diff mbox series

[5.4.y,1/1] net_sched: check error pointer in tcf_dump_walker()

Message ID 1627574254-23665-2-git-send-email-george.kennedy@oracle.com
State New
Headers show
Series [5.4.y,1/1] net_sched: check error pointer in tcf_dump_walker() | expand

Commit Message

George Kennedy July 29, 2021, 3:57 p.m. UTC
From: Cong Wang <xiyou.wangcong@gmail.com>

Although we take RTNL on dump path, it is possible to
skip RTNL on insertion path. So the following race condition
is possible:

rtnl_lock()		// no rtnl lock
			mutex_lock(&idrinfo->lock);
			// insert ERR_PTR(-EBUSY)
			mutex_unlock(&idrinfo->lock);
tc_dump_action()
rtnl_unlock()

So we have to skip those temporary -EBUSY entries on dump path
too.

Reported-and-tested-by: syzbot+b47bc4f247856fb4d9e1@syzkaller.appspotmail.com
Fixes: 0fedc63fadf0 ("net_sched: commit action insertions together")
Cc: Vlad Buslov <vladbu@mellanox.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 580e4273d7a883ececfefa692c1f96bdbacb99b5)
Signed-off-by: George Kennedy <george.kennedy@oracle.com>
---
 net/sched/act_api.c | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 17e5cd9..75132d0 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -231,6 +231,8 @@  static int tcf_dump_walker(struct tcf_idrinfo *idrinfo, struct sk_buff *skb,
 		index++;
 		if (index < s_i)
 			continue;
+		if (IS_ERR(p))
+			continue;
 
 		if (jiffy_since &&
 		    time_after(jiffy_since,