archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 04:04:43 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/net/sched
History
Eric Dumazet 27880b0b0d net/sched: act_ife: avoid possible NULL deref 
tcf_ife_encode() must make sure ife_encode() does not return NULL.

syzbot reported:

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
 RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166
CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full)
Call Trace:
 <TASK>
  ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101
  tcf_ife_encode net/sched/act_ife.c:841 [inline]
  tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877
  tc_act include/net/tc_wrapper.h:130 [inline]
  tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152
  tcf_exts_exec include/net/pkt_cls.h:349 [inline]
  mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42
  tc_classify include/net/tc_wrapper.h:197 [inline]
  __tcf_classify net/sched/cls_api.c:1764 [inline]
  tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860
  multiq_classify net/sched/sch_multiq.c:39 [inline]
  multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66
  dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147
  __dev_xmit_skb net/core/dev.c:4262 [inline]
  __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798

Fixes: 295a6e06d2 ("net/sched: act_ife: Change to use ife module")
Reported-by: syzbot+5cf914f193dffde3bd3c@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/6970d61d.050a0220.706b.0010.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yotam Gigi <yotam.gi@gmail.com>
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://patch.msgid.link/20260121133724.3400020-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-01-22 08:01:44 -08:00
..
act_api.c net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy 2026-01-06 17:27:18 -08:00
act_bpf.c bpf: Add bpf_prog_run_data_pointers() 2025-11-14 08:56:49 -08:00
act_connmark.c net: sched: act_connmark: initialize struct tc_ife to fix kernel leak 2025-11-11 15:00:08 +01:00
act_csum.c net_sched: add back BH safety to tcf_lock 2025-09-02 15:51:45 -07:00
act_ct.c net_sched: make room for (struct qdisc_skb_cb)->pkt_segs 2025-11-25 16:10:31 +01:00
act_ctinfo.c net_sched: add back BH safety to tcf_lock 2025-09-02 15:51:45 -07:00
act_gact.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_gate.c net/sched: Switch to use hrtimer_setup() 2025-02-18 10:35:44 +01:00
act_ife.c net/sched: act_ife: avoid possible NULL deref 2026-01-22 08:01:44 -08:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c net/sched: act_mirred: Fix leak when redirecting to self on egress 2026-01-05 16:23:42 -08:00
act_mpls.c net_sched: add back BH safety to tcf_lock 2025-09-02 15:51:45 -07:00
act_nat.c net_sched: add back BH safety to tcf_lock 2025-09-02 15:51:45 -07:00
act_pedit.c net_sched: add back BH safety to tcf_lock 2025-09-02 15:51:45 -07:00
act_police.c net_sched: act_police: use RCU in tcf_police_dump() 2025-07-11 16:01:17 -07:00
act_sample.c net: sched: act_sample: add action cookie to sample 2024-07-05 17:45:47 -07:00
act_simple.c net/sched: Remove redundant memset(0) call in reset_policy() 2025-08-12 17:13:29 -07:00
act_skbedit.c net_sched: add back BH safety to tcf_lock 2025-09-02 15:51:45 -07:00
act_skbmod.c net_sched: add back BH safety to tcf_lock 2025-09-02 15:51:45 -07:00
act_tunnel_key.c net_sched: add back BH safety to tcf_lock 2025-09-02 15:51:45 -07:00
act_vlan.c net_sched: add back BH safety to tcf_lock 2025-09-02 15:51:45 -07:00
bpf_qdisc.c bpf: Clean up individual BTF_ID code 2025-07-16 18:34:42 -07:00
cls_api.c net_sched: make room for (struct qdisc_skb_cb)->pkt_segs 2025-11-25 16:10:31 +01:00
cls_basic.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_bpf.c bpf: Add bpf_prog_run_data_pointers() 2025-11-14 08:56:49 -08:00
cls_cgroup.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_flow.c treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
cls_flower.c net_sched: make room for (struct qdisc_skb_cb)->pkt_segs 2025-11-25 16:10:31 +01:00
cls_fw.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_matchall.c net: sched: refine software bypass handling in tc_run 2025-01-20 09:21:27 +00:00
cls_route.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_u32.c net: sched: refine software bypass handling in tc_run 2025-01-20 09:21:27 +00:00
em_canid.c net/sched: em_canid: fix uninit-value in em_canid_match 2025-11-26 16:28:10 +01:00
