From: Greg Kroah-Hartman Date: Sat, 7 Oct 2023 11:29:47 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.14.327~73 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=15c5c67539c836c42fec883b9940dd1333109285;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: net-sched-sch_hfsc-ensure-inner-classes-have-fsc-curve.patch --- diff --git a/queue-4.14/net-sched-sch_hfsc-ensure-inner-classes-have-fsc-curve.patch b/queue-4.14/net-sched-sch_hfsc-ensure-inner-classes-have-fsc-curve.patch new file mode 100644 index 00000000000..cc73be5d0b4 --- /dev/null +++ b/queue-4.14/net-sched-sch_hfsc-ensure-inner-classes-have-fsc-curve.patch @@ -0,0 +1,39 @@ +From b3d26c5702c7d6c45456326e56d2ccf3f103e60f Mon Sep 17 00:00:00 2001 +From: Budimir Markovic +Date: Thu, 24 Aug 2023 01:49:05 -0700 +Subject: net/sched: sch_hfsc: Ensure inner classes have fsc curve + +From: Budimir Markovic + +commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f upstream. + +HFSC assumes that inner classes have an fsc curve, but it is currently +possible for classes without an fsc curve to become parents. This leads +to bugs including a use-after-free. + +Don't allow non-root classes without HFSC_FSC to become parents. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reported-by: Budimir Markovic +Signed-off-by: Budimir Markovic +Acked-by: Jamal Hadi Salim +Link: https://lore.kernel.org/r/20230824084905.422-1-markovicbudimir@gmail.com +Signed-off-by: Jakub Kicinski +[ v4.14: Delete NL_SET_ERR_MSG because extack is not added to hfsc_change_class ] +Signed-off-by: Shaoying Xu +Signed-off-by: Greg Kroah-Hartman +--- + net/sched/sch_hfsc.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/sched/sch_hfsc.c ++++ b/net/sched/sch_hfsc.c +@@ -1020,6 +1020,8 @@ hfsc_change_class(struct Qdisc *sch, u32 + if (parent == NULL) + return -ENOENT; + } ++ if (!(parent->cl_flags & HFSC_FSC) && parent != &q->root) ++ return -EINVAL; + + if (classid == 0 || TC_H_MAJ(classid ^ sch->handle) != 0) + return -EINVAL; diff --git a/queue-4.14/series b/queue-4.14/series index 4fc3377f6b7..c916a9eb21c 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -30,3 +30,4 @@ ata-libata-sata-increase-pmp-srst-timeout-to-10s.patch fs-binfmt_elf_efpic-fix-personality-for-elf-fdpic.patch vc_screen-reload-load-of-struct-vc_data-pointer-in-vcs_write-to-avoid-uaf.patch ext4-fix-rec_len-verify-error.patch +net-sched-sch_hfsc-ensure-inner-classes-have-fsc-curve.patch