Message ID | 20190502151318.1884-1-mcroce@redhat.com |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [net] cls_cgroup: avoid panic when receiving a packet before filter set | expand |
From: Matteo Croce <mcroce@redhat.com> Date: Thu, 2 May 2019 17:13:18 +0200 > When a cgroup classifier is added, there is a small time interval in > which tp->root is NULL. If we receive a packet in this small time slice > a NULL pointer dereference will happen, leading to a kernel panic: ... > Suggested-by: Cong Wang <xiyou.wangcong@gmail.com> > Fixes: ed76f5edccc9 ("net: sched: protect filter_chain list with filter_chain_lock mutex") > Signed-off-by: Matteo Croce <mcroce@redhat.com> Applied, thanks.
diff --git a/net/sched/cls_cgroup.c b/net/sched/cls_cgroup.c index 4c1567854f95..706a160142ea 100644 --- a/net/sched/cls_cgroup.c +++ b/net/sched/cls_cgroup.c @@ -32,6 +32,8 @@ static int cls_cgroup_classify(struct sk_buff *skb, const struct tcf_proto *tp, struct cls_cgroup_head *head = rcu_dereference_bh(tp->root); u32 classid = task_get_classid(skb); + if (unlikely(!head)) + return -1; if (!classid) return -1; if (!tcf_em_tree_match(skb, &head->ematches, NULL))