From: Cong Wang <xiyou.wangc...@gmail.com>
Date: Fri, 27 Oct 2017 22:08:56 -0700
> Davide found the following script triggers a NULL pointer
> dereference:
>
> ip l a name eth0 type dummy
> tc q a dev eth0 parent :1 handle 1: htb
>
> This is because for a freshly created netdevice noop_qdisc
> is attached and when passing 'parent :1', kernel actually
> tries to match the major handle which is 0 and noop_qdisc
> has handle 0 so is matched by mistake. Commit 69012ae425d7
> tries to fix a similar bug but still misses this case.
>
> Handle 0 is not a valid one, should be just skipped. In
> fact, kernel uses it as TC_H_UNSPEC.
>
> Fixes: 69012ae425d7 ("net: sched: fix handling of singleton qdiscs with
> qdisc_hash")
> Fixes: 59cc1f61f09c ("net: sched:convert qdisc linked list to hashtable")
> Reported-by: Davide Caratti <dcara...@redhat.com>
> Cc: Jiri Kosina <jkos...@suse.cz>
> Cc: Eric Dumazet <eduma...@google.com>
> Cc: Jamal Hadi Salim <j...@mojatatu.com>
> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com>
Applied and queued up for -stable, thanks.
