ACK: [SRU][J:linux-bluefield][PATCH v1 0/1] UBUNTU: SAUCE: net/sched: cls_api: Add defensive actions pointer check
Jose Ogando
jose.ogando at canonical.com
Thu Jul 17 06:22:28 UTC 2025
Looks good to me.
Acked-by: Jose Ogando <jose.ogando at canonical.com>
On Mon, 2025-07-07 at 10:35 +0300, Stav Aviram wrote:
> BugLink: https://bugs.launchpad.net/bugs/2109993
>
> SRU Justification:
>
> [IMPACT]
> Kernel crashes occur in tcf_action_init() at the line "actions[i - 1]
> = act;"
> when the actions pointer is NULL or invalid. Analysis shows that
> while
> normal program flows shouldn't reach this line with a NULL actions
> pointer,
> it appears to be getting corrupted due to invalid Netlink Attribute
> (NLA)
> sent by a user-space application or race conditions. The crash has
> been
> observed on BF3 systems.
>
> [FIX]
> Add a defensive NULL check before accessing the actions pointer in
> tcf_action_init(). Return -EINVAL if the pointer is NULL instead of
> crashing the kernel.
>
> [TEST CASE]
> Compile tested.
> This issue is hard to reproduce, but when it reproduces we'd expect
> to
> see the -EINVAL error.
>
> [Regression Potential]
> Very low risk. The patch only adds a NULL check that returns an error
> in a case that would previously cause a kernel crash. No existing
> logic
> paths are modified.
>
> Stav Aviram (1):
> UBUNTU: SAUCE: net/sched: cls_api: Add defensive actions pointer
> check
>
> net/sched/act_api.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> --
> 2.34.1
>
>
More information about the kernel-team
mailing list