From: Patrick McHardy <[EMAIL PROTECTED]> Date: Tue, 18 Sep 2007 21:15:28 +0200
> OK the off-by-one prevents an out-of-bounds array access, which > would cause a crash itself. Despite what I said above, sfq does > try to handle dequeues while empty, but forgets to update q->tail > when dropping the last packet from the only active queue, probably > because it wasn't expected that the queue length is too small to > queue even a single packet (and that really doesn't make much sense). > > So one possibility for fixing this is to update q->tail in sfq_drop > when dropping the last packet, but that would still leave the qdisc > non-functional because of the off-by-one. I chose a different way: > cap the limit at SFQ_DEPTH-1 and remove the off-by-one, which should > have no effect on the max (still 127), but prevents the crash since > we can now queue at least a single packet and q->tail is properly > updated in sfq_dequeue(). > > CCed Alexey just to be safe, but I think the patch should be fine. > > Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]> I've applied this to net-2.6, thanks Patrick. I'll hold off merging this to Linus until later today so that if some issue is found we can address it. Thanks. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
