linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-16 11:21:26 -04:00

Files

Davide Caratti f8e64e956a net/sched: dualpi2: initialize timer earlier in dualpi2_init()

'pi2_timer' needs to be initialized in all error paths of dualpi2_init():
otherwise, a failure in qdisc_create_dflt() causes the following crash in
dualpi2_destroy():

  # tc qdisc add dev crash0 handle 1: root dualpi2
  BUG: kernel NULL pointer dereference, address: 0000000000000010
  #PF: supervisor read access in kernel mode
  #PF: error_code(0x0000) - not-present page
  PGD 0 P4D 0
  Oops: Oops: 0000 [#1] SMP PTI
  CPU: 4 UID: 0 PID: 471 Comm: tc Tainted: G            E       7.1.0-rc1-virtme #2 PREEMPT(full)
  Tainted: [E]=UNSIGNED_MODULE
  Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
  RIP: 0010:hrtimer_active+0x39/0x60
  Code: f9 eb 23 0f b6 41 38 3c 01 0f 87 87 64 c0 ff 83 e0 01 75 33 48 39 4a 50 74 28 44 3b 42 10 75 06 48 3b 51 30 74 21 48 8b 51 30 <44> 8b 42 10 41 f6 c0 01 74 cf f3 90 44 8b 42 10 41 f6 c0 01 74 c3
  RSP: 0018:ffffd0db80b93620 EFLAGS: 00010282
  RAX: ffffffffc0400320 RBX: ffff8cf24a4c86b8 RCX: ffff8cf24a4c86b8
  RDX: 0000000000000000 RSI: ffff8cf2429c2ab0 RDI: ffff8cf24a4c86b8
  RBP: 00000000fffffff4 R08: 0000000000000003 R09: 0000000000000000
  R10: 0000000000000001 R11: ffff8cf24a39c500 R12: ffff8cf24822c000
  R13: ffffd0db80b936c0 R14: ffffffffc02cf360 R15: 00000000ffffffff
  FS:  00007fbc01706580(0000) GS:ffff8cf2dc759000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000010 CR3: 0000000008e02003 CR4: 0000000000172ef0
  Call Trace:
   <TASK>
   hrtimer_cancel+0x15/0x40
   dualpi2_destroy+0x20/0x40 [sch_dualpi2]
   qdisc_create+0x230/0x570
   tc_modify_qdisc+0x716/0xc10
   rtnetlink_rcv_msg+0x188/0x780
   netlink_rcv_skb+0xcd/0x150
   netlink_unicast+0x1ba/0x290
   netlink_sendmsg+0x242/0x4d0
   ____sys_sendmsg+0x39e/0x3e0
   ___sys_sendmsg+0xe1/0x130
   __sys_sendmsg+0xad/0x110
   do_syscall_64+0x14f/0xf80
   entry_SYSCALL_64_after_hwframe+0x77/0x7f
  RIP: 0033:0x7fbc0188b08e
  Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
  RSP: 002b:00007fff593260e0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
  RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbc0188b08e
  RDX: 0000000000000000 RSI: 00007fff59326190 RDI: 0000000000000003
  RBP: 00007fff593260f0 R08: 0000000000000000 R09: 0000000000000000
  R10: 0000000000000000 R11: 0000000000000202 R12: 000055f06124f260
  R13: 0000000069fca043 R14: 000055f061255640 R15: 000055f06124d3f8
   </TASK>
  Modules linked in: sch_dualpi2(E)
  CR2: 0000000000000010

[1] https://lore.kernel.org/netdev/2e78e01c504c633ebdff18d041833cf2e079a3a4.1607020450.git.dcaratti@redhat.com/
[2] https://lore.kernel.org/netdev/20200725201707.16909-1-xiyou.wangcong@gmail.com/

v2:
 - rebased on top of latest net.git

Fixes: 320d031ad6 ("sched: Struct definition and parsing of dualpi2 qdisc")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/1faca91179702b31da5d87653e1e036543e32722.1778259798.git.dcaratti@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

