[SRU][J:linux-bluefield][PATCH v1 0/1] UBUNTU: SAUCE: net/sched: cls_api: Add defensive actions pointer check
Stav Aviram
saviram at nvidia.com
Mon Jul 7 07:35:35 UTC 2025
BugLink: https://bugs.launchpad.net/bugs/2109993
SRU Justification:
[IMPACT]
Kernel crashes occur in tcf_action_init() at the line "actions[i - 1] = act;"
when the actions pointer is NULL or invalid. Analysis shows that while
normal program flows shouldn't reach this line with a NULL actions pointer,
it appears to be getting corrupted due to invalid Netlink Attribute (NLA)
sent by a user-space application or race conditions. The crash has been
observed on BF3 systems.
[FIX]
Add a defensive NULL check before accessing the actions pointer in
tcf_action_init(). Return -EINVAL if the pointer is NULL instead of
crashing the kernel.
[TEST CASE]
Compile tested.
This issue is hard to reproduce, but when it reproduces we'd expect to
see the -EINVAL error.
[Regression Potential]
Very low risk. The patch only adds a NULL check that returns an error
in a case that would previously cause a kernel crash. No existing logic
paths are modified.
Stav Aviram (1):
UBUNTU: SAUCE: net/sched: cls_api: Add defensive actions pointer check
net/sched/act_api.c | 7 +++++++
1 file changed, 7 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list