Skip to content

Commit

Permalink
sch_sfq: fix null pointer dereference at timer expiration
Browse files Browse the repository at this point in the history 
While converting sch_sfq to use timer_setup(), the commit cdeabbb
("net: sched: Convert timers to use timer_setup()") forgot to
initialize the 'sch' field. As a result, the timer callback tries to
dereference a NULL pointer, and the kernel does oops.

Fix it initializing such field at qdisc creation time.

Fixes: cdeabbb ("net: sched: Convert timers to use timer_setup()")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Paolo Abeni authored and David S. Miller committed Nov 28, 2017
1 parent 25415ce commit f85729d
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/sched/sch_sfq.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -724,6 +724,7 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt)
int i;
int err;

q->sch = sch;
timer_setup(&q->perturb_timer, sfq_perturbation, TIMER_DEFERRABLE);

err = tcf_block_get(&q->block, &q->filter_list, sch);
Expand Down

0 comments on commit f85729d

Please sign in to comment.