[PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
@ 2025-07-17 23:01 Xiang Mei
  2025-07-18 18:48 ` Cong Wang
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Xiang Mei @ 2025-07-17 23:01 UTC (permalink / raw)
  To: dan.carpenter; +Cc: xiyou.wangcong, netdev, Xiang Mei

might_sleep could be trigger in the atomic context in qfq_delete_class.

qfq_destroy_class was moved into atomic context locked
by sch_tree_lock to avoid a race condition bug on
qfq_aggregate. However, might_sleep could be triggered by
qfq_destroy_class, which introduced sleeping in atomic context (path:
qfq_destroy_class->qdisc_put->__qdisc_destroy->lockdep_unregister_key
->might_sleep).

Considering the race is on the qfq_aggregate objects, keeping
qfq_rm_from_agg in the lock but moving the left part out can solve
this issue.

Fixes: 5e28d5a3f774 ("net/sched: sch_qfq: Fix race condition on qfq_aggregate")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Xiang Mei <xmei5@asu.edu>
Link: https://patch.msgid.link/4a04e0cc-a64b-44e7-9213-2880ed641d77@sabinyo.mountain
---
v1: Avoid might_sleep in atomic context

 net/sched/sch_qfq.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c
index f0eb70353744..2255355e51d3 100644
--- a/net/sched/sch_qfq.c
+++ b/net/sched/sch_qfq.c
@@ -536,9 +536,6 @@ static int qfq_change_class(struct Qdisc *sch, u32 classid, u32 parentid,
 
 static void qfq_destroy_class(struct Qdisc *sch, struct qfq_class *cl)
 {
-	struct qfq_sched *q = qdisc_priv(sch);
-
-	qfq_rm_from_agg(q, cl);
 	gen_kill_estimator(&cl->rate_est);
 	qdisc_put(cl->qdisc);
 	kfree(cl);
@@ -559,10 +556,11 @@ static int qfq_delete_class(struct Qdisc *sch, unsigned long arg,
 
 	qdisc_purge_queue(cl->qdisc);
 	qdisc_class_hash_remove(&q->clhash, &cl->common);
-	qfq_destroy_class(sch, cl);
+	qfq_rm_from_agg(q, cl);
 
 	sch_tree_unlock(sch);
 
+	qfq_destroy_class(sch, cl);
 	return 0;
 }
 
@@ -1503,6 +1501,7 @@ static void qfq_destroy_qdisc(struct Qdisc *sch)
 	for (i = 0; i < q->clhash.hashsize; i++) {
 		hlist_for_each_entry_safe(cl, next, &q->clhash.hash[i],
 					  common.hnode) {
+			qfq_rm_from_agg(q, cl);
 			qfq_destroy_class(sch, cl);
 		}
 	}
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
  2025-07-17 23:01 [PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xiang Mei
@ 2025-07-18 18:48 ` Cong Wang
  2025-07-18 19:43 ` Dan Carpenter
  2025-07-22 10:20 ` patchwork-bot+netdevbpf
  2 siblings, 0 replies; 5+ messages in thread
From: Cong Wang @ 2025-07-18 18:48 UTC (permalink / raw)
  To: Xiang Mei; +Cc: dan.carpenter, netdev

On Thu, Jul 17, 2025 at 04:01:28PM -0700, Xiang Mei wrote:
> might_sleep could be trigger in the atomic context in qfq_delete_class.
> 
> qfq_destroy_class was moved into atomic context locked
> by sch_tree_lock to avoid a race condition bug on
> qfq_aggregate. However, might_sleep could be triggered by
> qfq_destroy_class, which introduced sleeping in atomic context (path:
> qfq_destroy_class->qdisc_put->__qdisc_destroy->lockdep_unregister_key
> ->might_sleep).
> 
> Considering the race is on the qfq_aggregate objects, keeping
> qfq_rm_from_agg in the lock but moving the left part out can solve
> this issue.
> 
> Fixes: 5e28d5a3f774 ("net/sched: sch_qfq: Fix race condition on qfq_aggregate")
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Signed-off-by: Xiang Mei <xmei5@asu.edu>
> Link: https://patch.msgid.link/4a04e0cc-a64b-44e7-9213-2880ed641d77@sabinyo.mountain

Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>

Thanks for the quick fix!

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
  2025-07-17 23:01 [PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xiang Mei
  2025-07-18 18:48 ` Cong Wang
@ 2025-07-18 19:43 ` Dan Carpenter
  2025-07-18 21:11   ` Xiang Mei
  2025-07-22 10:20 ` patchwork-bot+netdevbpf
  2 siblings, 1 reply; 5+ messages in thread
From: Dan Carpenter @ 2025-07-18 19:43 UTC (permalink / raw)
  To: Xiang Mei; +Cc: xiyou.wangcong, netdev

On Thu, Jul 17, 2025 at 04:01:28PM -0700, Xiang Mei wrote:
> might_sleep could be trigger in the atomic context in qfq_delete_class.
> 
> qfq_destroy_class was moved into atomic context locked
> by sch_tree_lock to avoid a race condition bug on
> qfq_aggregate. However, might_sleep could be triggered by
> qfq_destroy_class, which introduced sleeping in atomic context (path:
> qfq_destroy_class->qdisc_put->__qdisc_destroy->lockdep_unregister_key
> ->might_sleep).
> 
> Considering the race is on the qfq_aggregate objects, keeping
> qfq_rm_from_agg in the lock but moving the left part out can solve
> this issue.
> 
> Fixes: 5e28d5a3f774 ("net/sched: sch_qfq: Fix race condition on qfq_aggregate")
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Signed-off-by: Xiang Mei <xmei5@asu.edu>
> Link: https://patch.msgid.link/4a04e0cc-a64b-44e7-9213-2880ed641d77@sabinyo.mountain
> ---
> v1: Avoid might_sleep in atomic context

No need for this line on the first version of a patch.  It's just to
track changes between versions.

Anyway, looks good.  Thanks!

Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>

regards,
dan carpenter



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
  2025-07-18 19:43 ` Dan Carpenter
@ 2025-07-18 21:11   ` Xiang Mei
  0 siblings, 0 replies; 5+ messages in thread
From: Xiang Mei @ 2025-07-18 21:11 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: xiyou.wangcong, netdev

On Fri, Jul 18, 2025 at 10:43:22PM +0300, Dan Carpenter wrote:
> On Thu, Jul 17, 2025 at 04:01:28PM -0700, Xiang Mei wrote:
> > might_sleep could be trigger in the atomic context in qfq_delete_class.
> > 
> > qfq_destroy_class was moved into atomic context locked
> > by sch_tree_lock to avoid a race condition bug on
> > qfq_aggregate. However, might_sleep could be triggered by
> > qfq_destroy_class, which introduced sleeping in atomic context (path:
> > qfq_destroy_class->qdisc_put->__qdisc_destroy->lockdep_unregister_key
> > ->might_sleep).
> > 
> > Considering the race is on the qfq_aggregate objects, keeping
> > qfq_rm_from_agg in the lock but moving the left part out can solve
> > this issue.
> > 
> > Fixes: 5e28d5a3f774 ("net/sched: sch_qfq: Fix race condition on qfq_aggregate")
> > Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> > Signed-off-by: Xiang Mei <xmei5@asu.edu>
> > Link: https://patch.msgid.link/4a04e0cc-a64b-44e7-9213-2880ed641d77@sabinyo.mountain
> > ---
> > v1: Avoid might_sleep in atomic context
> 
> No need for this line on the first version of a patch.  It's just to
> track changes between versions.
> 
> Anyway, looks good.  Thanks!
> 
> Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
> 
> regards,
> dan carpenter
> 
>
Thanks so much for the tip and both of your reviews.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
  2025-07-17 23:01 [PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xiang Mei
  2025-07-18 18:48 ` Cong Wang
  2025-07-18 19:43 ` Dan Carpenter
@ 2025-07-22 10:20 ` patchwork-bot+netdevbpf
  2 siblings, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-07-22 10:20 UTC (permalink / raw)
  To: Xiang Mei; +Cc: dan.carpenter, xiyou.wangcong, netdev

Hello:

This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@redhat.com>:

On Thu, 17 Jul 2025 16:01:28 -0700 you wrote:
> might_sleep could be trigger in the atomic context in qfq_delete_class.
> 
> qfq_destroy_class was moved into atomic context locked
> by sch_tree_lock to avoid a race condition bug on
> qfq_aggregate. However, might_sleep could be triggered by
> qfq_destroy_class, which introduced sleeping in atomic context (path:
> qfq_destroy_class->qdisc_put->__qdisc_destroy->lockdep_unregister_key
> ->might_sleep).
> 
> [...]

Here is the summary with links:
  - [v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
    https://git.kernel.org/netdev/net/c/cf074eca0065

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-07-22 10:19 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-17 23:01 [PATCH v1] net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xiang Mei
2025-07-18 18:48 ` Cong Wang
2025-07-18 19:43 ` Dan Carpenter
2025-07-18 21:11   ` Xiang Mei
2025-07-22 10:20 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).