Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
kernel-fxtec-pro1x/net/sched
History
Cong Wang 557d015ffb net_sched: keep alloc_hash updated after hash allocation 
[ Upstream commit 0d1c3530e1bd38382edef72591b78e877e0edcd3 ]

In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
I moved cp->hash calculation before the first
tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched.
This difference could lead to another out of bound access.

cp->alloc_hash should always be the size allocated, we should
update it after this tcindex_alloc_perfect_hash().

Reported-and-tested-by: syzbot+dcc34d54d68ef7d2d53d@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+c72da7b9ed57cde6fca2@syzkaller.appspotmail.com
Fixes: 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-02 15:28:11 +02:00
..
act_api.c net: avoid potential infinite loop in tc_ctl_action() 2019-10-29 09:19:39 +01:00
act_bpf.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_connmark.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_csum.c net: sched: act_csum: Fix csum calc for tagged packets 2020-01-27 14:50:29 +01:00
act_gact.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_ife.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_ipt.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c act_mirred: Fix mirred_init_module error handling 2020-01-27 14:51:18 +01:00
act_nat.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_pedit.c net/sched: act_pedit: fix WARN() in the traffic path 2019-12-01 09:16:06 +01:00
act_police.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_sample.c net/sched: act_sample: don't push mac header on ip6gre ingress 2019-10-05 13:09:28 +02:00
act_simple.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_skbedit.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_skbmod.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_tunnel_key.c net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key 2019-12-01 09:16:06 +01:00
act_vlan.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
cls_api.c net: sched: fix possible crash in tcf_action_destroy() 2019-10-05 13:09:30 +02:00
cls_basic.c net_sched: fix ops->bind_class() implementations 2020-02-01 09:37:06 +00:00
cls_bpf.c net_sched: fix ops->bind_class() implementations 2020-02-01 09:37:06 +00:00
cls_cgroup.c
cls_flow.c
cls_flower.c net: sched: correct flower port blocking 2020-03-05 16:42:16 +01:00
cls_fw.c net_sched: fix ops->bind_class() implementations 2020-02-01 09:37:06 +00:00
cls_matchall.c net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS 2020-02-24 08:34:34 +01:00
cls_route.c net_sched: cls_route: remove the right filter from hashtable 2020-04-02 15:28:11 +02:00
cls_rsvp.c
cls_rsvp.h cls_rsvp: fix rsvp_policy 2020-02-11 04:33:52 -08:00
cls_rsvp6.c
cls_tcindex.c net_sched: keep alloc_hash updated after hash allocation 2020-04-02 15:28:11 +02:00
cls_u32.c net_sched: fix ops->bind_class() implementations 2020-02-01 09:37:06 +00:00
em_canid.c
em_cmp.c
em_ipset.c
em_ipt.c
em_meta.c
em_nbyte.c
em_text.c
em_u32.c
ematch.c net_sched: ematch: reject invalid TCF_EM_SIMPLE 2020-02-01 09:37:05 +00:00
Kconfig
Makefile
sch_api.c net_sched: fix ops->bind_class() implementations 2020-02-01 09:37:06 +00:00
sch_atm.c
sch_blackhole.c
sch_cake.c sch_cake: avoid possible divide by zero in cake_enqueue() 2020-01-12 12:17:26 +01:00
sch_cbq.c sch_cbq: validate TCA_CBQ_WRROPT to avoid crash 2019-10-07 18:57:26 +02:00
sch_cbs.c net: cbs: Fix software cbs to consider packet sending time 2020-04-02 15:28:11 +02:00
sch_choke.c
sch_codel.c
sch_drr.c
sch_dsmark.c sch_dsmark: fix potential NULL deref in dsmark_init() 2019-10-07 18:57:23 +02:00
sch_etf.c
sch_fifo.c
sch_fq.c net: fq: add missing attribute validation for orphan mask 2020-03-18 07:14:16 +01:00
sch_fq_codel.c
sch_generic.c net: sched: avoid writing on noop_qdisc 2019-11-24 08:21:02 +01:00
sch_gred.c
sch_hfsc.c
sch_hhf.c net/flow_dissector: switch to siphash 2019-11-10 11:27:54 +01:00
sch_htb.c
sch_ingress.c
sch_mq.c net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues 2019-12-21 10:57:12 +01:00
sch_mqprio.c net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues 2019-12-21 10:57:12 +01:00
sch_multiq.c net: sched: fix tc -s class show no bstats on class with nolock subqueues 2019-12-05 09:21:32 +01:00
sch_netem.c net: netem: correct the parent's backlog when corrupted packet was dropped 2020-01-27 14:51:19 +01:00
sch_pie.c
sch_plug.c
sch_prio.c net: sch_prio: When ungrafting, replace with FIFO 2020-01-12 12:17:29 +01:00
sch_qfq.c
sch_red.c
sch_sfb.c net/flow_dissector: switch to siphash 2019-11-10 11:27:54 +01:00
sch_sfq.c net/flow_dissector: switch to siphash 2019-11-10 11:27:54 +01:00
sch_skbprio.c
sch_tbf.c
sch_teql.c