__skb_array_empty() is only safe if array is never resized.
pfifo_fast_dequeue() is called in TX BH context and without
qdisc lock, so even after we disable BH on ->reset() path
we can still race with other CPU's.
Fixes: c5ad119fb6c0 ("net: sched: pfifo_fast use skb_array")
Reported-by: Jakub Kicinski <jakub.kicin...@netronome.com>
Cc: John Fastabend <john.fastab...@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com>
---
net/sched/sch_generic.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
index 00ddb5f8f430..9279258ce060 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -622,9 +622,6 @@ static struct sk_buff *pfifo_fast_dequeue(struct Qdisc
*qdisc)
for (band = 0; band < PFIFO_FAST_BANDS && !skb; band++) {
struct skb_array *q = band2list(priv, band);
- if (__skb_array_empty(q))
- continue;
-
skb = skb_array_consume_bh(q);
}
if (likely(skb)) {
--
2.13.0
