* net/sched: codel: Inclusion of patchset
@ 2025-05-02 4:49 Tai, Gerrard
2025-05-05 9:28 ` Greg Kroah-Hartman
0 siblings, 1 reply; 5+ messages in thread
From: Tai, Gerrard @ 2025-05-02 4:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Cong Wang, Simon Horman,
Jamal Hadi Salim, Paolo Abeni, Sasha Levin
Upstream commits:
01: 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make
htb_qlen_notify() idempotent")
02: df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make
drr_qlen_notify() idempotent")
03: 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make
hfsc_qlen_notify() idempotent")
04: 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make
qfq_qlen_notify() idempotent")
05: a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make
est_qlen_notify() idempotent")
06: 342debc12183b51773b3345ba267e9263bdfaaef ("codel: remove
sch->q.qlen check before qdisc_tree_reduce_backlog()")
These patches are patch 01-06 of the original patchset ([1]) authored by
Cong Wang. I have omitted patches 07-11 which are selftests. This patchset
addresses a UAF vulnerability.
Originally, only the last commit (06) was picked to merge into the latest
round of stable queues 5.15,5.10,5.4. For 6.x stable branches, that sole
commit has already been merged in a previous cycle.
From my understanding, this patch depends on the previous patches to work.
Without patches 01-05 which make various classful qdiscs' qlen_notify()
idempotent, if an fq_codel's dequeue() routine empties the fq_codel qdisc,
it will be doubly deactivated - first in the parent qlen_notify and then
again in the parent dequeue. For instance, in the case of parent drr,
the double deactivation will either cause a fault on an invalid address,
or trigger a splat if list checks are compiled into the kernel. This is
also why the original unpatched code included the qlen check in the first
place.
After discussion with Greg, he has helped to temporarily drop the patch
from the 5.x queues ([2]). My suggestion is to include patches 01-06 of the
patchset, as listed above, for the 5.x queues. For the 6.x queues that have
already merged patch 06, the earlier patches 01-05 should be merged too.
I'm not too familiar with the stable patch process, so I may be completely
mistaken here.
Cheers,
Gerrard
[1]: https://lore.kernel.org/netdev/174410343500.1831514.15019771038334698036.git-patchwork-notify@kernel.org/
[2]: https://lore.kernel.org/stable/2025050131-fragrant-famine-eb32@gregkh/
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: net/sched: codel: Inclusion of patchset 2025-05-02 4:49 net/sched: codel: Inclusion of patchset Tai, Gerrard @ 2025-05-05 9:28 ` Greg Kroah-Hartman 2025-05-07 2:59 ` Tai, Gerrard 0 siblings, 1 reply; 5+ messages in thread From: Greg Kroah-Hartman @ 2025-05-05 9:28 UTC (permalink / raw) To: Tai, Gerrard Cc: stable, patches, Cong Wang, Simon Horman, Jamal Hadi Salim, Paolo Abeni, Sasha Levin On Fri, May 02, 2025 at 12:49:48PM +0800, Tai, Gerrard wrote: > Upstream commits: > 01: 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make > htb_qlen_notify() idempotent") > 02: df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make > drr_qlen_notify() idempotent") > 03: 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make > hfsc_qlen_notify() idempotent") > 04: 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make > qfq_qlen_notify() idempotent") > 05: a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make > est_qlen_notify() idempotent") > 06: 342debc12183b51773b3345ba267e9263bdfaaef ("codel: remove > sch->q.qlen check before qdisc_tree_reduce_backlog()") > > These patches are patch 01-06 of the original patchset ([1]) authored by > Cong Wang. I have omitted patches 07-11 which are selftests. This patchset > addresses a UAF vulnerability. > > Originally, only the last commit (06) was picked to merge into the latest > round of stable queues 5.15,5.10,5.4. For 6.x stable branches, that sole > commit has already been merged in a previous cycle. > > >From my understanding, this patch depends on the previous patches to work. > Without patches 01-05 which make various classful qdiscs' qlen_notify() > idempotent, if an fq_codel's dequeue() routine empties the fq_codel qdisc, > it will be doubly deactivated - first in the parent qlen_notify and then > again in the parent dequeue. For instance, in the case of parent drr, > the double deactivation will either cause a fault on an invalid address, > or trigger a splat if list checks are compiled into the kernel. This is > also why the original unpatched code included the qlen check in the first > place. > > After discussion with Greg, he has helped to temporarily drop the patch > from the 5.x queues ([2]). My suggestion is to include patches 01-06 of the > patchset, as listed above, for the 5.x queues. For the 6.x queues that have > already merged patch 06, the earlier patches 01-05 should be merged too. > > I'm not too familiar with the stable patch process, so I may be completely > mistaken here. I'll be glad to take what is needed, but please list what commits need to go to what branches and in what exact order please. Or better