[PATCH v6 net 0/4] net/sched: Fixes for sch_ingress and sch_clsact

From: Peilin Ye
Date: Mon May 29 2023 - 15:52:47 EST

Link to v5: https://lore.kernel.org/r/cover.1684887977.git.peilin.ye@xxxxxxxxxxxxx/
Link to v4: https://lore.kernel.org/r/cover.1684825171.git.peilin.ye@xxxxxxxxxxxxx/
Link to v3 (incomplete): https://lore.kernel.org/r/cover.1684821877.git.peilin.ye@xxxxxxxxxxxxx/
Link to v2: https://lore.kernel.org/r/cover.1684796705.git.peilin.ye@xxxxxxxxxxxxx/
Link to v1: https://lore.kernel.org/r/cover.1683326865.git.peilin.ye@xxxxxxxxxxxxx/

Hi all,

These are v6 fixes for ingress and clsact Qdiscs, including only first 4
patches (already tested and reviewed) from v5. Patch 5 and 6 from
previous versions are still under discussion and will be sent separately.
Per-patch changelog omitted.

Change in v6:
- only include first 4 patches from previous versions

Changes in v5:
- for [6/6], reinitialize @q, @p (suggested by Vlad) and @tcm after the
"replay:" tag
- for [1,2/6], do nothing in ->destroy() if ->parent isn't ffff:fff1, as
reported by Pedro

Change in v3, v4:
- add in-body From: tags

Changes in v2:
- for [1-5/6], include tags from Jamal and Pedro
- for [6/6], as suggested by Vlad, replay the request if the current
Qdisc has any ongoing (RTNL-unlocked) filter requests, instead of
returning -EBUSY to the user
- use Closes: tag as warned by checkpatch

[1,2/6]: ingress and clsact Qdiscs should only be created under ffff:fff1
[3/6]: Under ffff:fff1, only create ingress and clsact Qdiscs (for now,
at least)
[4/6]: After creating ingress and clsact Qdiscs under ffff:fff1, do not
graft them again to anywhere else (e.g. as the inner Qdisc of a
TBF Qdisc)
[5/6]: Prepare for [6/6], do not reuse that for-loop in qdisc_graft()
for ingress and clsact Qdiscs
[6/6]: Fix use-after-free [a] in mini_qdisc_pair_swap()

[a] https://syzkaller.appspot.com/bug?extid=b53a9c0d1ea4ad62da8b

Thanks,
Peilin Ye (4):
net/sched: sch_ingress: Only create under TC_H_INGRESS
net/sched: sch_clsact: Only create under TC_H_CLSACT
net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact)
Qdiscs
net/sched: Prohibit regrafting ingress or clsact Qdiscs

net/sched/sch_api.c | 12 +++++++++++-
net/sched/sch_ingress.c | 16 ++++++++++++++--
2 files changed, 25 insertions(+), 3 deletions(-)

--
2.20.1