[PATCH 4.14 33/55] net/sched: sch_hfsc: Ensure inner classes have fsc curve

4.14-stable review patch. If anyone has any objections, please let me know.

------------------

From: Budimir Markovic markovicbudimir@gmail.com

commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f upstream.

HFSC assumes that inner classes have an fsc curve, but it is currently possible for classes without an fsc curve to become parents. This leads to bugs including a use-after-free.

Don't allow non-root classes without HFSC_FSC to become parents.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: Budimir Markovic markovicbudimir@gmail.com Signed-off-by: Budimir Markovic markovicbudimir@gmail.com Acked-by: Jamal Hadi Salim jhs@mojatatu.com Link: https://lore.kernel.org/r/20230824084905.422-1-markovicbudimir@gmail.com Signed-off-by: Jakub Kicinski kuba@kernel.org [ v4.14: Delete NL_SET_ERR_MSG because extack is not added to hfsc_change_class ] Signed-off-by: Shaoying Xu shaoyi@amazon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- net/sched/sch_hfsc.c | 2 ++ 1 file changed, 2 insertions(+)

--- a/net/sched/sch_hfsc.c +++ b/net/sched/sch_hfsc.c @@ -1020,6 +1020,8 @@ hfsc_change_class(struct Qdisc *sch, u32 if (parent == NULL) return -ENOENT; } + if (!(parent->cl_flags & HFSC_FSC) && parent != &q->root) + return -EINVAL;

if (classid == 0 || TC_H_MAJ(classid ^ sch->handle) != 0) return -EINVAL;