Merge branch 'forbid-goto_chain-fallback'
authorDavid S. Miller <davem@davemloft.net>
Tue, 23 Oct 2018 02:42:58 +0000 (19:42 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 23 Oct 2018 02:42:58 +0000 (19:42 -0700)
Davide Caratti says:

====================
net/sched: forbid 'goto_chain' on fallback actions

the following command:

 # tc actions add action police rate 1mbit burst 1k conform-exceed \
 > pass / goto chain 42

generates a NULL pointer dereference when packets exceed the configured
rate. Similarly, the following command:

 # tc actions add action pass random determ goto chain 42 2

makes the kernel crash with NULL dereference when the first packet does
not match the 'pass' action.

gact and police allow users to specify a fallback control action, that is
stored in the action private data. 'goto chain x' never worked for these
cases, since a->goto_chain handle was never initialized. There is only one
goto_chain handle per TC action, and it is designed to be non-NULL only if
tcf_action contains a 'goto chain' command. So, let's forbid 'goto chain'
on fallback actions.

Patch 1/4 and 2/4 change the .init() functions of police and gact, to let
them return an error when users try to set 'goto chain x' in the fallback
action. Patch 3/4 and 4/4 add TDC selftest coverage to this new behavior.
====================

Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sched/act_gact.c
net/sched/act_police.c
tools/testing/selftests/tc-testing/tc-tests/actions/gact.json
tools/testing/selftests/tc-testing/tc-tests/actions/police.json

index c89a7fa43d1b08f48cdbbb0c2b40aa1b08dbe537..b61c20ebb314ac8301f66758c6de0d97e38c7a9a 100644 (file)
@@ -88,6 +88,11 @@ static int tcf_gact_init(struct net *net, struct nlattr *nla,
                p_parm = nla_data(tb[TCA_GACT_PROB]);
                if (p_parm->ptype >= MAX_RAND)
                        return -EINVAL;
+               if (TC_ACT_EXT_CMP(p_parm->paction, TC_ACT_GOTO_CHAIN)) {
+                       NL_SET_ERR_MSG(extack,
+                                      "goto chain not allowed on fallback");
+                       return -EINVAL;
+               }
        }
 #endif
 
index 92649d2667ed1d8091d35ea755c0579ba5dcd587..052855d47354232f1c5d4762763367d638d96574 100644 (file)
@@ -185,8 +185,6 @@ static int tcf_police_init(struct net *net, struct nlattr *nla,
                new->peak_present = false;
        }
 
-       if (tb[TCA_POLICE_RESULT])
-               new->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
        new->tcfp_burst = PSCHED_TICKS2NS(parm->burst);
        new->tcfp_toks = new->tcfp_burst;
        if (new->peak_present) {
@@ -198,6 +196,16 @@ static int tcf_police_init(struct net *net, struct nlattr *nla,
        if (tb[TCA_POLICE_AVRATE])
                new->tcfp_ewma_rate = nla_get_u32(tb[TCA_POLICE_AVRATE]);
 
+       if (tb[TCA_POLICE_RESULT]) {
+               new->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
+               if (TC_ACT_EXT_CMP(new->tcfp_result, TC_ACT_GOTO_CHAIN)) {
+                       NL_SET_ERR_MSG(extack,
+                                      "goto chain not allowed on fallback");
+                       err = -EINVAL;
+                       goto failure;
+               }
+       }
+
        spin_lock_bh(&police->tcf_lock);
        new->tcfp_t_c = ktime_get_ns();
        police->tcf_action = parm->action;
index 68c91023cdb9b670f669bab5ead7f9924e788b1e..89189a03ce3d431b817fcbdaef4eb3a89219fcf9 100644 (file)
         "matchPattern": "^[ \t]+index [0-9]+ ref",
         "matchCount": "0",
         "teardown": []
+    },
+    {
+        "id": "8e47",
+        "name": "Add gact action with random determ goto chain control action",
+        "category": [
+            "actions",
+            "gact"
+        ],
+        "setup": [
+            [
+                "$TC actions flush action gact",
+                0,
+                1,
+                255
+            ]
+        ],
+        "cmdUnderTest": "$TC actions add action pass random determ goto chain 1 2 index 90",
+        "expExitCode": "255",
+        "verifyCmd": "$TC actions list action gact",
+        "matchPattern": "action order [0-9]*: gact action pass random type determ goto chain 1 val 2.*index 90 ref",
+        "matchCount": "0",
+        "teardown": [
+            "$TC actions flush action gact"
+        ]
     }
 ]
index 30f9b54bd66689094d2556c354373cfc186a1932..4086a50a670ecba9cc46cb9872061e9151a24e42 100644 (file)
         "teardown": [
             "$TC actions flush action police"
         ]
+    },
+    {
+        "id": "b48b",
+        "name": "Add police action with exceed goto chain control action",
+        "category": [
+            "actions",
+            "police"
+        ],
+        "setup": [
+            [
+                "$TC actions flush action police",
+                0,
+                1,
+                255
+            ]
+        ],
+        "cmdUnderTest": "$TC actions add action police rate 1mbit burst 1k conform-exceed pass / goto chain 42",
+        "expExitCode": "255",
+        "verifyCmd": "$TC actions ls action police",
+        "matchPattern": "action order [0-9]*:  police 0x1 rate 1Mbit burst 1Kb mtu 2Kb action pass/goto chain 42",
+        "matchCount": "0",
+        "teardown": [
+            "$TC actions flush action police"
+        ]
     }
 ]