Merge branch 'forbid-goto_chain-fallback'
Davide Caratti says: ==================== net/sched: forbid 'goto_chain' on fallback actions the following command: # tc actions add action police rate 1mbit burst 1k conform-exceed \ > pass / goto chain 42 generates a NULL pointer dereference when packets exceed the configured rate. Similarly, the following command: # tc actions add action pass random determ goto chain 42 2 makes the kernel crash with NULL dereference when the first packet does not match the 'pass' action. gact and police allow users to specify a fallback control action, that is stored in the action private data. 'goto chain x' never worked for these cases, since a->goto_chain handle was never initialized. There is only one goto_chain handle per TC action, and it is designed to be non-NULL only if tcf_action contains a 'goto chain' command. So, let's forbid 'goto chain' on fallback actions. Patch 1/4 and 2/4 change the .init() functions of police and gact, to let them return an error when users try to set 'goto chain x' in the fallback action. Patch 3/4 and 4/4 add TDC selftest coverage to this new behavior. ==================== Acked-by: NJamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Showing
想要评论请 注册 或 登录