-17 14:42:36 +02:00
include mm: introduce clear_highpage_kasan_tagged 2022-08-17 14:42:36 +02:00
init stack: Declare {randomize_,}kstack_offset to fix Sparse warnings 2022-08-17 14:40:36 +02:00
io_uring io_uring: mem-account pbuf buckets 2022-08-17 14:42:36 +02:00
ipc ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() 2022-06-09 10:30:30 +02:00
kernel bpf: Suppress 'passing zero to PTR_ERR' warning 2022-08-17 14:42:35 +02:00
lib crypto: lib/blake2s - reduce stack frame usage in self test 2022-08-17 14:42:34 +02:00
mm mm: introduce clear_highpage_kasan_tagged 2022-08-17 14:42:36 +02:00
net net_sched: cls_route: disallow handle of 0 2022-08-21 15:18:56 +02:00
samples samples/landlock: Format with clang-format 2022-06-09 10:30:46 +02:00
scripts scripts/faddr2line: Fix vmlinux detection on arm64 2022-08-17 14:42:15 +02:00
security selinux: Add boundary check in put_entry() 2022-08-17 14:40:26 +02:00
sound ASoC: mchp-spdifrx: disable end of block interrupt on failures 2022-08-17 14:42:10 +02:00
tools tools/thermal: Fix possible path truncations 2022-08-17 14:42:15 +02:00
usr Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
virt KVM: Don't set Accessed/Dirty bits for ZERO_PAGE 2022-08-17 14:41:37 +02:00
.clang-format genirq/msi: Make interrupt allocation less convoluted 2021-12-16 22:22:20 +01:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore .gitignore: ignore only top-level modules.builtin 2021-05-02 00:43:35 +09:00
.mailmap hotfixes for 5.18-rc7 2022-05-13 10:22:37 -07:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: replace a Microchip AT91 maintainer 2022-02-09 11:30:01 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS io_uring: move to separate directory 2022-08-17 14:40:41 +02:00
Makefile Linux 5.18.18 2022-08-17 14:42:36 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.