[PATCH 5.4 01/40] net_sched: check error pointer in tcf_dump_walker()

2 Aug 2021

From: Cong Wang xiyou.wangcong@gmail.com
[ Upstream commit 580e4273d7a883ececfefa692c1f96bdbacb99b5 ]
Although we take RTNL on dump path, it is possible to
skip RTNL on insertion path. So the following race condition
is possible:
rtnl_lock()		// no rtnl lock
    		mutex_lock(&idrinfo->lock);
    		// insert ERR_PTR(-EBUSY)
    		mutex_unlock(&idrinfo->lock);
tc_dump_action()
rtnl_unlock()
So we have to skip those temporary -EBUSY entries on dump path
too.
Reported-and-tested-by: syzbot+b47bc4f247856fb4d9e1@syzkaller.appspotmail.com
Fixes: 0fedc63fadf0 ("net_sched: commit action insertions together")
Cc: Vlad Buslov vladbu@mellanox.com
Cc: Jamal Hadi Salim jhs@mojatatu.com
Cc: Jiri Pirko jiri@resnulli.us
Signed-off-by: Cong Wang xiyou.wangcong@gmail.com
Signed-off-by: David S. Miller davem@davemloft.net
Signed-off-by: Sasha Levin sashal@kernel.org
---
 net/sched/act_api.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -231,6 +231,8 @@ static int tcf_dump_walker(struct tcf_id
    	index++;
    	if (index < s_i)
    		continue;
+		if (IS_ERR(p))
+			continue;
if (jiffy_since &&
    	    time_after(jiffy_since,

    

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 5.4 01/40] net_sched: check error pointer in tcf_dump_walker()