korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-26 20:44:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
5b55f2d6ef
linux/net/sched
History
M A Ramdhan 5b55f2d6ef net/sched: cls_fw: Fix improper refcount update leads to use-after-free 
[ Upstream commit 0323bce598 ]

In the event of a failure in tcf_change_indev(), fw_set_parms() will
immediately return an error after incrementing or decrementing
reference counter in tcf_bind_filter().  If attacker can control
reference counter to zero and make reference freed, leading to
use after free.

In order to prevent this, move the point of possible failure above the
point where the TC_FW_CLASSID is handled.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: M A Ramdhan <ramdhan@starlabs.sg>
Signed-off-by: M A Ramdhan <ramdhan@starlabs.sg>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Reviewed-by: Pedro Tammela <pctammela@mojatatu.com>
Message-ID: <20230705161530.52003-1-ramdhan@starlabs.sg>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-07-23 13:47:41 +02:00
..
act_api.c net/sched: act_api: Notify user space if any actions were flushed before error 2022-07-07 17:53:27 +02:00
act_bpf.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_connmark.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_csum.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
act_ct.c netfilter: conntrack: Fix data-races around ct mark 2022-12-02 17:41:04 +01:00
act_ctinfo.c net/sched: act_ctinfo: use percpu stats 2023-02-22 12:57:10 +01:00
act_gact.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
act_gate.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_ife.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_ipt.c net/sched: act_ipt: add sanity checks on table name and hook locations 2023-07-23 13:47:28 +02:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c net/sched: act_mirred: Add carrier check 2023-05-17 11:50:17 +02:00
act_mpls.c net/sched: act_mpls: fix action bind logic 2023-03-11 13:57:30 +01:00
act_nat.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_pedit.c net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX 2023-07-23 13:47:29 +02:00
act_police.c net: sched: act_police: fix sparse errors in tcf_police_dump() 2023-06-14 11:13:03 +02:00
act_sample.c net/sched: act_sample: fix action bind logic 2023-03-11 13:57:30 +01:00
act_simple.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_skbedit.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_skbmod.c flow_offload: fill flags to action structure 2023-02-22 12:57:10 +01:00
act_tunnel_key.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
act_vlan.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_api.c net/sched: cls_api: Fix lockup on flushing explicitly created chain 2023-06-21 15:59:18 +02:00
cls_basic.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_bpf.c bpf: Refactor BPF_PROG_RUN into a function 2021-08-17 00:45:07 +02:00
cls_cgroup.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_flow.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_flower.c net/sched: flower: fix possible OOB write in fl_set_geneve_opt() 2023-06-09 10:32:18 +02:00
cls_fw.c net/sched: cls_fw: Fix improper refcount update leads to use-after-free 2023-07-23 13:47:41 +02:00
cls_matchall.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_route.c net_sched: cls_route: disallow handle of 0 2022-08-21 15:17:48 +02:00
cls_rsvp6.c
cls_rsvp.c
cls_rsvp.h net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_u32.c net/sched: cls_u32: Fix reference counter leak leading to overflow 2023-06-21 15:59:16 +02:00
em_canid.c
em_cmp.c net: sched: fix misspellings using misspell-fixer tool 2020-11-10 17:00:28 -08:00
em_ipset.c
em_ipt.c
em_meta.c
em_nbyte.c net: sched: Return the correct errno code 2021-02-06 11:15:28 -08:00
em_text.c
em_u32.c
ematch.c net_sched: reject TCF_EM_SIMPLE case for complex ematch module 2022-12-31 13:14:39 +01:00
Kconfig net/sched: Retire tcindex classifier 2023-03-11 13:57:22 +01:00
Makefile net/sched: Retire tcindex classifier 2023-03-11 13:57:22 +01:00
sch_api.c net: sched: fix NULL pointer dereference in mq_attach 2023-06-09 10:32:18 +02:00
sch_atm.c net: sched: atm: dont intepret cls results when asked to drop 2023-01-12 11:59:14 +01:00
sch_blackhole.c
sch_cake.c net: sched: cake: fix null pointer access issue when cake_init() fails 2022-10-29 10:12:57 +02:00
sch_cbq.c net: sched: cbq: dont intepret cls results when asked to drop 2023-01-12 11:59:14 +01:00
sch_cbs.c net: don't include ethtool.h from netdevice.h 2020-11-23 17:27:04 -08:00
sch_choke.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_codel.c
sch_drr.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_dsmark.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_etf.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_ets.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_fifo.c net_sched: fix NULL deref in fifo_set_limit() 2021-10-01 14:59:10 -07:00
sch_fq_codel.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_fq_pie.c net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values 2023-06-14 11:13:01 +02:00
sch_fq.c net/sched: sch_fq: fix integer overflow of "credit" 2023-05-11 23:00:31 +09:00
sch_frag.c net/sched: Extend qdisc control block with tc control block 2022-01-05 12:42:33 +01:00
sch_generic.c net/sched: fix netdevice reference leaks in attach_default_qdiscs() 2022-09-08 12:28:02 +02:00
sch_gred.c net: sched: Fix spelling mistakes 2021-05-31 22:44:56 -07:00
sch_hfsc.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_hhf.c
sch_htb.c net: sched: sch: Fix off by one in htb_activate_prios() 2023-02-22 12:57:11 +01:00
sch_ingress.c net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs 2023-06-09 10:32:17 +02:00
sch_mq.c net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-18 19:16:10 +01:00
sch_mqprio.c net: sched: update default qdisc visibility after Tx queue cnt changes 2021-11-18 19:16:10 +01:00
sch_multiq.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_netem.c sch_netem: acquire qdisc lock in netem_change() 2023-06-28 10:29:50 +02:00
sch_pie.c net: sched: fix misspellings using misspell-fixer tool 2020-11-10 17:00:28 -08:00
sch_plug.c
sch_prio.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_qfq.c net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg 2023-04-26 13:51:47 +02:00
sch_red.c net: sched: Fix use after free in red_enqueue() 2022-11-10 18:15:28 +01:00
sch_sfb.c net: sched: sfb: fix null pointer access issue when sfb_init() fails 2022-10-29 10:12:57 +02:00
sch_sfq.c net/sched: store the last executed chain also for clsact egress 2021-07-29 22:17:37 +01:00
sch_skbprio.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_taprio.c Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo child qdiscs" 2023-02-25 12:06:46 +01:00
sch_tbf.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00
sch_teql.c net: sched: delete duplicate cleanup of backlog and qlen 2022-10-29 10:12:57 +02:00