From mboxrd@z Thu Jan 1 00:00:00 1970 From: Cong Wang Subject: Re: [next-queue PATCH v2 2/5] net/sched: Fix accessing invalid dev_queue Date: Sat, 30 Sep 2017 17:22:33 -0700 Message-ID: References: <20170930002657.15291-1-vinicius.gomes@intel.com> <20170930002657.15291-3-vinicius.gomes@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: Linux Kernel Network Developers , intel-wired-lan , Jesus Sanchez-Palencia , Jamal Hadi Salim , Jiri Pirko , andre.guedes@intel.com, Ivan Briano , boon.leong.ong@intel.com, richardcochran@gmail.com, Henrik Austad , levipearson@gmail.com, rodney.cummings@ni.com To: Vinicius Costa Gomes Return-path: Received: from mail-pg0-f53.google.com ([74.125.83.53]:46983 "EHLO mail-pg0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750988AbdJAAWy (ORCPT ); Sat, 30 Sep 2017 20:22:54 -0400 Received: by mail-pg0-f53.google.com with SMTP id v3so1424123pgv.3 for ; Sat, 30 Sep 2017 17:22:54 -0700 (PDT) In-Reply-To: <20170930002657.15291-3-vinicius.gomes@intel.com> Sender: netdev-owner@vger.kernel.org List-ID: On Fri, Sep 29, 2017 at 5:26 PM, Vinicius Costa Gomes wrote: > From: Jesus Sanchez-Palencia > > In qdisc_alloc() the dev_queue pointer was used without any checks being > performed. If qdisc_create() gets a null dev_queue pointer, it just > passes it along to qdisc_alloc(), leading to a crash. That happens if a > root qdisc implements select_queue() and returns a null dev_queue > pointer for an "invalid handle", for example. Does it make sense to let mqprio_select_queue() always return non-NULL? At least mq_select_queue() returns queue #0 as a fallback.