| Message ID | 1453780265-29508-1-git-send-email-bernie.harris@alliedtelesis.co.nz |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
On Mon, Jan 25, 2016 at 7:51 PM, Bernie Harris <bernie.harris@alliedtelesis.co.nz> wrote: > There are cases where qdisc_dequeue_peeked can return NULL, and the result > is dereferenced later on in the function. > > Similarly to the other qdisc dequeue functions, check whether the skb > pointer is NULL and if it is, goto out. > > Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz> Looks good to me, just one minor thing: an unlikely() can be used for this case. > --- > net/sched/sch_drr.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/sched/sch_drr.c b/net/sched/sch_drr.c > index f26bdea..8086c3d 100644 > --- a/net/sched/sch_drr.c > +++ b/net/sched/sch_drr.c > @@ -403,6 +403,8 @@ static struct sk_buff *drr_dequeue(struct Qdisc *sch) > if (len <= cl->deficit) { > cl->deficit -= len; > skb = qdisc_dequeue_peeked(cl->qdisc); > + if (skb == NULL) > + goto out; > if (cl->qdisc->q.qlen == 0) > list_del(&cl->alist); > > -- > 2.7.0 >
Thank you. I will add unlikely() and re-submit the patch.
diff --git a/net/sched/sch_drr.c b/net/sched/sch_drr.c index f26bdea..8086c3d 100644 --- a/net/sched/sch_drr.c +++ b/net/sched/sch_drr.c @@ -403,6 +403,8 @@ static struct sk_buff *drr_dequeue(struct Qdisc *sch) if (len <= cl->deficit) { cl->deficit -= len; skb = qdisc_dequeue_peeked(cl->qdisc); + if (skb == NULL) + goto out; if (cl->qdisc->q.qlen == 0) list_del(&cl->alist);
There are cases where qdisc_dequeue_peeked can return NULL, and the result is dereferenced later on in the function. Similarly to the other qdisc dequeue functions, check whether the skb pointer is NULL and if it is, goto out. Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz> --- net/sched/sch_drr.c | 2 ++ 1 file changed, 2 insertions(+)