asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net/sched
History
Jamal Hadi Salim 38a4d6babe net_sched: cls_route: disallow handle of 0 
commit 02799571714dc5dd6948824b9d080b44a295f695 upstream.

Follows up on:
https://lore.kernel.org/all/20220809170518.164662-1-cascardo@canonical.com/

handle of 0 implies from/to of universe realm which is not very
sensible.

Lets see what this patch will do:
$sudo tc qdisc add dev $DEV root handle 1:0 prio

//lets manufacture a way to insert handle of 0
$sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 \
route to 0 from 0 classid 1:10 action ok

//gets rejected...
Error: handle of 0 is not valid.
We have an error talking to the kernel, -1

//lets create a legit entry..
sudo tc filter add dev $DEV parent 1:0 protocol ip prio 100 route from 10 \
classid 1:10 action ok

//what did the kernel insert?
$sudo tc filter ls dev $DEV parent 1:0
filter protocol ip pref 100 route chain 0
filter protocol ip pref 100 route chain 0 fh 0x000a8000 flowid 1:10 from 10
	action order 1: gact action pass
	 random type none pass val 0
	 index 1 ref 1 bind 1

//Lets try to replace that legit entry with a handle of 0
$ sudo tc filter replace dev $DEV parent 1:0 protocol ip prio 100 \
handle 0x000a8000 route to 0 from 0 classid 1:10 action drop

Error: Replacing with handle of 0 is invalid.
We have an error talking to the kernel, -1

And last, lets run Cascardo's POC:
$ ./poc
0
0
-22
-22
-22

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-25 11:15:33 +02:00
..
act_api.c net: sched: limit TC_ACT_REPEAT loops 2022-02-23 11:58:41 +01:00
act_bpf.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_connmark.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-22 09:32:00 +02:00
act_csum.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-22 09:32:00 +02:00
act_gact.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_ife.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_ipt.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_meta_mark.c net: remove duplicate includes 2017-12-13 13:18:46 -05:00
act_meta_skbprio.c net sched actions: change IFE modules alias names 2017-10-12 22:13:20 -07:00
act_meta_skbtcindex.c net: remove duplicate includes 2017-12-13 13:18:46 -05:00
act_mirred.c act_mirred: Fix mirred_init_module error handling 2020-01-27 14:51:18 +01:00
act_nat.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_pedit.c net/sched: act_pedit: sanitize shift argument before usage 2022-05-25 09:10:39 +02:00
act_police.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_sample.c net/sched: act_sample: don't push mac header on ip6gre ingress 2019-10-05 13:09:28 +02:00
act_simple.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
act_skbedit.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-22 09:32:00 +02:00
act_skbmod.c net/sched: act_skbmod: Skip non-Ethernet packets 2021-07-28 11:13:48 +02:00
act_tunnel_key.c net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels 2020-10-29 09:54:58 +01:00
act_vlan.c net_sched: fix a NULL pointer deref in ipt action 2019-09-10 10:33:39 +01:00
cls_api.c net_sched: fix a crash in tc_new_tfilter() 2021-12-14 10:18:10 +01:00
cls_basic.c net_sched: fix ops->bind_class() implementations 2020-02-01 09:37:06 +00:00
cls_bpf.c net_sched: fix ops->bind_class() implementations 2020-02-01 09:37:06 +00:00
cls_cgroup.c net_sched: switch to rcu_work 2018-05-24 22:56:15 -04:00
cls_flow.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-22 09:32:00 +02:00
cls_flower.c net/sched: flower: fix parsing of ethertype following VLAN header 2022-04-20 09:12:48 +02:00
cls_fw.c net_sched: fix ops->bind_class() implementations 2020-02-01 09:37:06 +00:00
cls_matchall.c net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS 2020-02-24 08:34:34 +01:00
cls_route.c net_sched: cls_route: disallow handle of 0 2022-08-25 11:15:33 +02:00
cls_rsvp.c
cls_rsvp.h cls_rsvp: fix rsvp_policy 2020-02-11 04:33:52 -08:00
cls_rsvp6.c
cls_tcindex.c net: sched: fix warning in tcindex_alloc_perfect_hash 2021-07-20 16:15:53 +02:00
cls_u32.c net/sched: cls_u32: fix netns refcount changes in u32_change() 2022-05-01 17:00:35 +02:00
em_canid.c
em_cmp.c
em_ipset.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-22 09:32:00 +02:00
em_ipt.c net: sched: add em_ipt ematch for calling xtables matches 2018-02-21 13:15:33 -05:00
em_meta.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-22 09:32:00 +02:00
em_nbyte.c net: sched: em_nbyte: don't add the data offset twice 2018-01-24 14:52:40 -05:00
em_text.c
em_u32.c
ematch.c net_sched: ematch: reject invalid TCF_EM_SIMPLE 2020-02-01 09:37:05 +00:00
Kconfig net/sched: add skbprio scheduler 2018-07-24 14:44:00 -07:00
Makefile net/sched: add skbprio scheduler 2018-07-24 14:44:00 -07:00
sch_api.c net: sched: Clarify error message when qdisc kind is unknown 2022-02-16 12:51:44 +01:00
sch_atm.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_blackhole.c net_sched: blackhole: tell upper qdisc about dropped packets 2018-06-17 08:42:33 +09:00
sch_cake.c sch_cake: do not call cake_destroy() from cake_init() 2021-12-22 09:19:01 +01:00
sch_cbq.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_cbs.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_choke.c net: sched: validate stab values 2021-03-30 14:37:03 +02:00
sch_codel.c net: sched: Fix a possible null-pointer dereference in dequeue_func() 2019-08-09 17:52:32 +02:00
sch_drr.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_dsmark.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_etf.c sched: etf: do not assume all sockets are full blown 2020-04-29 16:31:21 +02:00
sch_fifo.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_fq.c net: fq: add missing attribute validation for orphan mask 2020-03-18 07:14:16 +01:00
sch_fq_codel.c fq_codel: reject silly quantum parameters 2021-09-22 11:48:14 +02:00
sch_generic.c net/sched: move NULL ptr check to qdisc_put() too 2022-07-02 16:27:40 +02:00
sch_gred.c net: sched: validate stab values 2021-03-30 14:37:03 +02:00
sch_hfsc.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_hhf.c net/flow_dissector: switch to siphash 2019-11-10 11:27:54 +01:00
sch_htb.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_ingress.c net: sched: allow ingress and clsact qdiscs to share filter blocks 2018-01-17 14:53:57 -05:00
sch_mq.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_mqprio.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_multiq.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_netem.c net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms 2022-07-02 16:27:32 +02:00
sch_pie.c net: sched: sch: add extack for change qdisc ops 2017-12-21 12:32:50 -05:00
sch_plug.c net: sched: sch: add extack for change qdisc ops 2017-12-21 12:32:50 -05:00
sch_prio.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_qfq.c sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc 2022-01-11 13:58:49 +01:00
sch_red.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_sfb.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_sfq.c net: sched: validate stab values 2021-03-30 14:37:03 +02:00
sch_skbprio.c net_sched: sch_skbprio: add message validation to skbprio_change() 2020-05-14 07:57:17 +02:00
sch_tbf.c net: sched: rename qdisc_destroy() to qdisc_put() 2021-12-14 10:18:04 +01:00
sch_teql.c net: sched: sch_teql: fix null-pointer dereference 2021-04-14 08:22:33 +02:00