Hi,
I have a question regarding the patchset this patch belongs to.
I saw the recent netdev thread https://lore.kernel.org/stable/6fa68b02-cf82-aeca-56e6-e3b8565b22f4@applied-... and noticed that for the patchset https://lore.kernel.org/all/174410343500.1831514.15019771038334698036.git-pa... only patch 06/11 "codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()" was pulled into 6.6, 6.1, 6.12, 6.13, 6.14 stable. This was to fix a UAF vulnerability.
In this case for the 5.15 release (and 5.10 and 5.4), the rest of the set is once again excluded. I'm not familiar with the process of pulling kernel patches so I may be missing something - is excluding the rest of the patchset intentional?
From my understanding, this patch depends on the previous patches to work. Without patches 01-05 which make various classful qdiscs' qlen_notify() idempotent, if an fq_codel's dequeue() routine empties the fq_codel qdisc, it will be doubly deactivated - first in the parent qlen_notify and then again in the parent dequeue. For instance, in the case of parent drr, the double deactivation will either cause a fault on an invalid address, or trigger a splat if list checks are compiled into the kernel. This is also why the original unpatched code included the qlen check in the first place.
I think that the rest of the patchset should be pulled as well, for all releases.
Cheers, Gerrard