net-sched: sch_cbq: avoid infinite loop

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Its possible to setup a bad cbq configuration leading to
an infinite loop in cbq_classify()

DEV_OUT=eth0
ICMP="match ip protocol 1 0xff"
U32="protocol ip u32"
DST="match ip dst"
tc qdisc add dev $DEV_OUT root handle 1: cbq avpkt 1000 \
bandwidth 100mbit
tc class add dev $DEV_OUT parent 1: classid 1:1 cbq \
rate 512kbit allot 1500 prio 5 bounded isolated
tc filter add dev $DEV_OUT parent 1: prio 3 $U32 \
$ICMP $DST 192.168.3.234 flowid 1:

Reported-by: Denys Fedoryschenko <denys@visp.net.lb>
Tested-by: Denys Fedoryschenko <denys@visp.net.lb>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Eric Dumazet and committed by

David S. Miller 13 years ago bdfc87f7 b48d6f8b

+3 -2

1 changed file

expand all

net

sched

sch_cbq.c

+3 -2

net/sched/sch_cbq.c

··· 250 250 else if ((cl = defmap[res.classid & TC_PRIO_MAX]) == NULL) 251 251 cl = defmap[TC_PRIO_BESTEFFORT]; 252 252 253 - if (cl == NULL || cl->level >= head->level) 253 + if (cl == NULL) 254 254 goto fallback; 255 255 } 256 - 256 + if (cl->level >= head->level) 257 + goto fallback; 257 258 #ifdef CONFIG_NET_CLS_ACT 258 259 switch (result) { 259 260 case TC_ACT_QUEUED: