Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-09-21 11:53:01 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net/sched
History
WANG Cong 09982800fd net_sched: invoke ->attach() after setting dev->qdisc 
[ Upstream commit 86e363dc3b50bfd50a1f315934583fbda673ab8d ]

For mq qdisc, we add per tx queue qdisc to root qdisc
for display purpose, however, that happens too early,
before the new dev->qdisc is finally set, this causes
q->list points to an old root qdisc which is going to be
freed right before assigning with a new one.

Fix this by moving ->attach() after setting dev->qdisc.

For the record, this fixes the following crash:

 ------------[ cut here ]------------
 WARNING: CPU: 1 PID: 975 at lib/list_debug.c:59 __list_del_entry+0x5a/0x98()
 list_del corruption. prev->next should be ffff8800d1998ae8, but was 6b6b6b6b6b6b6b6b
 CPU: 1 PID: 975 Comm: tc Not tainted 4.1.0-rc4+ #1019
 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
  0000000000000009 ffff8800d73fb928 ffffffff81a44e7f 0000000047574756
  ffff8800d73fb978 ffff8800d73fb968 ffffffff810790da ffff8800cfc4cd20
  ffffffff814e725b ffff8800d1998ae8 ffffffff82381250 0000000000000000
 Call Trace:
  [<ffffffff81a44e7f>] dump_stack+0x4c/0x65
  [<ffffffff810790da>] warn_slowpath_common+0x9c/0xb6
  [<ffffffff814e725b>] ? __list_del_entry+0x5a/0x98
  [<ffffffff81079162>] warn_slowpath_fmt+0x46/0x48
  [<ffffffff81820eb0>] ? dev_graft_qdisc+0x5e/0x6a
  [<ffffffff814e725b>] __list_del_entry+0x5a/0x98
  [<ffffffff814e72a7>] list_del+0xe/0x2d
  [<ffffffff81822f05>] qdisc_list_del+0x1e/0x20
  [<ffffffff81820cd1>] qdisc_destroy+0x30/0xd6
  [<ffffffff81822676>] qdisc_graft+0x11d/0x243
  [<ffffffff818233c1>] tc_get_qdisc+0x1a6/0x1d4
  [<ffffffff810b5eaf>] ? mark_lock+0x2e/0x226
  [<ffffffff817ff8f5>] rtnetlink_rcv_msg+0x181/0x194
  [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
  [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
  [<ffffffff817ff774>] ? __rtnl_unlock+0x17/0x17
  [<ffffffff81855dc6>] netlink_rcv_skb+0x4d/0x93
  [<ffffffff817ff756>] rtnetlink_rcv+0x26/0x2d
  [<ffffffff818544b2>] netlink_unicast+0xcb/0x150
  [<ffffffff81161db9>] ? might_fault+0x59/0xa9
  [<ffffffff81854f78>] netlink_sendmsg+0x4fa/0x51c
  [<ffffffff817d6e09>] sock_sendmsg_nosec+0x12/0x1d
  [<ffffffff817d8967>] sock_sendmsg+0x29/0x2e
  [<ffffffff817d8cf3>] ___sys_sendmsg+0x1b4/0x23a
  [<ffffffff8100a1b8>] ? native_sched_clock+0x35/0x37
  [<ffffffff810a1d83>] ? sched_clock_local+0x12/0x72
  [<ffffffff810a1fd4>] ? sched_clock_cpu+0x9e/0xb7
  [<ffffffff810def2a>] ? current_kernel_time+0xe/0x32
  [<ffffffff810b4bc5>] ? lock_release_holdtime.part.29+0x71/0x7f
  [<ffffffff810ddebf>] ? read_seqcount_begin.constprop.27+0x5f/0x76
  [<ffffffff810b6292>] ? trace_hardirqs_on_caller+0x17d/0x199
  [<ffffffff811b14d5>] ? __fget_light+0x50/0x78
  [<ffffffff817d9808>] __sys_sendmsg+0x42/0x60
  [<ffffffff817d9838>] SyS_sendmsg+0x12/0x1c
  [<ffffffff81a50e97>] system_call_fastpath+0x12/0x6f
 ---[ end trace ef29d3fb28e97ae7 ]---

For long term, we probably need to clean up the qdisc_graft() code
in case it hides other bugs like this.

