a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
edbca0f789
android_kernel_samsung_a7y1.../net/sched
History
Cong Wang 6eb7abd02e net_sched: keep alloc_hash updated after hash allocation 
[ Upstream commit 0d1c3530e1bd38382edef72591b78e877e0edcd3 ]

In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
I moved cp->hash calculation before the first
tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched.
This difference could lead to another out of bound access.

cp->alloc_hash should always be the size allocated, we should
update it after this tcindex_alloc_perfect_hash().

Reported-and-tested-by: syzbot+dcc34d54d68ef7d2d53d@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+c72da7b9ed57cde6fca2@syzkaller.appspotmail.com
Fixes: 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-07 14:23:30 +02:00
..
act_api.c net: avoid potential infinite loop in tc_ctl_action() 2020-04-07 09:26:21 +02:00
act_bpf.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_connmark.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_csum.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_gact.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_ipt.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_mirred.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_nat.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_pedit.c net/sched: act_pedit: fix WARN() in the traffic path 2020-04-07 12:33:38 +02:00
act_police.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_simple.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_skbedit.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
act_vlan.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cls_api.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cls_basic.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cls_bpf.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cls_cgroup.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cls_flow.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cls_flower.c net: sched: correct flower port blocking 2020-04-07 14:04:39 +02:00
cls_fw.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cls_route.c net_sched: cls_route: remove the right filter from hashtable 2020-04-07 14:23:28 +02:00
cls_rsvp.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cls_rsvp.h cls_rsvp: fix rsvp_policy 2020-04-07 13:49:21 +02:00
cls_rsvp6.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
cls_tcindex.c net_sched: keep alloc_hash updated after hash allocation 2020-04-07 14:23:30 +02:00
cls_u32.c net: sched: Fix memory exposure from short TCA_U32_SEL 2020-04-07 09:27:10 +02:00
em_canid.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
em_cmp.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
em_ipset.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
em_meta.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
em_nbyte.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
em_text.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
em_u32.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
ematch.c net_sched: ematch: reject invalid TCF_EM_SIMPLE 2020-04-07 13:45:58 +02:00
Kconfig A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
Makefile A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_api.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_atm.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_blackhole.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_cbq.c sch_cbq: validate TCA_CBQ_WRROPT to avoid crash 2020-04-07 08:07:22 +02:00
sch_choke.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_codel.c net: sched: Fix a possible null-pointer dereference in dequeue_func() 2020-04-06 20:28:20 +02:00
sch_drr.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_dsmark.c sch_dsmark: fix potential NULL deref in dsmark_init() 2020-04-07 08:07:16 +02:00
sch_fifo.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_fq_codel.c net/flow_dissector: switch to siphash 2020-04-07 09:29:43 +02:00
sch_fq.c net: fq: add missing attribute validation for orphan mask 2020-04-07 14:11:31 +02:00
sch_generic.c net_sched: let qdisc_put() accept NULL pointer 2020-04-06 21:37:13 +02:00
sch_gred.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_hfsc.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_hhf.c net/flow_dissector: switch to siphash 2020-04-07 09:29:43 +02:00
sch_htb.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_ingress.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_mq.c net: sched: fix tc -s class show no bstats on class with nolock subqueues 2020-04-07 12:43:40 +02:00
sch_mqprio.c net: sched: fix tc -s class show no bstats on class with nolock subqueues 2020-04-07 12:43:40 +02:00
sch_multiq.c net: sched: fix tc -s class show no bstats on class with nolock subqueues 2020-04-07 12:43:40 +02:00
sch_netem.c sch_netem: fix rcu splat in netem_enqueue() 2020-04-07 09:28:38 +02:00
sch_pie.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_plug.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_prio.c net: sched: fix tc -s class show no bstats on class with nolock subqueues 2020-04-07 12:43:40 +02:00
sch_qfq.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_red.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30
sch_sfb.c net/flow_dissector: switch to siphash 2020-04-07 09:29:43 +02:00
sch_sfq.c net/flow_dissector: switch to siphash 2020-04-07 09:29:43 +02:00
sch_tbf.c net: create skb_gso_validate_mac_len() 2020-04-06 18:44:21 +02:00
sch_teql.c A750FXXU4CTBC 2020-03-27 21:51:54 +05:30