diff options
| author | Paolo Abeni <pabeni@redhat.com> | 2017-11-28 08:28:39 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-11-28 15:54:05 -0500 |
| commit | f85729d07cd649bf69820f14bdad36326a24a699 (patch) | |
| tree | 7b7b208dcc0d37e0f69b875e9142471fe50135be | |
| parent | 25415cec502a1232b19fffc85465882b19a90415 (diff) | |
sch_sfq: fix null pointer dereference at timer expiration
While converting sch_sfq to use timer_setup(), the commit cdeabbb88134
("net: sched: Convert timers to use timer_setup()") forgot to
initialize the 'sch' field. As a result, the timer callback tries to
dereference a NULL pointer, and the kernel does oops.
Fix it initializing such field at qdisc creation time.
Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/sched/sch_sfq.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/sched/sch_sfq.c b/net/sched/sch_sfq.c index 890f4a4564e7..09c1203c1711 100644 --- a/net/sched/sch_sfq.c +++ b/net/sched/sch_sfq.c | |||
| @@ -724,6 +724,7 @@ static int sfq_init(struct Qdisc *sch, struct nlattr *opt) | |||
| 724 | int i; | 724 | int i; |
| 725 | int err; | 725 | int err; |
| 726 | 726 | ||
| 727 | q->sch = sch; | ||
| 727 | timer_setup(&q->perturb_timer, sfq_perturbation, TIMER_DEFERRABLE); | 728 | timer_setup(&q->perturb_timer, sfq_perturbation, TIMER_DEFERRABLE); |
| 728 | 729 | ||
| 729 | err = tcf_block_get(&q->block, &q->filter_list, sch); | 730 | err = tcf_block_get(&q->block, &q->filter_list, sch); |