From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 11 Apr 2023 13:14:16 +0000 (+0200)
Subject: 5.4-stable patches
X-Git-Tag: v5.15.107~25
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=025ac336e79063f6910da58a93119d7b83d1fb96;p=thirdparty%2Fkernel%2Fstable-queue.git

5.4-stable patches

added patches:
	net_sched-prevent-null-dereference-if-default-qdisc-setup-failed.patch
---

diff --git a/queue-5.4/net_sched-prevent-null-dereference-if-default-qdisc-setup-failed.patch b/queue-5.4/net_sched-prevent-null-dereference-if-default-qdisc-setup-failed.patch
new file mode 100644
index 00000000000..918295de43a
--- /dev/null
+++ b/queue-5.4/net_sched-prevent-null-dereference-if-default-qdisc-setup-failed.patch
@@ -0,0 +1,43 @@
+From ptyadav@amazon.de  Tue Apr 11 15:12:32 2023
+From: Pratyush Yadav <ptyadav@amazon.de>
+Date: Tue, 11 Apr 2023 15:02:10 +0200
+Subject: net_sched: prevent NULL dereference if default qdisc setup failed
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Pratyush Yadav <ptyadav@amazon.de>, <stable@vger.kernel.org>, <patches@lists.linux.dev>, Eric Dumazet <edumazet@google.com>, Vlad Buslov <vladbu@mellanox.com>, syzbot <syzkaller@googlegroups.com>, Jamal Hadi Salim <jhs@mojatatu.com>, Cong Wang <xiyou.wangcong@gmail.com>, Jiri Pirko <jiri@resnulli.us>, "David S. Miller" <davem@davemloft.net>, Zubin Mithra <zsm@google.com>, Norbert Manthey <nmanthey@amazon.de>
+Message-ID: <20230411130210.113555-1-ptyadav@amazon.de>
+
+From: Pratyush Yadav <ptyadav@amazon.de>
+
+If qdisc_create_dflt() fails, it returns NULL. With CONFIG_NET_SCHED
+enabled, the check qdisc != &noop_qdisc passes and qdisc will be passed
+to qdisc_hash_add(), which dereferences it.
+
+This assignment was present in the upstream commit 5891cd5ec46c2
+("net_sched: add __rcu annotation to netdev->qdisc") but was missed in
+the backport 22d95b5449249 ("net_sched: add __rcu annotation to
+netdev->qdisc"), perhaps due to merge conflicts.  dev->qdisc is
+&noop_qdisc by default and if qdisc_create_dflt() fails, this assignment
+will make sure qdisc == &noop_qdisc and no NULL dereference will take
+place.
+
+This bug was discovered and resolved using Coverity Static Analysis
+Security Testing (SAST) by Synopsys, Inc.
+
+Fixes: 22d95b5449249 ("net_sched: add __rcu annotation to netdev->qdisc")
+Signed-off-by: Pratyush Yadav <ptyadav@amazon.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sched/sch_generic.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/sched/sch_generic.c
++++ b/net/sched/sch_generic.c
+@@ -1116,6 +1116,7 @@ static void attach_default_qdiscs(struct
+ 			qdisc->ops->attach(qdisc);
+ 		}
+ 	}
++	qdisc = rtnl_dereference(dev->qdisc);
+ 
+ #ifdef CONFIG_NET_SCHED
+ 	if (qdisc != &noop_qdisc)
diff --git a/queue-5.4/series b/queue-5.4/series
index 7d0af3a58b7..71fb7a0d225 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -31,3 +31,4 @@ perf-core-fix-the-same-task-check-in-perf_event_set_.patch
 ftrace-mark-get_lock_parent_ip-__always_inline.patch
 can-j1939-j1939_tp_tx_dat_new-fix-out-of-bounds-memory-access.patch
 tracing-free-error-logs-of-tracing-instances.patch
+net_sched-prevent-null-dereference-if-default-qdisc-setup-failed.patch