tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

net/sched: sch_taprio: ensure to reset/destroy all child qdiscs

taprio_graft() can insert a NULL element in the array of child qdiscs. As
a consquence, taprio_reset() might not reset child qdiscs completely, and
taprio_destroy() might leak resources. Fix it by ensuring that loops that
iterate over q->qdiscs[] don't end when they find the first NULL item.

Fixes: 44d4775ca518 ("net/sched: sch_taprio: reset child qdiscs before freeing them")
Fixes: 5a781ccbd19e ("tc: Add support for configuring the taprio scheduler")
Suggested-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Link: https://lore.kernel.org/r/13edef6778fef03adc751582562fba4a13e06d6a.1608240532.git.dcaratti@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Davide Caratti and committed by
Jakub Kicinski 698285da b27f0c78

+4 -3
+4 -3
net/sched/sch_taprio.c
··· 1605 1605 1606 1606 hrtimer_cancel(&q->advance_timer); 1607 1607 if (q->qdiscs) { 1608 - for (i = 0; i < dev->num_tx_queues && q->qdiscs[i]; i++) 1609 - qdisc_reset(q->qdiscs[i]); 1608 + for (i = 0; i < dev->num_tx_queues; i++) 1609 + if (q->qdiscs[i]) 1610 + qdisc_reset(q->qdiscs[i]); 1610 1611 } 1611 1612 sch->qstats.backlog = 0; 1612 1613 sch->q.qlen = 0; ··· 1627 1626 taprio_disable_offload(dev, q, NULL); 1628 1627 1629 1628 if (q->qdiscs) { 1630 - for (i = 0; i < dev->num_tx_queues && q->qdiscs[i]; i++) 1629 + for (i = 0; i < dev->num_tx_queues; i++) 1631 1630 qdisc_put(q->qdiscs[i]); 1632 1631 1633 1632 kfree(q->qdiscs);