asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net
History
Cong Wang 9f7a32834b net_sched: fix ops->bind_class() implementations 
[ Upstream commit 2e24cd755552350b94a7617617c6877b8cbcb701 ]

The current implementations of ops->bind_class() are merely
searching for classid and updating class in the struct tcf_result,
without invoking either of cl_ops->bind_tcf() or
cl_ops->unbind_tcf(). This breaks the design of them as qdisc's
like cbq use them to count filters too. This is why syzbot triggered
the warning in cbq_destroy_class().

In order to fix this, we have to call cl_ops->bind_tcf() and
cl_ops->unbind_tcf() like the filter binding path. This patch does
so by refactoring out two helper functions __tcf_bind_filter()
and __tcf_unbind_filter(), which are lockless and accept a Qdisc
pointer, then teaching each implementation to call them correctly.

Note, we merely pass the Qdisc pointer as an opaque pointer to
each filter, they only need to pass it down to the helper
functions without understanding it at all.

Fixes: 07d79fc7d9 ("net_sched: add reverse binding for tc class")
Reported-and-tested-by: syzbot+0a0596220218fcb603a8@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+63bdb6006961d8c917c6@syzkaller.appspotmail.com
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-02-01 09:37:06 +00:00
..
6lowpan 6lowpan: Off by one handling ->nexthdr 2020-01-27 14:50:41 +01:00
9p 9p: Transport error uninitialized 2019-10-11 18:21:12 +02:00
802
8021q vlan: vlan_changelink() should propagate errors 2020-01-12 12:17:28 +01:00
appletalk appletalk: Set error code if register_snap_client failed 2019-12-13 08:52:59 +01:00
atm net: use skb_queue_empty_lockless() in poll() handlers 2019-11-10 11:27:48 +01:00
ax25 ax25: enforce CAP_NET_RAW for raw sockets 2019-10-05 13:09:32 +02:00
batman-adv batman-adv: Fix DAT candidate selection on little endian systems 2020-01-23 08:21:34 +01:00
bluetooth Bluetooth: Fix memory leak in hci_connect_le_scan 2020-01-09 10:19:04 +01:00
bpf
bpfilter signal/bpfilter: Fix bpfilter_kernl to use send_sig not force_sig 2020-01-27 14:50:51 +01:00
bridge netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule 2020-01-27 14:50:47 +01:00
caif net: use skb_queue_empty_lockless() in poll() handlers 2019-11-10 11:27:48 +01:00
can can: gw: Fix error path of cgw_module_init 2019-08-29 08:28:30 +02:00
ceph libceph: fix PG split vs OSD (re)connect race 2019-08-29 08:28:50 +02:00
core net-sysfs: Fix reference count leak 2020-01-29 16:43:17 +01:00
dcb
dccp dccp: Fix memleak in __feat_register_sp 2020-01-17 19:46:58 +01:00
decnet net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:13:37 +01:00
dns_resolver
dsa net: dsa: Avoid null pointer when failing to connect to PHY 2020-01-27 14:50:34 +01:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:19:09 +01:00
hsr hsr: reset network header when supervision frame is created 2020-01-17 19:47:00 +01:00
ieee802154 inet: frags: call inet_frags_fini() after unregister_pernet_subsys() 2020-01-27 14:50:51 +01:00
ife
ipv4 tcp: do not leave dangling pointers in tp->highest_sack 2020-01-29 16:43:17 +01:00
ipv6 net, ip6_tunnel: fix namespaces move 2020-01-29 16:43:15 +01:00
iucv net/af_iucv: always register net_device notifier 2020-01-27 14:50:56 +01:00
kcm
key
l2tp l2tp: Fix possible NULL pointer dereference 2020-01-27 14:50:46 +01:00
l3mdev
lapb
llc llc: fix sk_buff refcounting in llc_conn_state_process() 2020-01-27 14:51:17 +01:00
mac80211 mac80211: accept deauth frames in IBSS mode 2020-01-27 14:51:16 +01:00
mac802154
mpls mpls: fix warning with multi-label encap 2020-01-27 14:50:54 +01:00
ncsi
netfilter netfilter: nf_tables: add __nft_chain_type_get() 2020-01-29 16:43:24 +01:00
netlabel
netlink
netrom
nfc net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() 2019-12-31 16:34:38 +01:00
nsh
openvswitch openvswitch: support asymmetric conntrack 2019-12-21 10:57:14 +01:00
packet packet: fix data-race in fanout_flow_is_huge() 2020-01-27 14:51:21 +01:00
phonet net: use skb_queue_empty_lockless() in poll() handlers 2019-11-10 11:27:48 +01:00
psample net: psample: fix skb_over_panic 2019-12-05 09:21:30 +01:00
qrtr net: qrtr: fix memort leak in qrtr_tun_write_iter 2019-12-13 08:52:58 +01:00
rds net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names' 2020-01-27 14:51:13 +01:00
rfkill rfkill: Fix incorrect check to avoid NULL pointer dereference 2020-01-12 12:17:17 +01:00
rose
rxrpc rxrpc: Fix trace-after-put looking at the put connection record 2020-01-27 14:51:16 +01:00
sched net_sched: fix ops->bind_class() implementations 2020-02-01 09:37:06 +00:00
sctp sctp: add chunks to sk_backlog when the newsk sk_socket is not set 2020-01-27 14:51:17 +01:00
smc net/smc: receive pending data after RCV_SHUTDOWN 2020-01-27 14:51:18 +01:00
strparser
sunrpc xprtrdma: Fix use-after-free in rpcrdma_post_recvs 2020-01-27 14:50:59 +01:00
switchdev
tipc tipc: reduce risk of wakeup queue starvation 2020-01-27 14:51:02 +01:00
tls net/tls: fix socket wmem accounting on fallback with netem 2020-01-27 14:51:01 +01:00
unix af_unix: add compat_ioctl support 2020-01-17 19:47:07 +01:00
vmw_vsock VSOCK: bind to random port for VMADDR_PORT_ANY 2019-12-05 09:20:19 +01:00
wimax
wireless cfg80211: regulatory: make initialization more robust 2020-01-27 14:49:57 +01:00
x25 net/x25: fix nonblocking connect 2020-01-29 16:43:24 +01:00
xdp xsk: Fix registration of Rx-only sockets 2020-01-27 14:51:19 +01:00
xfrm xfrm interface: ifname may be wrong in logs 2020-01-27 14:51:01 +01:00
compat.c
Kconfig
Makefile
socket.c compat_ioctl: handle SIOCOUTQNSD 2020-01-17 19:47:07 +01:00
sysctl_net.c