subject:"\[Cake\] \[PATCH 1\/4\] sched\: Avoid dereferencing skb pointer after child enqueue"

Re: [Cake] [PATCH 1/4] sched: Avoid dereferencing skb pointer after child enqueue

2019-01-10 Thread Cong Wang

On Wed, Jan 9, 2019 at 12:14 AM Toke Høiland-Jørgensen wrote: > > Cong Wang writes: > > > On Mon, Jan 7, 2019 at 11:50 AM Toke Høiland-Jørgensen wrote: > >> @@ -1254,7 +1256,7 @@ static int qfq_enqueue(struct sk_buff *skb, struct > >> Qdisc *sch, > >> if (cl->qdisc->q.qlen != 1) { > >>

Re: [Cake] [PATCH 1/4] sched: Avoid dereferencing skb pointer after child enqueue

2019-01-09 Thread Cong Wang

On Mon, Jan 7, 2019 at 11:50 AM Toke Høiland-Jørgensen wrote: > @@ -1254,7 +1256,7 @@ static int qfq_enqueue(struct sk_buff *skb, struct > Qdisc *sch, > if (cl->qdisc->q.qlen != 1) { > if (unlikely(skb == cl->qdisc->ops->peek(cl->qdisc)) && Isn't this comparison

Re: [Cake] [PATCH 1/4] sched: Avoid dereferencing skb pointer after child enqueue

2019-01-09 Thread Toke Høiland-Jørgensen

Cong Wang writes: > On Mon, Jan 7, 2019 at 11:50 AM Toke Høiland-Jørgensen wrote: >> @@ -1254,7 +1256,7 @@ static int qfq_enqueue(struct sk_buff *skb, struct >> Qdisc *sch, >> if (cl->qdisc->q.qlen != 1) { >> if (unlikely(skb == cl->qdisc->ops->peek(cl->qdisc)) && > > >

[Cake] [PATCH 1/4] sched: Avoid dereferencing skb pointer after child enqueue

2019-01-07 Thread Toke Høiland-Jørgensen

From: Toke Høiland-Jørgensen Parent qdiscs may dereference the pointer to the enqueued skb after enqueue. However, both CAKE and TBF call consume_skb() on the original skb when splitting GSO packets, leading to a potential use-after-free in the parent. Fix this by avoiding dereferencing the skb