em_cmp.c net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr() 2025-11-24 18:53:14 -08:00
em_ipset.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-03 14:34:53 -07:00
em_ipt.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-03 14:34:53 -07:00
em_meta.c net: dismiss sk_forward_alloc_get() 2025-02-19 19:05:28 -08:00
em_nbyte.c net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr() 2025-11-24 18:53:14 -08:00
em_text.c net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr() 2025-11-24 18:53:14 -08:00
em_u32.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
ematch.c net_sched: reject TCF_EM_SIMPLE case for complex ematch module 2022-12-19 09:43:18 +00:00
Kconfig sched: Add enqueue/dequeue of dualpi2 qdisc 2025-07-23 17:52:07 -07:00
Makefile sched: Add enqueue/dequeue of dualpi2 qdisc 2025-07-23 17:52:07 -07:00
sch_api.c net/sched: Abort __tc_modify_qdisc if parent is a clsact/ingress qdisc 2025-11-10 16:57:56 -08:00
sch_blackhole.c Revert "net: sched: Pass root lock to Qdisc_ops.enqueue" 2020-07-16 16:48:34 -07:00
sch_cake.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-12-02 15:37:53 -08:00
sch_cbs.c net/sched: cbs: Fix integer overflow in cbs_set_port_rate() 2024-10-15 18:25:47 -07:00
sch_choke.c net: sched: fix ordering of qlen adjustment 2024-12-04 12:54:22 +00:00
sch_codel.c net_sched: use qdisc_dequeue_drop() in cake, codel, fq_codel 2025-11-25 16:10:32 +01:00
sch_drr.c net_sched: drr: Fix double list add in class with netem as child qdisc 2025-04-28 15:55:06 -07:00
sch_dualpi2.c net_sched: use qdisc_skb_cb(skb)->pkt_segs in bstats_update() 2025-11-25 16:10:32 +01:00
sch_etf.c net_sched: sch_tfs: implement lockless etf_dump() 2024-04-19 11:34:07 +01:00
sch_ets.c net/sched: ets: Remove drr class from the active list if it changes to strict 2025-12-11 01:36:40 -08:00
sch_fifo.c pfifo_tail_enqueue: Drop new packet when sch->limit == 0 2025-02-05 18:13:58 -08:00
sch_fq.c net_sched: sch_fq: prefetch one skb ahead in dequeue() 2025-11-25 16:10:32 +01:00
sch_fq_codel.c net_sched: use qdisc_dequeue_drop() in cake, codel, fq_codel 2025-11-25 16:10:32 +01:00
sch_fq_pie.c net/sched: Fix backlog accounting in qdisc_dequeue_internal 2025-08-14 17:52:29 -07:00
sch_frag.c net/sched: Use nested-BH locking for sch_frag_data_storage 2025-05-15 15:23:31 +02:00
sch_generic.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-11-13 12:35:38 -08:00
sch_gred.c sched: address a potential NULL pointer dereference in the GRED scheduler. 2025-03-06 16:35:14 -08:00
sch_hfsc.c net/sched: sch_qfq: Fix null-deref in agg_dequeue 2025-07-10 11:08:35 +02:00
sch_hhf.c net/sched: Fix backlog accounting in qdisc_dequeue_internal 2025-08-14 17:52:29 -07:00
sch_htb.c net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate 2025-08-20 19:27:08 -07:00
sch_ingress.c bpf: Fix too early release of tcx_entry 2024-07-08 14:07:31 -07:00
sch_mq.c net: sched: add rcu annotations around qdisc->qdisc_sleeping 2023-06-07 10:25:39 +01:00
sch_mqprio.c net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing 2025-08-04 17:22:20 -07:00
sch_mqprio_lib.c net: sched: Fill in missing MODULE_DESCRIPTION for qdiscs 2023-11-01 21:49:09 -07:00
sch_mqprio_lib.h net/sched: mqprio: allow per-TC user input of FP adminStatus 2023-04-13 22:22:10 -07:00
sch_multiq.c net: sched: sch_multiq: fix possible OOB write in multiq_tune() 2024-06-05 10:50:19 +01:00
sch_netem.c net_sched: use qdisc_skb_cb(skb)->pkt_segs in bstats_update() 2025-11-25 16:10:32 +01:00
sch_pie.c net/sched: Fix backlog accounting in qdisc_dequeue_internal 2025-08-14 17:52:29 -07:00
sch_plug.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_prio.c net_sched: prio: fix a race in prio_tune() 2025-06-12 08:05:49 -07:00
sch_qfq.c net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag 2026-01-19 12:06:41 -08:00
sch_red.c Including fixes from bluetooth and wireless. 2025-06-12 09:50:36 -07:00
sch_sfb.c net/sched: Add drop reasons for AQM-based qdiscs 2024-12-17 13:27:29 +01:00
sch_sfq.c Including fixes from bluetooth and wireless. 2025-06-12 09:50:36 -07:00
sch_skbprio.c net_sched: skbprio: Remove overly strict queue assertions 2025-04-02 16:03:32 -07:00
sch_taprio.c net_sched: use qdisc_skb_cb(skb)->pkt_segs in bstats_update() 2025-11-25 16:10:32 +01:00
sch_tbf.c net_sched: use qdisc_skb_cb(skb)->pkt_segs in bstats_update() 2025-11-25 16:10:32 +01:00
sch_teql.c net/sched: Enforce that teql can only be used as root qdisc 2026-01-19 12:06:41 -08:00