Fixes: 95dc19299f74 ("pkt_sched: give visibility to mq slave qdiscs")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-06-22 16:55:51 -07:00
..
act_api.c net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
act_csum.c act_csum: fix possible use after free 2013-04-12 15:25:41 -04:00
act_gact.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
act_ipt.c net_sched: act_ipt forward compat with xtables 2013-05-01 13:19:19 -04:00
act_mirred.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
act_nat.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
act_pedit.c net: Add skb_unclone() helper function. 2013-02-15 15:10:37 -05:00
act_police.c net_sched: restore "overhead xxx" handling 2013-06-02 22:22:35 -07:00
act_simple.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
act_skbedit.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_api.c net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
cls_basic.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_cgroup.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_flow.c netlink: rename ssk to sk in struct netlink_skb_params 2013-04-19 14:57:56 -04:00
cls_fw.c pkt_sched: fix error return code in fw_change_attrs() 2013-04-19 17:34:53 -04:00
cls_route.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_rsvp.c
cls_rsvp.h pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_rsvp6.c
cls_tcindex.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
cls_u32.c pkt_sched: namespace aware act_mirred 2013-01-14 15:09:36 -05:00
em_canid.c net: em_canid: Ematch rule to match CAN frames according to their identifiers 2012-07-04 13:07:05 +02:00
em_cmp.c
em_ipset.c netfilter: ipset: Introduce extensions to elements in the core 2013-04-29 20:08:54 +02:00
em_meta.c net: use a per task frag allocator 2012-09-24 16:31:37 -04:00
em_nbyte.c
em_text.c
em_u32.c
ematch.c ematch: Fix auto-loading of ematch modules. 2015-03-18 13:22:27 +01:00
Kconfig net: sched: enable CAN Identifier to be build into kernel 2012-11-25 16:06:06 -05:00
Makefile net: sched: add ipset ematch 2012-07-12 07:54:46 -07:00
sch_api.c net_sched: invoke ->attach() after setting dev->qdisc 2015-06-22 16:55:51 -07:00
sch_atm.c net_sched: info leak in atm_tc_dump_class() 2013-08-11 18:35:26 -07:00
sch_blackhole.c
sch_cbq.c net_sched: Fix stack info leak in cbq_dump_wrr(). 2013-08-11 18:35:25 -07:00
sch_choke.c net/sched: rename random32() to prandom_u32() 2013-04-29 18:28:43 -07:00
sch_codel.c fq_codel: should use qdisc backlog as threshold 2012-05-16 15:30:26 -04:00
sch_drr.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
sch_dsmark.c net: sched: factorize code (qdisc_drop()) 2012-05-04 11:50:05 -04:00
sch_fifo.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_fq_codel.c net: fq_codel: Fix off-by-one error 2013-03-29 15:32:23 -04:00
sch_generic.c net_sched: restore "linklayer atm" handling 2013-09-14 06:54:55 -07:00
sch_gred.c net_sched: gred: actually perform idling in WRED mode 2012-09-13 16:10:13 -04:00
sch_hfsc.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
sch_htb.c net_sched: htb: fix a typo in htb_change_class() 2013-10-13 16:08:29 -07:00
sch_ingress.c
sch_mq.c pkt_sched: avoid requeues if possible 2012-12-12 00:16:47 -05:00
sch_mqprio.c pkt_sched: avoid requeues if possible 2012-12-12 00:16:47 -05:00
sch_multiq.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_netem.c netem: fix delay calculation in rate extension 2013-01-29 15:43:02 -05:00
sch_plug.c
sch_prio.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_qfq.c pkt_sched: sch_qfq: remove a source of high packet delay/jitter 2013-07-28 16:30:04 -07:00
sch_red.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_sfb.c sch_sfb: Fix missing NULL check 2012-07-12 08:33:18 -07:00
sch_sfq.c pkt_sched: Stop using NLA_PUT*(). 2012-04-01 18:11:37 -04:00
sch_tbf.c net_sched: restore "overhead xxx" handling 2013-06-02 22:22:35 -07:00
sch_teql.c sch_teql: Convert over to dev_neigh_lookup_skb(). 2012-07-05 01:09:06 -07:00