[PATCH openEuler-1.0-LTS 4/6] net: sched: don't expose action qstats to skb_tc_reinsert()

25 Mar 2023

From: Vlad Buslov vladbu@mellanox.com
mainline inclusion
from mainline-v5.5-rc1
commit ef816f3c49c1c404ababc50e10d4cbe5109da678
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I64END
CVE: CVE-2022-4269
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h...
--------------------------------
Previous commit introduced helper function for updating qstats and
refactored set of actions to use the helpers, instead of modifying qstats
directly. However, one of the affected action exposes its qstats to
skb_tc_reinsert(), which then modifies it.
Refactor skb_tc_reinsert() to return integer error code and don't increment
overlimit qstats in case of error, and use the returned error code in
tcf_mirred_act() to manually increment the overlimit counter with new
helper function.
Signed-off-by: Vlad Buslov vladbu@mellanox.com
Acked-by: Jiri Pirko jiri@mellanox.com
Signed-off-by: David S. Miller davem@davemloft.net
Conflicts:
    net/sched/act_mirred.c
Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com
Reviewed-by: Liu Jian liujian56@huawei.com
Reviewed-by: Wang Weiyang wangweiyang2@huawei.com
Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com
---
 include/net/sch_generic.h | 12 ++----------
 net/sched/act_mirred.c    |  3 ++-
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index 101481ad5270..8df77847b6f5 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -1142,17 +1142,9 @@ void mini_qdisc_pair_swap(struct mini_Qdisc_pair *miniqp,
 void mini_qdisc_pair_init(struct mini_Qdisc_pair *miniqp, struct Qdisc *qdisc,
    		  struct mini_Qdisc __rcu **p_miniq);
-static inline void skb_tc_reinsert(struct sk_buff *skb, struct tcf_result *res)
+static inline int skb_tc_reinsert(struct sk_buff *skb, struct tcf_result *res)
 {
-	struct gnet_stats_queue *stats = res->qstats;
-	int ret;
-
-	if (res->ingress)
-		ret = netif_receive_skb(skb);
-	else
-		ret = dev_queue_xmit(skb);
-	if (ret && stats)
-		qstats_overlimit_inc(res->qstats);
+	return res->ingress ? netif_receive_skb(skb) : dev_queue_xmit(skb);
 }
#endif
diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c
index 9c18967913c7..c9f184499d4f 100644
--- a/net/sched/act_mirred.c
+++ b/net/sched/act_mirred.c
@@ -281,7 +281,8 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a,
    	if (use_reinsert) {
    		res->ingress = want_ingress;
    		res->qstats = this_cpu_ptr(m->common.cpu_qstats);
-			skb_tc_reinsert(skb, res);
+			if (skb_tc_reinsert(skb, res) && res->qstats)
+				qstats_overlimit_inc(res->qstats);
    		__this_cpu_dec(mirred_rec_level);
    		return TC_ACT_CONSUMED;
    	}
-- 
2.25.1


    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-1.0-LTS 4/6] net: sched: don't expose action qstats to skb_tc_reinsert()