git.baikalelectronics.ru Git - kernel.git/commit

author	Gao Feng <gfree.wind@vip.163.com>
	Wed, 28 Jun 2017 04:53:54 +0000 (12:53 +0800)
committer	David S. Miller <davem@davemloft.net>
	Thu, 29 Jun 2017 16:55:12 +0000 (12:55 -0400)
commit	628ba2e7396105af2ff609ac38b9ad9b9fc7cdf3
tree	bfd7474b87652f2ddbe4f2d6583fe081ebdb0c35	tree \| snapshot
parent	a9c45e757ca651a4e0548271d5862c06acc6314a	commit \| diff

net: sched: Fix one possible panic when no destroy callback

When qdisc fail to init, qdisc_create would invoke the destroy callback
to cleanup. But there is no check if the callback exists really. So it
would cause the panic if there is no real destroy callback like the qdisc
codel, fq, and so on.

Take codel as an example following:
When a malicious user constructs one invalid netlink msg, it would cause
codel_init->codel_change->nla_parse_nested failed.
Then kernel would invoke the destroy callback directly but qdisc codel
doesn't define one. It causes one panic as a result.

Now add one the check for destroy to avoid the possible panic.

Fixes: 2a1eb255db0f ("net_sched: fix error recovery at qdisc creation")
Signed-off-by: Gao Feng <gfree.wind@vip.163.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>