diff options
| author | Minoru Usui <[email protected]> | 2009-06-02 09:17:34 +0000 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2009-06-02 09:17:34 +0000 |
| commit | 12186be7d2e1106cede1cc728526e3d7998cbe94 (patch) | |
| tree | a27e9c1cf720fbd31d67c27ea1426a0ae891733b /security/selinux/hooks.c | |
| parent | e1000: add missing length check to e1000 receive routine (diff) | |
| download | kernel-12186be7d2e1106cede1cc728526e3d7998cbe94.tar.gz kernel-12186be7d2e1106cede1cc728526e3d7998cbe94.zip | |
net_cls: fix unconfigured struct tcf_proto keeps chaining and avoid kernel panic when we use cls_cgroup
This patch fixes a bug which unconfigured struct tcf_proto keeps
chaining in tc_ctl_tfilter(), and avoids kernel panic in
cls_cgroup_classify() when we use cls_cgroup.
When we execute 'tc filter add', tcf_proto is allocated, initialized
by classifier's init(), and chained. After it's chained,
tc_ctl_tfilter() calls classifier's change(). When classifier's
change() fails, tc_ctl_tfilter() does not free and keeps tcf_proto.
In addition, cls_cgroup is initialized in change() not in init(). It
accesses unconfigured struct tcf_proto which is chained before
change(), then hits Oops.
Signed-off-by: Minoru Usui <[email protected]>
Signed-off-by: Jarek Poplawski <[email protected]>
Signed-off-by: Jamal Hadi Salim <[email protected]>
Tested-by: Minoru Usui <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions