--- /dev/null
+From foo@baz Thu 19 Sep 2019 03:07:06 PM CEST
+From: Cong Wang <xiyou.wangcong@gmail.com>
+Date: Thu, 12 Sep 2019 10:22:30 -0700
+Subject: net_sched: let qdisc_put() accept NULL pointer
+
+From: Cong Wang <xiyou.wangcong@gmail.com>
+
+[ Upstream commit 6efb971ba8edfbd80b666f29de12882852f095ae ]
+
+When tcf_block_get() fails in sfb_init(), q->qdisc is still a NULL
+pointer which leads to a crash in sfb_destroy(). Similar for
+sch_dsmark.
+
+Instead of fixing each separately, Linus suggested to just accept
+NULL pointer in qdisc_put(), which would make callers easier.
+
+(For sch_dsmark, the bug probably exists long before commit
+6529eaba33f0.)
+
+Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure")
+Reported-by: syzbot+d5870a903591faaca4ae@syzkaller.appspotmail.com
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Jamal Hadi Salim <jhs@mojatatu.com>
+Cc: Jiri Pirko <jiri@resnulli.us>
+Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
+Acked-by: Jiri Pirko <jiri@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sched/sch_generic.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/sched/sch_generic.c
++++ b/net/sched/sch_generic.c
+@@ -671,7 +671,11 @@ static void qdisc_rcu_free(struct rcu_he
+
+ void qdisc_destroy(struct Qdisc *qdisc)
+ {
+- const struct Qdisc_ops *ops = qdisc->ops;
++ const struct Qdisc_ops *ops;
++
++ if (!qdisc)
++ return;
++ ops = qdisc->ops;
+
+ if (qdisc->flags & TCQ_F_BUILTIN ||
+ !atomic_dec_and_test(&qdisc->refcnt))
projects / thirdparty / kernel / stable-queue.git / commitdiff
