On Fri, Jul 17, 2015 at 4:27 PM, Alex Gartrell <agartr...@fb.com> wrote:
> To my understanding, the following situation is taking place.
>
> tc_ctl_tclass
> -> htb_delete
> -> class is deleted from clhash
> -> htb_put
> -> qdisc_destroy
> -> fq_codel_reset
> -> fq_codel_dequeue
> -> qdidsc_tree_decrease_qlen
> -> cl = htb_get # returns NULL, removed in htb_delete
> -> htb_qlen_notify(sch, NULL) # BOOM
>
> This patch checks cl for 0 before invoking qlen_notify and put. The notify
> is not necessary in this case, as the parent has already been deactivated
> anyway.
>
Hmm, but in htb_delete() we do reset the leaf qdisc before removing the
class from hash:
if (!cl->level) {
qlen = cl->un.leaf.q->q.qlen;
qdisc_reset(cl->un.leaf.q);
qdisc_tree_decrease_qlen(cl->un.leaf.q, qlen);
}
therefore, the leaf fq_codel qdisc is supposed to have 0 skb after that,
that is, the second fq_codel_reset() is supposed to return NULL immediately?
Why is qdidsc_tree_decrease_qlen() called in the second fq_codel_reset()?
Or there is a race condition between ->delete() and ->put()? In which new
skb can be enqueued?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
