From: Minoru Usui Date: Tue, 9 Jun 2009 11:03:09 +0000 (-0700) Subject: cls_cgroup: Fix oops when user send improperly 'tc filter add' request X-Git-Tag: firefly_0821_release~14024^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=52ea3a56a3268bc2a5a7c75e98c81463004e38ef;p=firefly-linux-kernel-4.4.55.git cls_cgroup: Fix oops when user send improperly 'tc filter add' request I found a bug in cls_cgroup_change() in cls_cgroup.c. cls_cgroup_change() expected tca[TCA_OPTIONS] was set from user space properly, but tc in iproute2-2.6.29-1 (which I used) didn't set it. In the current source code of tc in git, it set tca[TCA_OPTIONS]. git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git If we always use a newest iproute2 in git when we use cls_cgroup, we don't face this oops probably. But I think, kernel shouldn't panic regardless of use program's behaviour. Signed-off-by: Minoru Usui Signed-off-by: David S. Miller --- diff --git a/net/sched/cls_cgroup.c b/net/sched/cls_cgroup.c index cc29b44b1500..e5becb92b3e7 100644 --- a/net/sched/cls_cgroup.c +++ b/net/sched/cls_cgroup.c @@ -167,6 +167,9 @@ static int cls_cgroup_change(struct tcf_proto *tp, unsigned long base, struct tcf_exts e; int err; + if (!tca[TCA_OPTIONS]) + return -EINVAL; + if (head == NULL) { if (!handle) return -EINVAL;