Fix fallout from my qdisc endless loop fixes. I've checked
all qdiscs, these two should be the only broken ones.
The patch applies to current -git and the last -stable.
[NET_SCHED]: sch_htb/sch_hfsc: fix oops in qlen_notify
During both HTB and HFSC class deletion the class is removed from the
class hash before calling qdisc_tree_decrease_qlen. This makes the
->get operation in qdisc_tree_decrease_qlen fail, so it passes a NULL
pointer to ->qlen_notify, causing an oops.
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
---
commit 36ab004c1021c259b8780834287494fe630fc9ee
tree cad66b55dd7c6954ff9b55b16f791d7474adf6b0
parent 703071b5b93d88d5acb0edd5b9dd86c69ad970f2
author Patrick McHardy <[EMAIL PROTECTED]> Tue, 27 Mar 2007 17:07:50 +0200
committer Patrick McHardy <[EMAIL PROTECTED]> Tue, 27 Mar 2007 18:25:42 +0200
net/sched/sch_hfsc.c | 4 +++-
net/sched/sch_htb.c | 6 +++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/sched/sch_hfsc.c b/net/sched/sch_hfsc.c
index 396deb7..407c6fb 100644
--- a/net/sched/sch_hfsc.c
+++ b/net/sched/sch_hfsc.c
@@ -1184,10 +1184,12 @@ hfsc_delete_class(struct Qdisc *sch, unsigned long arg)
sch_tree_lock(sch);
- list_del(&cl->hlist);
list_del(&cl->siblings);
hfsc_adjust_levels(cl->cl_parent);
+
hfsc_purge_queue(sch, cl);
+ list_del(&cl->hlist);
+
if (--cl->refcnt == 0)
hfsc_destroy_class(sch, cl);
diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c
index 97cbb9a..3c3294d 100644
--- a/net/sched/sch_htb.c
+++ b/net/sched/sch_htb.c
@@ -1380,15 +1380,15 @@ static int htb_delete(struct Qdisc *sch, unsigned long
arg)
sch_tree_lock(sch);
- /* delete from hash and active; remainder in destroy_class */
- hlist_del_init(&cl->hlist);
-
if (!cl->level) {
qlen = cl->un.leaf.q->q.qlen;
qdisc_reset(cl->un.leaf.q);
qdisc_tree_decrease_qlen(cl->un.leaf.q, qlen);
}
+ /* delete from hash and active; remainder in destroy_class */
+ hlist_del_init(&cl->hlist);
+
if (cl->prio_activity)
htb_deactivate(q, cl);
