Skip to content

Commit 02b71dc

Browse files
committed
Merge branch 'net_sched-two-security-bug-fixes-and-test-cases'
Cong Wang says: ==================== net_sched: two security bug fixes and test cases This patchset contains two bug fixes reported in security mailing list, and test cases for both of them. ==================== Link: https://patch.msgid.link/20250204005841.223511-1-xiyou.wangcong@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 parents 5368a67 + 91aadc1 commit 02b71dc

File tree

4 files changed

+60
-2
lines changed

4 files changed

+60
-2
lines changed

net/sched/sch_fifo.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,9 @@ static int pfifo_tail_enqueue(struct sk_buff *skb, struct Qdisc *sch,
4040
{
4141
unsigned int prev_backlog;
4242

43+
if (unlikely(READ_ONCE(sch->limit) == 0))
44+
return qdisc_drop(skb, sch, to_free);
45+
4346
if (likely(sch->q.qlen < READ_ONCE(sch->limit)))
4447
return qdisc_enqueue_tail(skb, sch);
4548

net/sched/sch_netem.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -749,9 +749,9 @@ static struct sk_buff *netem_dequeue(struct Qdisc *sch)
749749
if (err != NET_XMIT_SUCCESS) {
750750
if (net_xmit_drop_count(err))
751751
qdisc_qstats_drop(sch);
752-
qdisc_tree_reduce_backlog(sch, 1, pkt_len);
753752
sch->qstats.backlog -= pkt_len;
754753
sch->q.qlen--;
754+
qdisc_tree_reduce_backlog(sch, 1, pkt_len);
755755
}
756756
goto tfifo_dequeue;
757757
}

tools/testing/selftests/tc-testing/tc-tests/infra/qdiscs.json

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,5 +94,37 @@
9494
"$TC qdisc del dev $DUMMY ingress",
9595
"$IP addr del 10.10.10.10/24 dev $DUMMY"
9696
]
97-
}
97+
},
98+
{
99+
"id": "a4b9",
100+
"name": "Test class qlen notification",
101+
"category": [
102+
"qdisc"
103+
],
104+
"plugins": {
105+
"requires": "nsPlugin"
106+
},
107+
"setup": [
108+
"$IP link set dev $DUMMY up || true",
109+
"$IP addr add 10.10.10.10/24 dev $DUMMY || true",
110+
"$TC qdisc add dev $DUMMY root handle 1: drr",
111+
"$TC filter add dev $DUMMY parent 1: basic classid 1:1",
112+
"$TC class add dev $DUMMY parent 1: classid 1:1 drr",
113+
"$TC qdisc add dev $DUMMY parent 1:1 handle 2: netem",
114+
"$TC qdisc add dev $DUMMY parent 2: handle 3: drr",
115+
"$TC filter add dev $DUMMY parent 3: basic action drop",
116+
"$TC class add dev $DUMMY parent 3: classid 3:1 drr",
117+
"$TC class del dev $DUMMY classid 1:1",
118+
"$TC class add dev $DUMMY parent 1: classid 1:1 drr"
119+
],
120+
"cmdUnderTest": "ping -c1 -W0.01 -I $DUMMY 10.10.10.1",
121+
"expExitCode": "1",
122+
"verifyCmd": "$TC qdisc ls dev $DUMMY",
123+
"matchPattern": "drr 1: root",
124+
"matchCount": "1",
125+
"teardown": [
126+
"$TC qdisc del dev $DUMMY root handle 1: drr",
127+
"$IP addr del 10.10.10.10/24 dev $DUMMY"
128+
]
129+
}
98130
]

tools/testing/selftests/tc-testing/tc-tests/qdiscs/fifo.json

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -313,6 +313,29 @@
313313
"matchPattern": "qdisc bfifo 1: root",
314314
"matchCount": "0",
315315
"teardown": [
316+
]
317+
},
318+
{
319+
"id": "d774",
320+
"name": "Check pfifo_head_drop qdisc enqueue behaviour when limit == 0",
321+
"category": [
322+
"qdisc",
323+
"pfifo_head_drop"
324+
],
325+
"plugins": {
326+
"requires": "nsPlugin"
327+
},
328+
"setup": [
329+
"$IP addr add 10.10.10.10/24 dev $DUMMY || true",
330+
"$TC qdisc add dev $DUMMY root handle 1: pfifo_head_drop limit 0",
331+
"$IP link set dev $DUMMY up || true"
332+
],
333+
"cmdUnderTest": "ping -c2 -W0.01 -I $DUMMY 10.10.10.1",
334+
"expExitCode": "1",
335+
"verifyCmd": "$TC -s qdisc show dev $DUMMY",
336+
"matchPattern": "dropped 2",
337+
"matchCount": "1",
338+
"teardown": [
316339
]
317340
}
318341
]

0 commit comments

Comments
 (0)