lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250422175145.1cb0bd98@frodo.int.wylie.me.uk>
Date: Tue, 22 Apr 2025 17:51:45 +0100
From: "Alan J. Wylie" <alan@...ie.me.uk>
To: Holger Hoffstätte <holger@...lied-asynchrony.com>
Cc: Jamal Hadi Salim <jhs@...atatu.com>, regressions@...ts.linux.dev, Cong
 Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>,
 netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Octavian Purdila
 <tavip@...gle.com>, Toke Høiland-Jørgensen
 <toke@...hat.com>, stable@...r.kernel.org
Subject: Re: [REGRESSION] 6.14.3 panic - kernel NULL pointer dereference in
 htb_dequeue

On Mon, 21 Apr 2025 21:09:27 +0100
"Alan J. Wylie" <alan@...ie.me.uk> wrote:

> On Mon, 21 Apr 2025 21:47:44 +0200
> Holger Hoffstätte <holger@...lied-asynchrony.com> wrote:
> 
> > > I'm afraid that didn't help. Same panic.    
> > 
> > Bummer :-(
> > 
> > Might be something else missing then - so for now the only other
> > thing I'd suggest is to revert the removal of the qlen check in
> > fq_codel.  
> 
> Like this?
> 
> $ git diff  sch_fq_codel.c
> diff --git a/net/sched/sch_fq_codel.c b/net/sched/sch_fq_codel.c
> index 6c9029f71e88..4fdf317b82ec 100644
> --- a/net/sched/sch_fq_codel.c
> +++ b/net/sched/sch_fq_codel.c
> @@ -316,7 +316,7 @@ static struct sk_buff *fq_codel_dequeue(struct
> Qdisc *sch) qdisc_bstats_update(sch, skb);
>         flow->deficit -= qdisc_pkt_len(skb);
>  
> -       if (q->cstats.drop_count) {
> +       if (q->cstats.drop_count && sch->q.qlen) {
>                 qdisc_tree_reduce_backlog(sch, q->cstats.drop_count,
>                                           q->cstats.drop_len);
>                 q->cstats.drop_count = 0;
> $ 
> 

It's been about 21 hours and no crash yet. I had an excellent day down
a cave, so there's not been as much Internet traffic as usual, but
there's a good chance the above patch as at least worked around, if not
fixed the issue.

Regards
Alan

-- 
Alan J. Wylie     https://www.wylie.me.uk/     mailto:<alan@...ie.me.uk>

Dance like no-one's watching. / Encrypt like everyone is.
Security is inversely proportional to convenience

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