2026-05-11 18:03:16 -07:00

act_api.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

act_bpf.c

bpf: Add bpf_prog_run_data_pointers()

2025-11-14 08:56:49 -08:00

act_connmark.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

act_csum.c

net: sched: act_csum: validate nested VLAN headers

2026-04-03 14:34:56 -07:00

act_ct.c

net/sched: act_ct: Only release RCU read lock after ct_ft

2026-04-12 09:26:15 -07:00

act_ctinfo.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

act_gact.c

net/sched: Add module aliases for cls_,sch_,act_ modules

2024-02-02 10:57:55 -08:00

act_gate.c

net/sched: act_gate: snapshot parameters with RCU on replace

2026-02-27 16:10:36 -08:00

act_ife.c

net/sched: act_ife: Fix metalist update behavior

2026-03-05 07:54:08 -08:00

act_meta_mark.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

act_meta_skbprio.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

act_meta_skbtcindex.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

act_mirred.c

net/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir

2026-04-16 11:16:32 +02:00

act_mpls.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

act_nat.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

act_pedit.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

act_police.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

act_sample.c

net: sched: act_sample: add action cookie to sample

2024-07-05 17:45:47 -07:00

act_simple.c

net/sched: Remove redundant memset(0) call in reset_policy()

2025-08-12 17:13:29 -07:00

act_skbedit.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

act_skbmod.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

act_tunnel_key.c

net_sched: add back BH safety to tcf_lock

2025-09-02 15:51:45 -07:00

act_vlan.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

bpf_qdisc.c

bpf: net_sched: Use the correct destructor kfunc type

2026-01-12 18:53:57 -08:00

cls_api.c

net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak

2026-03-30 17:56:40 -07:00

cls_basic.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

cls_bpf.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

cls_cgroup.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

cls_flow.c

net/sched: cls_flow: fix NULL pointer dereference on shared blocks

2026-04-02 15:08:42 +02:00

cls_flower.c

net/sched: cls_flower: revert unintended changes

2026-04-30 13:47:01 +02:00

cls_fw.c

net/sched: cls_fw: fix NULL dereference of "old" filters before change()

2026-04-12 08:49:13 -07:00

cls_matchall.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

cls_route.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

cls_u32.c

net: sched: cls_u32: Avoid memcpy() false-positive warning in u32_init_knode()

2026-03-10 19:39:35 -07:00

em_canid.c

net/sched: em_canid: fix uninit-value in em_canid_match

2025-11-26 16:28:10 +01:00

em_cmp.c

net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr()

2025-11-24 18:53:14 -08:00

em_ipset.c

sched: consistently handle layer3 header accesses in the presence of VLANs

2020-07-03 14:34:53 -07:00

em_ipt.c

sched: consistently handle layer3 header accesses in the presence of VLANs

2020-07-03 14:34:53 -07:00

em_meta.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

em_nbyte.c

net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr()

2025-11-24 18:53:14 -08:00

em_text.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

em_u32.c

net: fill in MODULE_DESCRIPTION()s for net/sched

2024-02-09 14:12:02 -08:00

ematch.c

net_sched: reject TCF_EM_SIMPLE case for complex ematch module

2022-12-19 09:43:18 +00:00

Kconfig

sched: Add enqueue/dequeue of dualpi2 qdisc

2025-07-23 17:52:07 -07:00

Makefile

sched: Add enqueue/dequeue of dualpi2 qdisc

2025-07-23 17:52:07 -07:00

sch_api.c

net/sched: refine indirect call mitigation in tc_wrapper.h

2026-03-09 19:31:41 -07:00

sch_blackhole.c

Revert "net: sched: Pass root lock to Qdisc_ops.enqueue"

2020-07-16 16:48:34 -07:00

sch_cake.c

net/sched: sch_cake: annotate data-races in cake_dump_class_stats (II)

2026-05-02 16:59:09 -07:00

sch_cbs.c

net/sched: cbs: Fix integer overflow in cbs_set_port_rate()

2024-10-15 18:25:47 -07:00

sch_choke.c

net/sched: sch_choke: annotate data-races in choke_dump_stats()

