lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 Oct 2013 15:06:10 -0700 From: Vijay Subramanian <subramanian.vijay@...il.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH] pkt_sched: fq: clear time_next_packet for reused flows On 24 October 2013 04:01, Eric Dumazet <eric.dumazet@...il.com> wrote: > From: Eric Dumazet <edumazet@...gle.com> > > When a socket is freed/reallocated, we need to clear time_next_packet > or else we can inherit a prior value and delay first packets of the > new flow. > > Signed-off-by: Eric Dumazet <edumazet@...gle.com> Eric, By the way, it looks like fq_flow_set_throttled() uses f->time_next_packet in an incorrect way. It is used as key to insert the flow into the delayed rb-tree but does not seem to check for duplicates. This could lead to rb tree corruption. I assume it is possible for different flows to have same f->time_next_packet. Do we at least we need a BUG_ON(f->time_next_packet == aux->time_next_packet) here? Code in fq_flow_set_throttled(): while (*p) { struct fq_flow *aux; parent = *p; aux = container_of(parent, struct fq_flow, rate_node); if (f->time_next_packet >= aux->time_next_packet) p = &parent->rb_right; else p = &parent->rb_left; } rb_link_node(&f->rate_node, parent, p); rb_insert_color(&f->rate_node, &q->delayed); Thanks! -vijay -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists