Patch "net_sched: prevent NULL dereference if default qdisc setup failed" has been added to the 5.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    net_sched: prevent NULL dereference if default qdisc setup failed

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net_sched-prevent-null-dereference-if-default-qdisc-setup-failed.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From ptyadav@xxxxxxxxx  Tue Apr 11 15:12:32 2023
From: Pratyush Yadav <ptyadav@xxxxxxxxx>
Date: Tue, 11 Apr 2023 15:02:10 +0200
Subject: net_sched: prevent NULL dereference if default qdisc setup failed
To: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Pratyush Yadav <ptyadav@xxxxxxxxx>, <stable@xxxxxxxxxxxxxxx>, <patches@xxxxxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, Vlad Buslov <vladbu@xxxxxxxxxxxx>, syzbot <syzkaller@xxxxxxxxxxxxxxxx>, Jamal Hadi Salim <jhs@xxxxxxxxxxxx>, Cong Wang <xiyou.wangcong@xxxxxxxxx>, Jiri Pirko <jiri@xxxxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, Zubin Mithra <zsm@xxxxxxxxxx>, Norbert Manthey <nmanthey@xxxxxxxxx>
Message-ID: <20230411130210.113555-1-ptyadav@xxxxxxxxx>

From: Pratyush Yadav <ptyadav@xxxxxxxxx>

If qdisc_create_dflt() fails, it returns NULL. With CONFIG_NET_SCHED
enabled, the check qdisc != &noop_qdisc passes and qdisc will be passed
to qdisc_hash_add(), which dereferences it.

This assignment was present in the upstream commit 5891cd5ec46c2
("net_sched: add __rcu annotation to netdev->qdisc") but was missed in
the backport 22d95b5449249 ("net_sched: add __rcu annotation to
netdev->qdisc"), perhaps due to merge conflicts.  dev->qdisc is
&noop_qdisc by default and if qdisc_create_dflt() fails, this assignment
will make sure qdisc == &noop_qdisc and no NULL dereference will take
place.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Fixes: 22d95b5449249 ("net_sched: add __rcu annotation to netdev->qdisc")
Signed-off-by: Pratyush Yadav <ptyadav@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 net/sched/sch_generic.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -1116,6 +1116,7 @@ static void attach_default_qdiscs(struct
 			qdisc->ops->attach(qdisc);
 		}
 	}
+	qdisc = rtnl_dereference(dev->qdisc);
 
 #ifdef CONFIG_NET_SCHED
 	if (qdisc != &noop_qdisc)


Patches currently in stable-queue which might be from ptyadav@xxxxxxxxx are

queue-5.4/net_sched-prevent-null-dereference-if-default-qdisc-setup-failed.patch
queue-5.4/smb3-fix-problem-with-null-cifs-super-block-with-previous-patch.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux