From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Dumazet Subject: Re: [PATCH] net-fq: Add WARN_ON check for null flow. Date: Thu, 7 Jun 2018 09:17:18 -0700 Message-ID: <577ce32e-cbee-c5d8-da12-81075e924b23@gmail.com> References: <1528387585-5806-1-git-send-email-greearb@candelatech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit To: greearb@candelatech.com, netdev@vger.kernel.org Return-path: Received: from mail-pf0-f196.google.com ([209.85.192.196]:41472 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932902AbeFGQRV (ORCPT ); Thu, 7 Jun 2018 12:17:21 -0400 Received: by mail-pf0-f196.google.com with SMTP id a11-v6so5145183pff.8 for ; Thu, 07 Jun 2018 09:17:21 -0700 (PDT) In-Reply-To: <1528387585-5806-1-git-send-email-greearb@candelatech.com> Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 06/07/2018 09:06 AM, greearb@candelatech.com wrote: > From: Ben Greear > > While testing an ath10k firmware that often crashed under load, > I was seeing kernel crashes as well. One of them appeared to > be a dereference of a NULL flow object in fq_tin_dequeue. > > I have since fixed the firmware flaw, but I think it would be > worth adding the WARN_ON in case the problem appears again. > > common_interrupt+0xf/0xf > > Please find the exact commit that brought this bug, and add a corresponding Fixes: tag > Signed-off-by: Ben Greear > --- > include/net/fq_impl.h | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/include/net/fq_impl.h b/include/net/fq_impl.h > index be7c0fa..e40354d 100644 > --- a/include/net/fq_impl.h > +++ b/include/net/fq_impl.h > @@ -80,6 +80,9 @@ static struct sk_buff *fq_tin_dequeue(struct fq *fq, > > flow = list_first_entry(head, struct fq_flow, flowchain); > > + if (WARN_ON_ONCE(!flow)) > + return NULL; > + > if (flow->deficit <= 0) { > flow->deficit += fq->quantum; > list_move_tail(&flow->flowchain, >