archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 00:44:31 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/include/net/tc_act
History
Exact
Jamal Hadi Salim e2cedd400c net/sched: act_ife: Fix metalist update behavior 
Whenever an ife action replace changes the metalist, instead of
replacing the old data on the metalist, the current ife code is appending
the new metadata. Aside from being innapropriate behavior, this may lead
to an unbounded addition of metadata to the metalist which might cause an
out of bounds error when running the encode op:

[  138.423369][    C1] ==================================================================
[  138.424317][    C1] BUG: KASAN: slab-out-of-bounds in ife_tlv_meta_encode (net/ife/ife.c:168)
[  138.424906][    C1] Write of size 4 at addr ffff8880077f4ffe by task ife_out_out_bou/255
[  138.425778][    C1] CPU: 1 UID: 0 PID: 255 Comm: ife_out_out_bou Not tainted 7.0.0-rc1-00169-gfbdfa8da05b6 #624 PREEMPT(full)
[  138.425795][    C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[  138.425800][    C1] Call Trace:
[  138.425804][    C1]  <IRQ>
[  138.425808][    C1]  dump_stack_lvl (lib/dump_stack.c:122)
[  138.425828][    C1]  print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)
[  138.425839][    C1]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)
[  138.425844][    C1]  ? __virt_addr_valid (./arch/x86/include/asm/preempt.h:95 (discriminator 1) ./include/linux/rcupdate.h:975 (discriminator 1) ./include/linux/mmzone.h:2207 (discriminator 1) arch/x86/mm/physaddr.c:54 (discriminator 1))
[  138.425853][    C1]  ? ife_tlv_meta_encode (net/ife/ife.c:168)
[  138.425859][    C1]  kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:597)
[  138.425868][    C1]  ? ife_tlv_meta_encode (net/ife/ife.c:168)
[  138.425878][    C1]  kasan_check_range (mm/kasan/generic.c:186 (discriminator 1) mm/kasan/generic.c:200 (discriminator 1))
[  138.425884][    C1]  __asan_memset (mm/kasan/shadow.c:84 (discriminator 2))
[  138.425889][    C1]  ife_tlv_meta_encode (net/ife/ife.c:168)
[  138.425893][    C1]  ? ife_tlv_meta_encode (net/ife/ife.c:171)
[  138.425898][    C1]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)
[  138.425903][    C1]  ife_encode_meta_u16 (net/sched/act_ife.c:57)
[  138.425910][    C1]  ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114)
[  138.425916][    C1]  ? __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 3))
[  138.425921][    C1]  ? __pfx_ife_encode_meta_u16 (net/sched/act_ife.c:45)
[  138.425927][    C1]  ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)
[  138.425931][    C1]  tcf_ife_act (net/sched/act_ife.c:847 net/sched/act_ife.c:879)

To solve this issue, fix the replace behavior by adding the metalist to
the ife rcu data structure.

Fixes: aa9fd9a325 ("sched: act: ife: update parameters via rcu handling")
Reported-by: Ruitong Liu <cnitlrt@gmail.com>
Tested-by: Ruitong Liu <cnitlrt@gmail.com>
Co-developed-by: Victor Nogueira <victor@mojatatu.com>
Signed-off-by: Victor Nogueira <victor@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://patch.msgid.link/20260304140603.76500-1-jhs@mojatatu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-03-05 07:54:08 -08:00
..
tc_bpf.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tc_connmark.h net_sched: act_connmark: use RCU in tcf_connmark_dump() 2025-07-11 16:01:15 -07:00
tc_csum.h net_sched: act_csum: use RCU in tcf_csum_dump() 2025-07-11 16:01:16 -07:00
tc_ct.h net_sched: act_ct: use RCU in tcf_ct_dump() 2025-07-11 16:01:16 -07:00
tc_ctinfo.h net_sched: act_ctinfo: use RCU in tcf_ctinfo_dump() 2025-07-11 16:01:16 -07:00
tc_defact.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tc_gact.h net/sched: act_gact: Add extack messages for offload failure 2022-04-08 13:45:43 +01:00
tc_gate.h net/sched: act_gate: snapshot parameters with RCU on replace 2026-02-27 16:10:36 -08:00
tc_ife.h net/sched: act_ife: Fix metalist update behavior 2026-03-05 07:54:08 -08:00
tc_mirred.h net/sched: act_mirred: Allow mirred to block 2023-12-26 21:20:09 +00:00
tc_mpls.h net_sched: act_mpls: use RCU in tcf_mpls_dump() 2025-07-11 16:01:16 -07:00
tc_nat.h net_sched: act_nat: use RCU in tcf_nat_dump() 2025-07-11 16:01:16 -07:00
tc_pedit.h net_sched: act_pedit: use RCU in tcf_pedit_dump() 2025-07-11 16:01:17 -07:00
tc_police.h net_sched: act_police: use RCU in tcf_police_dump() 2025-07-11 16:01:17 -07:00
tc_sample.h net/sched: Remove unused functions 2025-06-25 15:28:08 -07:00
tc_skbedit.h net_sched: act_skbedit: use RCU in tcf_skbedit_dump() 2025-07-11 16:01:17 -07:00
tc_skbmod.h net_sched: act_skbmod: use RCU in tcf_skbmod_dump() 2025-08-28 16:46:23 -07:00
tc_tunnel_key.h net_sched: act_tunnel_key: use RCU in tunnel_key_dump() 2025-08-28 16:46:23 -07:00
tc_vlan.h net_sched: act_vlan: use RCU in tcf_vlan_dump() 2025-08-28 16:46:23 -07:00