From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Fastabend <john.fastabend@gmail.com>
Subject: Re: [Patch net-next] net_sched: properly check for empty skb array on
 error path
Date: Mon, 18 Dec 2017 17:25:05 -0800
Message-ID: <11149665-47bb-ec52-fdf0-db7bfa67152e@gmail.com>
References: <20171218223426.4685-1-xiyou.wangcong@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
To: Cong Wang <xiyou.wangcong@gmail.com>, netdev@vger.kernel.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pf0-f171.google.com ([209.85.192.171]:33656 "EHLO
        mail-pf0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S935034AbdLSBZQ (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 18 Dec 2017 20:25:16 -0500
Received: by mail-pf0-f171.google.com with SMTP id y89so10487278pfk.0
        for <netdev@vger.kernel.org>; Mon, 18 Dec 2017 17:25:16 -0800 (PST)
In-Reply-To: <20171218223426.4685-1-xiyou.wangcong@gmail.com>
Content-Language: en-US
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On 12/18/2017 02:34 PM, Cong Wang wrote:
> First, the check of &q->ring.queue against NULL is wrong, it
> is always false. We should check the value rather than the address.
> 

Thanks.

> Secondly, we need the same check in pfifo_fast_reset() too,
> as both ->reset() and ->destroy() are called in qdisc_destroy().
> 

not that it hurts to have the check here, but if init fails
in qdisc_create it seems only ->destroy() is called without
a ->reset().

Is there another path for init() to fail that I'm missing.

> Fixes: c5ad119fb6c0 ("net: sched: pfifo_fast use skb_array")
> Reported-by: syzbot <syzkaller@googlegroups.com>
> Cc: John Fastabend <john.fastabend@gmail.com>
> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
> ---
>  net/sched/sch_generic.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>