From: Stephen Hemminger <stephen@networkplumber.org>
To: netdev@vger.kernel.org
Cc: Stephen Hemminger <stephen@networkplumber.org>
Subject: [PATCH net v2 00/10] netem: fixes and selftests
Date: Sat, 14 Mar 2026 17:14:04 -0700 [thread overview]
Message-ID: <20260315001649.23931-1-stephen@networkplumber.org> (raw)
The check_netem_in_tree() restriction added for CVE-2024-45016 rejects
valid configurations such as HTB or HFSC trees with netem on multiple
branches -- including examples from the netem documentation itself.
This has been an open issue for over a year (kernel.org bug #220774).
This series replaces it with a per-CPU recursion guard, restructures
dequeue to fix the HFSC eltree corruption, and addresses several
additional bugs found during a code audit.
01/10 Revert check_netem_in_tree()
02/10 Per-CPU recursion guard for duplication
03/10 Update tdc tests for the revert
04/10 Restructure dequeue to fix HFSC re-entrancy
(CVE-2025-37890, CVE-2025-38001)
05/10 Fix probability gaps in 4-state loss model
06/10 Fix slot delay overflow for ranges > 2.1s
07/10 Include reordered packets in queue limit check
08/10 Null-terminate tfifo linear queue tail
09/10 Only reseed PRNG when explicitly provided
10/10 Add netem configuration and traffic tests
Tested with tdc on 7.0.0-rc3: all netem tests pass.
v2 - merge new tests into tc-testing
- fixes only in this patch series
Stephen Hemminger (10):
Revert "net/sched: Restrict conditions for adding duplicating netems
to qdisc tree"
net/sched: netem: add per-CPU recursion guard for duplication
selftests/tc-testing: update netem tests after check_netem_in_tree
revert
net/sched: netem: restructure dequeue to avoid re-entrancy with child
qdisc
net/sched: netem: fix probability gaps in 4-state loss model
net/sched: netem: fix slot delay calculation overflow
net/sched: netem: fix queue limit check to include reordered packets
net/sched: netem: null-terminate tfifo linear queue tail
net/sched: netem: only reseed PRNG when seed is explicitly provided
selftests/tc-testing: add netem configuration and traffic tests
net/sched/sch_netem.c | 164 ++---
.../tc-testing/tc-tests/qdiscs/netem.json | 610 +++++++++++++++++-
2 files changed, 689 insertions(+), 85 deletions(-)
--
2.51.0
next reply other threads:[~2026-03-15 0:16 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-15 0:14 Stephen Hemminger [this message]
2026-03-15 0:14 ` [PATCH net v2 01/10] Revert "net/sched: Restrict conditions for adding duplicating netems to qdisc tree" Stephen Hemminger
2026-03-15 0:14 ` [PATCH net v2 02/10] net/sched: netem: add per-CPU recursion guard for duplication Stephen Hemminger
2026-03-15 0:14 ` [PATCH net v2 03/10] selftests/tc-testing: update netem tests after check_netem_in_tree revert Stephen Hemminger
2026-03-15 0:14 ` [PATCH net v2 04/10] net/sched: netem: restructure dequeue to avoid re-entrancy with child qdisc Stephen Hemminger
2026-03-15 0:14 ` [PATCH net v2 05/10] net/sched: netem: fix probability gaps in 4-state loss model Stephen Hemminger
2026-03-15 0:14 ` [PATCH net v2 06/10] net/sched: netem: fix slot delay calculation overflow Stephen Hemminger
2026-03-15 0:14 ` [PATCH net v2 07/10] net/sched: netem: fix queue limit check to include reordered packets Stephen Hemminger
2026-03-15 0:14 ` [PATCH net v2 08/10] net/sched: netem: null-terminate tfifo linear queue tail Stephen Hemminger
2026-03-15 0:14 ` [PATCH net v2 09/10] net/sched: netem: only reseed PRNG when seed is explicitly provided Stephen Hemminger
2026-03-15 0:14 ` [PATCH net v2 10/10] selftests/tc-testing: add netem configuration and traffic tests Stephen Hemminger
2026-03-15 15:19 ` [PATCH net v2 00/10] netem: fixes and selftests Jakub Kicinski
2026-03-15 16:09 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260315001649.23931-1-stephen@networkplumber.org \
--to=stephen@networkplumber.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.