yet, send backported patches to us, as patch series emails, which we can import that way as we know you have tested them properly. thanks! greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: net/sched: codel: Inclusion of patchset 2025-05-05 9:28 ` Greg Kroah-Hartman @ 2025-05-07 2:59 ` Tai, Gerrard 2025-05-07 4:11 ` Cong Wang 2025-05-07 14:04 ` Greg Kroah-Hartman 0 siblings, 2 replies; 5+ messages in thread From: Tai, Gerrard @ 2025-05-07 2:59 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: stable, patches, Cong Wang, Simon Horman, Jamal Hadi Salim, Paolo Abeni, Sasha Levin On Mon, May 5, 2025 at 5:28 PM Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote: > > On Fri, May 02, 2025 at 12:49:48PM +0800, Tai, Gerrard wrote: > > Upstream commits: > > 01: 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make > > htb_qlen_notify() idempotent") > > 02: df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make > > drr_qlen_notify() idempotent") > > 03: 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make > > hfsc_qlen_notify() idempotent") > > 04: 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make > > qfq_qlen_notify() idempotent") > > 05: a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make > > est_qlen_notify() idempotent") > > 06: 342debc12183b51773b3345ba267e9263bdfaaef ("codel: remove > > sch->q.qlen check before qdisc_tree_reduce_backlog()") > > > > These patches are patch 01-06 of the original patchset ([1]) authored by > > Cong Wang. I have omitted patches 07-11 which are selftests. This patchset > > addresses a UAF vulnerability. > > > > Originally, only the last commit (06) was picked to merge into the latest > > round of stable queues 5.15,5.10,5.4. For 6.x stable branches, that sole > > commit has already been merged in a previous cycle. > > > > >From my understanding, this patch depends on the previous patches to work. > > Without patches 01-05 which make various classful qdiscs' qlen_notify() > > idempotent, if an fq_codel's dequeue() routine empties the fq_codel qdisc, > > it will be doubly deactivated - first in the parent qlen_notify and then > > again in the parent dequeue. For instance, in the case of parent drr, > > the double deactivation will either cause a fault on an invalid address, > > or trigger a splat if list checks are compiled into the kernel. This is > > also why the original unpatched code included the qlen check in the first > > place. > > > > After discussion with Greg, he has helped to temporarily drop the patch > > from the 5.x queues ([2]). My suggestion is to include patches 01-06 of the > > patchset, as listed above, for the 5.x queues. For the 6.x queues that have > > already merged patch 06, the earlier patches 01-05 should be merged too. > > > > I'm not too familiar with the stable patch process, so I may be completely > > mistaken here. > > I'll be glad to take what is needed, but please list what commits need > to go to what branches and in what exact order please. Here's the list of commits. The order should be the sequence as listed below. 6.14, 6.13, 6.12, 6.6, 6.1: (all 6.* branches) 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make htb_qlen_notify() idempotent") df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make drr_qlen_notify() idempotent") 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make hfsc_qlen_notify() idempotent") 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make qfq_qlen_notify() idempotent") a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make est_qlen_notify() idempotent") 5.15, 5.10, 5.4: (all 5.* branches) 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make htb_qlen_notify() idempotent") df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make drr_qlen_notify() idempotent") 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make hfsc_qlen_notify() idempotent") 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make qfq_qlen_notify() idempotent") a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make est_qlen_notify() idempotent") 342debc12183b51773b3345ba267e9263bdfaaef ("codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()") Cheers, Gerrard ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: net/sched: codel: Inclusion of patchset 2025-05-07 2:59 ` Tai, Gerrard @ 2025-05-07 4:11 ` Cong Wang 2025-05-07 14:04 ` Greg Kroah-Hartman 1 sibling, 0 replies; 5+ messages in thread From: Cong Wang @ 2025-05-07 4:11 UTC (permalink / raw) To: Tai, Gerrard Cc: Greg Kroah-Hartman, stable, patches, Simon Horman, Jamal Hadi Salim, Paolo Abeni, Sasha Levin On Tue, May 6, 2025 at 8:00 PM Tai, Gerrard <gerrard.tai@starlabs.sg> wrote: > Here's the list of commits. The order should be the sequence as listed > below. > > 6.14, 6.13, 6.12, 6.6, 6.1: (all 6.* branches) > 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make > htb_qlen_notify() idempotent") > df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make > drr_qlen_notify() idempotent") > 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make > hfsc_qlen_notify() idempotent") > 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make > qfq_qlen_notify() idempotent") > a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make > est_qlen_notify() idempotent") Plus: 376947861013 ("sch_htb: make htb_deactivate() idempotent") > > 5.15, 5.10, 5.4: (all 5.* branches) > 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make > htb_qlen_notify() idempotent") > df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make > drr_qlen_notify() idempotent") > 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make > hfsc_qlen_notify() idempotent") > 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make > qfq_qlen_notify() idempotent") > a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make > est_qlen_notify() idempotent") > 342debc12183b51773b3345ba267e9263bdfaaef ("codel: remove > sch->q.qlen check before qdisc_tree_reduce_backlog()") Ditto. Thanks! ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: net/sched: codel: Inclusion of patchset 2025-05-07 2:59 ` Tai, Gerrard 2025-05-07 4:11 ` Cong Wang @ 2025-05-07 14:04 ` Greg Kroah-Hartman 1 sibling, 0 replies; 5+ messages in thread From: Greg Kroah-Hartman @ 2025-05-07 14:04 UTC (permalink / raw) To: Tai, Gerrard Cc: stable, patches, Cong Wang, Simon Horman, Jamal Hadi Salim, Paolo Abeni, Sasha Levin On Wed, May 07, 2025 at 10:59:53AM +0800, Tai, Gerrard wrote: > On Mon, May 5, 2025 at 5:28 PM Greg Kroah-Hartman > <gregkh@linuxfoundation.org> wrote: > > > > On Fri, May 02, 2025 at 12:49:48PM +0800, Tai, Gerrard wrote: > > > Upstream commits: > > > 01: 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make > > > htb_qlen_notify() idempotent") > > > 02: df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make > > > drr_qlen_notify() idempotent") > > > 03: 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make > > > hfsc_qlen_notify() idempotent") > > > 04: 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make > > > qfq_qlen_notify() idempotent") > > > 05: a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make > > > est_qlen_notify() idempotent") > > > 06: 342debc12183b51773b3345ba267e9263bdfaaef ("codel: remove > > > sch->q.qlen check before qdisc_tree_reduce_backlog()") > > > > > > These patches are patch 01-06 of the original patchset ([1]) authored by > > > Cong Wang. I have omitted patches 07-11 which are selftests. This patchset > > > addresses a UAF vulnerability. > > > > > > Originally, only the last commit (06) was picked to merge into the latest > > > round of stable queues 5.15,5.10,5.4. For 6.x stable branches, that sole > > > commit has already been merged in a previous cycle. > > > > > > >From my understanding, this patch depends on the previous patches to work. > > > Without patches 01-05 which make various classful qdiscs' qlen_notify() > > > idempotent, if an fq_codel's dequeue() routine empties the fq_codel qdisc, > > > it will be doubly deactivated - first in the parent qlen_notify and then > > > again in the parent dequeue. For instance, in the case of parent drr, > > > the double deactivation will either cause a fault on an invalid address, > > > or trigger a splat if list checks are compiled into the kernel. This is > > > also why the original unpatched code included the qlen check in the first > > > place. > > > > > > After discussion with Greg, he has helped to temporarily drop the patch > > > from the 5.x queues ([2]). My suggestion is to include patches 01-06 of the > > > patchset, as listed above, for the 5.x queues. For the 6.x queues that have > > > already merged patch 06, the earlier patches 01-05 should be merged too. > > > > > > I'm not too familiar with the stable patch process, so I may be completely > > > mistaken here. > > > > I'll be glad to take what is needed, but please list what commits need > > to go to what branches and in what exact order please. > > Here's the list of commits. The order should be the sequence as listed > below. > > 6.14, 6.13, 6.12, 6.6, 6.1: (all 6.* branches) > 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make > htb_qlen_notify() idempotent") > df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make > drr_qlen_notify() idempotent") > 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make > hfsc_qlen_notify() idempotent") > 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make > qfq_qlen_notify() idempotent") > a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make > est_qlen_notify() idempotent") > > 5.15, 5.10, 5.4: (all 5.* branches) > 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make > htb_qlen_notify() idempotent") > df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make > drr_qlen_notify() idempotent") This commit did not apply to 5.15.y and older, sorry. Please provide working, and TESTED backports of patches for us to be able to include them in the stable trees. thanks, greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-05-07 14:04 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-05-02 4:49 net/sched: codel: Inclusion of patchset Tai, Gerrard 2025-05-05 9:28 ` Greg Kroah-Hartman 2025-05-07 2:59 ` Tai, Gerrard 2025-05-07 4:11 ` Cong Wang 2025-05-07 14:04 ` Greg Kroah-Hartman
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox