Commit 5e9a0fe4 authored by Jianbo Liu's avatar Jianbo Liu Committed by David S. Miller

net/sched: flower: Fix null pointer dereference when run tc vlan command

Zahari issued tc vlan command without setting vlan_ethtype, which will
crash kernel. To avoid this, we must check tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]
is not null before use it.
Also we don't need to dump vlan_ethtype or cvlan_ethtype in this case.

Fixes: d64efd09 ('net/sched: flower: Add supprt for matching on QinQ vlan headers')
Signed-off-by: default avatarJianbo Liu <jianbol@mellanox.com>
Reported-by: default avatarZahari Doychev <zahari.doychev@intel.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent db560d16
...@@ -605,20 +605,22 @@ static int fl_set_key(struct net *net, struct nlattr **tb, ...@@ -605,20 +605,22 @@ static int fl_set_key(struct net *net, struct nlattr **tb,
TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
&mask->vlan); &mask->vlan);
ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]); if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
if (eth_type_vlan(ethertype)) { ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
fl_set_key_vlan(tb, ethertype, if (eth_type_vlan(ethertype)) {
TCA_FLOWER_KEY_CVLAN_ID, fl_set_key_vlan(tb, ethertype,
TCA_FLOWER_KEY_CVLAN_PRIO, TCA_FLOWER_KEY_CVLAN_ID,
&key->cvlan, &mask->cvlan); TCA_FLOWER_KEY_CVLAN_PRIO,
fl_set_key_val(tb, &key->basic.n_proto, &key->cvlan, &mask->cvlan);
TCA_FLOWER_KEY_CVLAN_ETH_TYPE, fl_set_key_val(tb, &key->basic.n_proto,
&mask->basic.n_proto, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
TCA_FLOWER_UNSPEC, &mask->basic.n_proto,
sizeof(key->basic.n_proto)); TCA_FLOWER_UNSPEC,
} else { sizeof(key->basic.n_proto));
key->basic.n_proto = ethertype; } else {
mask->basic.n_proto = cpu_to_be16(~0); key->basic.n_proto = ethertype;
mask->basic.n_proto = cpu_to_be16(~0);
}
} }
} else { } else {
key->basic.n_proto = ethertype; key->basic.n_proto = ethertype;
...@@ -1344,14 +1346,16 @@ static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh, ...@@ -1344,14 +1346,16 @@ static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
key->cvlan.vlan_tpid))) key->cvlan.vlan_tpid)))
goto nla_put_failure; goto nla_put_failure;
if (mask->cvlan.vlan_tpid) { if (mask->basic.n_proto) {
if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE, if (mask->cvlan.vlan_tpid) {
key->basic.n_proto)) if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
goto nla_put_failure; key->basic.n_proto))
} else if (mask->vlan.vlan_tpid) { goto nla_put_failure;
if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE, } else if (mask->vlan.vlan_tpid) {
key->basic.n_proto)) if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
goto nla_put_failure; key->basic.n_proto))
goto nla_put_failure;
}
} }
if ((key->basic.n_proto == htons(ETH_P_IP) || if ((key->basic.n_proto == htons(ETH_P_IP) ||
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment