Skip to main content

Browse the archive

https://github.com/torvalds/linux
23 October 2021, 00:29:24 UTC
Revision 944d671d5faa0d78980a3da5c0f04960ef1ad893 authored by Yunjian Wang on 04 June 2021, 11:03:18 UTC, committed by David S. Miller on 04 June 2021, 21:44:18 UTC 
sch_htb: fix refcount leak in htb_parent_to_leaf_offload
 
The commit ae81feb7338c ("sch_htb: fix null pointer dereference
on a null new_q") fixes a NULL pointer dereference bug, but it
is not correct.

Because htb_graft_helper properly handles the case when new_q
is NULL, and after the previous patch by skipping this call
which creates an inconsistency : dev_queue->qdisc will still
point to the old qdisc, but cl->parent->leaf.q will point to
the new one (which will be noop_qdisc, because new_q was NULL).
The code is based on an assumption that these two pointers are
the same, so it can lead to refcount leaks.

The correct fix is to add a NULL pointer check to protect
qdisc_refcount_inc inside htb_parent_to_leaf_offload.

Fixes: ae81feb7338c ("sch_htb: fix null pointer dereference on a null new_q")
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Suggested-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 26821ec
History
Tip revision: 944d671d5faa0d78980a3da5c0f04960ef1ad893 authored by Yunjian Wang on 04 June 2021, 11:03:18 UTC
sch_htb: fix refcount leak in htb_parent_to_leaf_offload
Tip revision: 944d671
File Mode Size
Documentation
LICENSES
arch
block
certs
crypto
drivers
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.clang-format -rw-r--r-- 16.4 KB
.cocciconfig -rw-r--r-- 59 bytes
.get_maintainer.ignore -rw-r--r-- 71 bytes
.gitattributes -rw-r--r-- 62 bytes
.gitignore -rw-r--r-- 1.9 KB
.mailmap -rw-r--r-- 19.4 KB
COPYING -rw-r--r-- 496 bytes
CREDITS -rw-r--r-- 98.6 KB
Kbuild -rw-r--r-- 1.3 KB
Kconfig -rw-r--r-- 555 bytes
MAINTAINERS -rw-r--r-- 588.2 KB
Makefile -rw-r--r-- 64.2 KB
README -rw-r--r-- 727 bytes

README

back to top