sched: address a potential NULL pointer dereference in the GRED scheduler.

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If kzalloc in gred_init returns a NULL pointer, the code follows the
error handling path, invoking gred_destroy. This, in turn, calls
gred_offload, where memset could receive a NULL pointer as input,
potentially leading to a kernel crash.

When table->opt is NULL in gred_init(), gred_change_table_def()
is not called yet, so it is not necessary to call ->ndo_setup_tc()
in gred_offload().

Signed-off-by: Jun Yang <juny24602@gmail.com>
Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
Fixes: f25c0515c521 ("net: sched: gred: dynamically allocate tc_gred_qopt_offload")
Link: https://patch.msgid.link/20250305154410.3505642-1-juny24602@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Jun Yang and committed by

Jakub Kicinski 1 year ago 115ef44a e4e832d2

+2 -1

1 changed file

expand all

net

sched

sch_gred.c

+2 -1

net/sched/sch_gred.c

··· 913 913 for (i = 0; i < table->DPs; i++) 914 914 gred_destroy_vq(table->tab[i]); 915 915 916 - gred_offload(sch, TC_GRED_DESTROY); 916 + if (table->opt) 917 + gred_offload(sch, TC_GRED_DESTROY); 917 918 kfree(table->opt); 918 919 } 919 920