davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
34b99df4e6
kernel-ark/net/sched
History
WANG Cong 86e363dc3b net_sched: invoke ->attach() after setting dev->qdisc 
For mq qdisc, we add per tx queue qdisc to root qdisc
for display purpose, however, that happens too early,
before the new dev->qdisc is finally set, this causes
q->list points to an old root qdisc which is going to be
freed right before assigning with a new one.

Fix this by moving ->attach() after setting dev->qdisc.

For the record, this fixes the following crash:

 ------------[ cut here ]------------
 WARNING: CPU: 1 PID: 975 at lib/list_debug.c:59 __list_del_entry+0x5a/0x98()
 list_del corruption. prev->next should be ffff8800d1998ae8, but was 6b6b6b6b6b6b6b6b
 CPU: 1 PID: 975 Comm: tc Not tainted 4.1.0-rc4+ #1019
 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
  0000000000000009 ffff8800d73fb928 ffffffff81a44e7f 0000000047574756
  ffff8800d73fb978 ffff8800d73fb968 ffffffff810790da ffff8800cfc4cd20
  ffffffff814e725b ffff8800d1998ae8 ffffffff82381250 0000000000000000
 Call Trace:
  [<ffffffff81a44e7f>] dump_stack+0x4c/0x65
  [<ffffffff810790da>] warn_slowpath_common+0x9c/0xb6
  [<ffffffff814e725b>] ? __list_del_entry+0x5a/0x98
  [<ffffffff81079162>] warn_slowpath_fmt+0x46/0x48
  [<ffffffff81820eb0>] ? dev_graft_qdisc+0x5e/0x6a
  [<ffffffff814e725b>] __list_del_entry+0x5a/0x98
  [<ffffffff814e72a7>] list_del+0xe/0x2d
  [<ffffffff81822f05>] qdisc_list_del+0x1e/0x20
  [<ffffffff81820cd1>] qdisc_destroy+0x30/0xd6
  [<ffffffff81822676>] qdisc_graft+0x11d/0x243
  [<ffffffff818233c1>] tc_get_qdisc+0x1a6/0x1d4
  [<ffffffff810b5eaf>] ? mark_lock+0x2e/0x226
  [<ffffffff817ff8f5>] rtnetlink_rcv_msg+0x181/0x194
  [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
  [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
  [<ffffffff817ff774>] ? __rtnl_unlock+0x17/0x17
  [<ffffffff81855dc6>] netlink_rcv_skb+0x4d/0x93
  [<ffffffff817ff756>] rtnetlink_rcv+0x26/0x2d
  [<ffffffff818544b2>] netlink_unicast+0xcb/0x150
  [<ffffffff81161db9>] ? might_fault+0x59/0xa9
  [<ffffffff81854f78>] netlink_sendmsg+0x4fa/0x51c
  [<ffffffff817d6e09>] sock_sendmsg_nosec+0x12/0x1d
  [<ffffffff817d8967>] sock_sendmsg+0x29/0x2e
  [<ffffffff817d8cf3>] ___sys_sendmsg+0x1b4/0x23a
  [<ffffffff8100a1b8>] ? native_sched_clock+0x35/0x37
  [<ffffffff810a1d83>] ? sched_clock_local+0x12/0x72
  [<ffffffff810a1fd4>] ? sched_clock_cpu+0x9e/0xb7
  [<ffffffff810def2a>] ? current_kernel_time+0xe/0x32
  [<ffffffff810b4bc5>] ? lock_release_holdtime.part.29+0x71/0x7f
  [<ffffffff810ddebf>] ? read_seqcount_begin.constprop.27+0x5f/0x76
  [<ffffffff810b6292>] ? trace_hardirqs_on_caller+0x17d/0x199
  [<ffffffff811b14d5>] ? __fget_light+0x50/0x78
  [<ffffffff817d9808>] __sys_sendmsg+0x42/0x60
  [<ffffffff817d9838>] SyS_sendmsg+0x12/0x1c
  [<ffffffff81a50e97>] system_call_fastpath+0x12/0x6f
 ---[ end trace ef29d3fb28e97ae7 ]---

For long term, we probably need to clean up the qdisc_graft() code
in case it hides other bugs like this.

Fixes: 95dc19299f ("pkt_sched: give visibility to mq slave qdiscs")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-27 14:09:55 -04:00
..
act_api.c
act_bpf.c bpf: fix bpf helpers to use skb->mac_header relative offsets 2015-04-16 14:08:49 -04:00
act_connmark.c net: sched: act_connmark: don't zap skb->nfct 2015-04-29 14:56:40 -04:00
act_csum.c
act_gact.c
act_ipt.c
act_mirred.c act_mirred: Fix bogus header when redirecting from VLAN 2015-04-17 13:29:28 -04:00
act_nat.c
act_pedit.c
act_police.c
act_simple.c
act_skbedit.c
act_vlan.c
cls_api.c net: sched: fix call_rcu() race on classifier module unloads 2015-05-21 18:48:18 -04:00
cls_basic.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_bpf.c bpf: fix bpf helpers to use skb->mac_header relative offsets 2015-04-16 14:08:49 -04:00
cls_cgroup.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_flow.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_fw.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_route.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_rsvp6.c
cls_rsvp.c
cls_rsvp.h net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_tcindex.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_u32.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
em_canid.c
em_cmp.c
em_ipset.c
em_meta.c
em_nbyte.c
em_text.c net: Remove state argument from skb_find_text() 2015-02-22 15:59:54 -05:00
em_u32.c
ematch.c ematch: Fix auto-loading of ematch modules. 2015-02-20 15:30:56 -05:00
Kconfig Merge branch 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2015-02-19 10:36:45 -08:00
Makefile net: sched: Introduce connmark action 2015-01-19 16:02:06 -05:00
sch_api.c net_sched: invoke ->attach() after setting dev->qdisc 2015-05-27 14:09:55 -04:00
sch_atm.c
sch_blackhole.c
sch_cbq.c
sch_choke.c
sch_codel.c codel: fix maxpacket/mtu confusion 2015-05-03 22:17:40 -04:00
sch_drr.c
sch_dsmark.c
sch_fifo.c
sch_fq_codel.c codel: fix maxpacket/mtu confusion 2015-05-03 22:17:40 -04:00
sch_fq.c pkt_sched: fq: correct spelling of locally 2015-04-01 22:52:29 -04:00
sch_generic.c
sch_gred.c net_sched: gred: use correct backlog value in WRED mode 2015-05-11 13:26:26 -04:00
sch_hfsc.c
sch_hhf.c
sch_htb.c
sch_ingress.c net: use jump label patching for ingress qdisc in __netif_receive_skb_core 2015-04-13 13:34:40 -04:00
sch_mq.c
sch_mqprio.c
sch_multiq.c
sch_netem.c netem: Fixes byte backlog accounting for the first of two chained netem instances 2015-04-07 18:34:24 -04:00
sch_pie.c
sch_plug.c
sch_prio.c
sch_qfq.c
sch_red.c
sch_sfb.c
sch_sfq.c
sch_tbf.c
sch_teql.c