From: Vlad Buslov Date: Mon, 9 Jul 2018 17:26:47 +0000 (+0300) Subject: net: sched: fix unprotected access to rcu cookie pointer X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=e0479b670d394d478907bd4fc22daab6516953c7;p=openwrt%2Fstaging%2Fblogic.git net: sched: fix unprotected access to rcu cookie pointer Fix action attribute size calculation function to take rcu read lock and access act_cookie pointer with rcu dereference. Fixes: eec94fdb0480 ("net: sched: use rcu for action cookie update") Reported-by: Marcelo Ricardo Leitner Signed-off-by: Vlad Buslov Reviewed-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller --- diff --git a/net/sched/act_api.c b/net/sched/act_api.c index 66dc19746c63..148a89ab789b 100644 --- a/net/sched/act_api.c +++ b/net/sched/act_api.c @@ -149,10 +149,15 @@ EXPORT_SYMBOL(__tcf_idr_release); static size_t tcf_action_shared_attrs_size(const struct tc_action *act) { + struct tc_cookie *act_cookie; u32 cookie_len = 0; - if (act->act_cookie) - cookie_len = nla_total_size(act->act_cookie->len); + rcu_read_lock(); + act_cookie = rcu_dereference(act->act_cookie); + + if (act_cookie) + cookie_len = nla_total_size(act_cookie->len); + rcu_read_unlock(); return nla_total_size(0) /* action number nested */ + nla_total_size(IFNAMSIZ) /* TCA_ACT_KIND */