github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-25 07:33:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
v6.15
linux/net/sched
History
Cong Wang 3f98113810 sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() 
When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the
child qdisc's peek() operation before incrementing sch->q.qlen and
sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may
trigger an immediate dequeue and potential packet drop. In such cases,
qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog
have not yet been updated, leading to inconsistent queue accounting. This
can leave an empty HFSC class in the active list, causing further
consequences like use-after-free.

This patch fixes the bug by moving the increment of sch->q.qlen and
sch->qstats.backlog before the call to the child qdisc's peek() operation.
This ensures that queue length and backlog are always accurate when packet
drops or dequeues are triggered during the peek.

Fixes: 12d0ad3be9 ("net/sched/sch_hfsc.c: handle corner cases where head may change invalidating calculated deadline")
Reported-by: Mingi Cho <mincho@theori.io>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20250518222038.58538-2-xiyou.wangcong@gmail.com
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2025-05-22 11:16:44 +02:00
..
act_api.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-10-25 09:08:22 +02:00
act_bpf.c net: Rename mono_delivery_time to tstamp_type for scalabilty 2024-05-23 14:14:23 -07:00
act_connmark.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_csum.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_ct.c net: convert to nla_get_*_default() 2024-11-11 10:32:06 -08:00
act_ctinfo.c net: convert to nla_get_*_default() 2024-11-11 10:32:06 -08:00
act_gact.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_gate.c net/sched: Switch to use hrtimer_setup() 2025-02-18 10:35:44 +01:00
act_ife.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-22 15:29:26 -08:00
act_mpls.c net: convert to nla_get_*_default() 2024-11-11 10:32:06 -08:00
act_nat.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_pedit.c net: sched: Annotate struct tc_pedit with __counted_by 2024-02-19 10:58:24 +00:00
act_police.c net: convert to nla_get_*_default() 2024-11-11 10:32:06 -08:00
act_sample.c net: sched: act_sample: add action cookie to sample 2024-07-05 17:45:47 -07:00
act_simple.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_skbedit.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_skbmod.c net/sched: act_skbmod: convert comma to semicolon 2024-07-11 17:12:15 -07:00
act_tunnel_key.c net: fix geneve_opt length integer overflow 2025-04-03 15:47:35 -07:00
act_vlan.c tc: adjust network header after 2nd vlan push 2024-08-27 11:37:42 +02:00
cls_api.c tc: Ensure we have enough buffer space when sending filter netlink notifications 2025-04-08 13:57:49 +02:00
cls_basic.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_bpf.c net: sched: refine software bypass handling in tc_run 2025-01-20 09:21:27 +00:00
cls_cgroup.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_flow.c net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute 2025-01-04 08:49:36 -08:00
cls_flower.c net: fix geneve_opt length integer overflow 2025-04-03 15:47:35 -07:00
cls_fw.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_matchall.c net: sched: refine software bypass handling in tc_run 2025-01-20 09:21:27 +00:00
cls_route.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_u32.c net: sched: refine software bypass handling in tc_run 2025-01-20 09:21:27 +00:00
em_canid.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
em_cmp.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
em_ipset.c
em_ipt.c
em_meta.c net: dismiss sk_forward_alloc_get() 2025-02-19 19:05:28 -08:00
em_nbyte.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
em_text.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
em_u32.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
ematch.c net_sched: reject TCF_EM_SIMPLE case for complex ematch module 2022-12-19 09:43:18 +00:00
Kconfig lib/crc: remove CONFIG_LIBCRC32C 2025-04-04 11:31:42 -07:00
Makefile net/sched: Retire ipt action 2024-01-02 12:41:16 +00:00
sch_api.c net: move replay logic to tc_modify_qdisc 2025-03-27 10:18:48 -07:00
sch_blackhole.c
sch_cake.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-01-09 16:11:47 -08:00
sch_cbs.c net/sched: cbs: Fix integer overflow in cbs_set_port_rate() 2024-10-15 18:25:47 -07:00
sch_choke.c net: sched: fix ordering of qlen adjustment 2024-12-04 12:54:22 +00:00
sch_codel.c net_sched: Flush gso_skb list too during ->change() 2025-05-09 12:34:38 +01:00
sch_drr.c net_sched: drr: Fix double list add in class with netem as child qdisc 2025-04-28 15:55:06 -07:00
sch_etf.c net_sched: sch_tfs: implement lockless etf_dump() 2024-04-19 11:34:07 +01:00
sch_ets.c net_sched: ets: Fix double list add in class with netem as child qdisc 2025-04-28 15:55:06 -07:00
sch_fifo.c pfifo_tail_enqueue: Drop new packet when sch->limit == 0 2025-02-05 18:13:58 -08:00
sch_fq_codel.c net_sched: Flush gso_skb list too during ->change() 2025-05-09 12:34:38 +01:00
sch_fq_pie.c net_sched: Flush gso_skb list too during ->change() 2025-05-09 12:34:38 +01:00
sch_fq.c net_sched: Flush gso_skb list too during ->change() 2025-05-09 12:34:38 +01:00
sch_frag.c net: dst: remove unnecessary input parameter in dst_alloc and dst_init 2023-09-12 11:42:25 +02:00
sch_generic.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
sch_gred.c sched: address a potential NULL pointer dereference in the GRED scheduler. 2025-03-06 16:35:14 -08:00
sch_hfsc.c sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() 2025-05-22 11:16:44 +02:00
sch_hhf.c net_sched: Flush gso_skb list too during ->change() 2025-05-09 12:34:38 +01:00
sch_htb.c sch_htb: make htb_deactivate() idempotent 2025-05-05 13:51:32 -07:00
sch_ingress.c bpf: Fix too early release of tcx_entry 2024-07-08 14:07:31 -07:00
sch_mq.c net: sched: add rcu annotations around qdisc->qdisc_sleeping 2023-06-07 10:25:39 +01:00
sch_mqprio_lib.c net: sched: Fill in missing MODULE_DESCRIPTION for qdiscs 2023-11-01 21:49:09 -07:00
sch_mqprio_lib.h net/sched: mqprio: allow per-TC user input of FP adminStatus 2023-04-13 22:22:10 -07:00
sch_mqprio.c netlink: introduce type-checking attribute iteration 2024-03-29 15:06:02 -07:00
sch_multiq.c net: sched: sch_multiq: fix possible OOB write in multiq_tune() 2024-06-05 10:50:19 +01:00
sch_netem.c netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() 2025-02-05 18:14:46 -08:00
sch_pie.c net_sched: Flush gso_skb list too during ->change() 2025-05-09 12:34:38 +01:00
sch_plug.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_prio.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_qfq.c net_sched: qfq: Fix double list add in class with netem as child qdisc 2025-04-28 15:55:07 -07:00
sch_red.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
sch_sfb.c net/sched: Add drop reasons for AQM-based qdiscs 2024-12-17 13:27:29 +01:00
sch_sfq.c Including fixes from netfilter. 2025-04-10 08:52:18 -07:00
sch_skbprio.c net_sched: skbprio: Remove overly strict queue assertions 2025-04-02 16:03:32 -07:00
sch_taprio.c net/sched: Switch to use hrtimer_setup() 2025-02-18 10:35:44 +01:00
sch_tbf.c net/sched: tbf: correct backlog statistic for GSO packets 2024-11-30 13:02:43 -08:00
sch_teql.c net: annotate writes on dev->mtu from ndo_change_mtu() 2024-05-07 16:19:14 -07:00