From: Eric Dumazet Date: Mon, 2 Jan 2012 05:47:57 +0000 (+0000) Subject: sch_qfq: fix overflow in qfq_update_start() X-Git-Tag: firefly_0821_release~3680^2~3852^2~4 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6bafcac3238758203703bdd4abe9c1f38d259584;p=firefly-linux-kernel-4.4.55.git sch_qfq: fix overflow in qfq_update_start() grp->slot_shift is between 22 and 41, so using 32bit wide variables is probably a typo. This could explain QFQ hangs Dave reported to me, after 2^23 packets ? (23 = 64 - 41) Reported-by: Dave Taht Signed-off-by: Eric Dumazet CC: Stephen Hemminger CC: Dave Taht Signed-off-by: David S. Miller --- diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c index 103343408593..7b0325459e71 100644 --- a/net/sched/sch_qfq.c +++ b/net/sched/sch_qfq.c @@ -817,11 +817,11 @@ skip_unblock: static void qfq_update_start(struct qfq_sched *q, struct qfq_class *cl) { unsigned long mask; - uint32_t limit, roundedF; + u64 limit, roundedF; int slot_shift = cl->grp->slot_shift; roundedF = qfq_round_down(cl->F, slot_shift); - limit = qfq_round_down(q->V, slot_shift) + (1UL << slot_shift); + limit = qfq_round_down(q->V, slot_shift) + (1ULL << slot_shift); if (!qfq_gt(cl->F, q->V) || qfq_gt(roundedF, limit)) { /* timestamp was stale */