lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Sep 2019 19:57:19 +0000 From: Vlad Buslov <vladbu@...lanox.com> To: Cong Wang <xiyou.wangcong@...il.com> CC: Vlad Buslov <vladbu@...lanox.com>, syzbot <syzbot+ac54455281db908c581e@...kaller.appspotmail.com>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, David Miller <davem@...emloft.net>, David Ahern <dsahern@...il.com>, Florian Fainelli <f.fainelli@...il.com>, "hawk@...nel.org" <hawk@...nel.org>, Ido Schimmel <idosch@...lanox.com>, Jakub Kicinski <jakub.kicinski@...ronome.com>, Jamal Hadi Salim <jhs@...atatu.com>, Jiri Pirko <jiri@...lanox.com>, Jiri Pirko <jiri@...nulli.us>, John Fastabend <john.fastabend@...il.com>, Martin KaFai Lau <kafai@...com>, LKML <linux-kernel@...r.kernel.org>, Linux Kernel Network Developers <netdev@...r.kernel.org>, Nikolay Aleksandrov <nikolay@...ulusnetworks.com>, Petr Machata <petrm@...lanox.com>, Roopa Prabhu <roopa@...ulusnetworks.com>, Song Liu <songliubraving@...com>, syzkaller-bugs <syzkaller-bugs@...glegroups.com>, "xdp-newbies@...r.kernel.org" <xdp-newbies@...r.kernel.org>, "yhs@...com" <yhs@...com> Subject: Re: BUG: sleeping function called from invalid context in tcf_chain0_head_change_cb_del On Tue 17 Sep 2019 at 20:03, Cong Wang <xiyou.wangcong@...il.com> wrote: > On Tue, Sep 17, 2019 at 1:27 AM Vlad Buslov <vladbu@...lanox.com> wrote: >> Hi Cong, >> >> Don't see why we would need qdisc tree lock while releasing the >> reference to (or destroying) previous Qdisc. I've skimmed through other >> scheds and it looks like sch_multiq, sch_htb and sch_tbf are also >> affected. Do you want me to send patches? > > Yes, please do. It looks like tbf is not affected by the bug after all. Relevant part of code from tbf_change(): if (q->qdisc != &noop_qdisc) { err = fifo_set_limit(q->qdisc, qopt->limit); if (err) goto done; } else if (qopt->limit > 0) { child = fifo_create_dflt(sch, &bfifo_qdisc_ops, qopt->limit, extack); if (IS_ERR(child)) { err = PTR_ERR(child); goto done; } /* child is fifo, no need to check for noop_qdisc */ qdisc_hash_add(child, true); } sch_tree_lock(sch); if (child) { qdisc_tree_flush_backlog(q->qdisc); qdisc_put(q->qdisc); q->qdisc = child; } It seems that qdisc_put() is redundant here because it is only called q->qdisc == &noop_qdisc, which is a noop.
Powered by blists - more mailing lists