Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet 27880b0b0d net/sched: act_ife: avoid possible NULL deref 
tcf_ife_encode() must make sure ife_encode() does not return NULL.

syzbot reported:

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
 RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166
CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full)
Call Trace:
 <TASK>
  ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101
  tcf_ife_encode net/sched/act_ife.c:841 [inline]
  tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877
  tc_act include/net/tc_wrapper.h:130 [inline]
  tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152
  tcf_exts_exec include/net/pkt_cls.h:349 [inline]
  mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42
  tc_classify include/net/tc_wrapper.h:197 [inline]
  __tcf_classify net/sched/cls_api.c:1764 [inline]
  tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860
  multiq_classify net/sched/sch_multiq.c:39 [inline]
  multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66
  dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147
  __dev_xmit_skb net/core/dev.c:4262 [inline]
  __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798

Fixes: 295a6e06d2 ("net/sched: act_ife: Change to use ife module")
Reported-by: syzbot+5cf914f193dffde3bd3c@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/6970d61d.050a0220.706b.0010.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yotam Gigi <yotam.gi@gmail.com>
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://patch.msgid.link/20260121133724.3400020-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2026-01-22 08:01:44 -08:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth Bluetooth: hci_sync: enable PA Sync Lost event 2026-01-09 16:03:57 -05:00
bpf bpf: Fix reference count leak in bpf_prog_test_run_xdp() 2026-01-12 16:37:40 -08:00
bridge net: bridge: annotate data-races around fdb->{updated,used} 2026-01-09 17:36:21 -08:00
caif
can net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts 2026-01-15 09:52:39 +01:00
ceph libceph: make calc_target() set t->paused, not just clear it 2026-01-06 00:39:43 +01:00
core net: add skb->data_len and (skb>end - skb->tail) to skb_dump() 2026-01-15 19:49:47 -08:00
dcb
devlink
dns_resolver
dsa net: dsa: fix off-by-one in maximum bridge ID determination 2026-01-21 19:52:29 -08:00
ethernet
ethtool
handshake
hsr
ieee802154
ife
ipv4 fou: Don't allow 0 for FOU_ATTR_IPPROTO. 2026-01-17 16:00:24 -08:00
ipv6 ipv6: annotate data-race in ndisc_router_discovery() 2026-01-20 18:37:45 -08:00
iucv
kcm
key
l2tp l2tp: avoid one data-race in l2tp_tunnel_del_work() 2026-01-19 09:55:41 -08:00
l3mdev
lapb
llc
mac80211 wifi: mac80211: apply advertised TTLM from association response 2026-01-20 10:02:01 +01:00
mac802154
mctp
mpls
mptcp
ncsi
netfilter netfilter: nf_conncount: update last_gc only when GC has been performed 2026-01-02 10:44:28 +01:00
netlabel
netlink
netrom netrom: fix double-free in nr_route_frame() 2026-01-20 19:15:40 -08:00
nfc
nsh
openvswitch net: openvswitch: fix data race in ovs_vport_get_upcall_stats 2026-01-22 12:55:22 +01:00
packet
phonet
psample
psp
qrtr
rds
rfkill
rose
rxrpc rxrpc: Fix data-race warning and potential load/store tearing 2026-01-21 19:59:29 -08:00
sched net/sched: act_ife: avoid possible NULL deref 2026-01-22 08:01:44 -08:00
sctp sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT 2026-01-17 15:10:34 -08:00
shaper
smc
strparser
sunrpc
switchdev
tipc
tls
unix net: do not write to msg_get_inq in callee 2026-01-08 08:45:13 -08:00
vmw_vsock vsock/virtio: cap TX credit to local buffer size 2026-01-22 15:41:33 +01:00
wireless wifi: cfg80211: ignore link disabled flag from userspace 2026-01-20 10:02:01 +01:00
x25
xdp
xfrm
Kconfig
Kconfig.debug
Makefile
compat.c
devres.c
socket.c
sysctl_net.c