From 6bafcac3238758203703bdd4abe9c1f38d259584 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Mon, 2 Jan 2012 05:47:57 +0000 Subject: [PATCH] sch_qfq: fix overflow in qfq_update_start() grp->slot_shift is between 22 and 41, so using 32bit wide variables is probably a typo. This could explain QFQ hangs Dave reported to me, after 2^23 packets ? (23 = 64 - 41) Reported-by: Dave Taht Signed-off-by: Eric Dumazet CC: Stephen Hemminger CC: Dave Taht Signed-off-by: David S. Miller --- net/sched/sch_qfq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c index 103343408593..7b0325459e71 100644 --- a/net/sched/sch_qfq.c +++ b/net/sched/sch_qfq.c @@ -817,11 +817,11 @@ skip_unblock: static void qfq_update_start(struct qfq_sched *q, struct qfq_class *cl) { unsigned long mask; - uint32_t limit, roundedF; + u64 limit, roundedF; int slot_shift = cl->grp->slot_shift; roundedF = qfq_round_down(cl->F, slot_shift); - limit = qfq_round_down(q->V, slot_shift) + (1UL << slot_shift); + limit = qfq_round_down(q->V, slot_shift) + (1ULL << slot_shift); if (!qfq_gt(cl->F, q->V) || qfq_gt(roundedF, limit)) { /* timestamp was stale */ -- 2.34.1