2026-04-27 17:41:08 -07:00

sch_codel.c

codel: annotate data-races in codel_dump_stats()

2026-04-08 19:18:52 -07:00

sch_drr.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

sch_dualpi2.c

net/sched: dualpi2: initialize timer earlier in dualpi2_init()

2026-05-11 18:03:16 -07:00

sch_etf.c

net_sched: sch_tfs: implement lockless etf_dump()

2024-04-19 11:34:07 +01:00

sch_ets.c

net/sched: ets: fix divide by zero in the offload path

2026-02-26 18:28:47 -08:00

sch_fifo.c

pfifo_tail_enqueue: Drop new packet when sch->limit == 0

2025-02-05 18:13:58 -08:00

sch_fq_codel.c

net/sched: sch_fq_codel: annotate data-races from fq_codel_dump_class_stats()

2026-05-05 18:01:28 -07:00

sch_fq_pie.c

net/sched: sch_fq_pie: annotate data-races in fq_pie_dump_stats()

2026-04-27 17:41:52 -07:00

sch_fq.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-03-05 12:11:05 -08:00

sch_frag.c

net: convert remaining ipv6_stub users to direct function calls

2026-03-29 11:21:23 -07:00

sch_generic.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2026-03-19 14:16:00 -07:00

sch_gred.c

net: sched: introduce qdisc-specific drop reason tracing

2026-02-28 15:31:34 -08:00

sch_hfsc.c

net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()

2026-03-27 20:41:11 -07:00

sch_hhf.c

net_sched: sch_hhf: annotate data-races in hhf_dump_stats()

2026-04-22 21:12:40 -07:00

sch_htb.c

net/sched: do not reset queues in graft operations

2026-03-09 18:55:55 -07:00

sch_ingress.c

clsact: Fix use-after-free in init/destroy rollback asymmetry

2026-03-17 12:09:16 +01:00

sch_mq.c

net/sched: do not reset queues in graft operations

2026-03-09 18:55:55 -07:00

sch_mqprio_lib.c

net: sched: Fill in missing MODULE_DESCRIPTION for qdiscs

2023-11-01 21:49:09 -07:00

sch_mqprio_lib.h

net/sched: mqprio: allow per-TC user input of FP adminStatus

2023-04-13 22:22:10 -07:00

sch_mqprio.c

net/sched: do not reset queues in graft operations

2026-03-09 18:55:55 -07:00

sch_multiq.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

sch_netem.c

net/sched: netem: check for negative latency and jitter

2026-04-27 17:30:28 -07:00

sch_pie.c

net/sched: sch_pie: annotate more data-races in pie_dump_stats()

2026-05-01 17:54:57 -07:00

sch_plug.c

net/sched: Add module aliases for cls_,sch_,act_ modules

2024-02-02 10:57:55 -08:00

sch_prio.c

net_sched: prio: fix a race in prio_tune()

2025-06-12 08:05:49 -07:00

sch_qfq.c

Convert 'alloc_obj' family to use the new default GFP_KERNEL argument

2026-02-21 17:09:51 -08:00

sch_red.c

net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked

2026-05-02 10:20:55 -07:00

sch_sfb.c

net/sched: sch_sfb: Replace direct dequeue call with peek and qdisc_dequeue_peeked

2026-05-02 10:20:56 -07:00

sch_sfq.c

net/sched: sch_sfq: annotate data-races from sfq_dump_class_stats()

2026-05-06 17:46:05 -07:00

sch_skbprio.c

net_sched: skbprio: Remove overly strict queue assertions

2025-04-02 16:03:32 -07:00

sch_taprio.c

net/sched: taprio: fix NULL pointer dereference in class dump

2026-04-27 18:41:36 -07:00

sch_tbf.c

net_sched: use qdisc_skb_cb(skb)->pkt_segs in bstats_update()

2025-11-25 16:10:32 +01:00

sch_teql.c

net/sched: teql: Fix double-free in teql_master_xmit

2026-03-16 19:40:32 -07:00