sch_qfq: fix overflow in qfq_update_start()

grp->slot_shift is between 22 and 41, so using 32bit wide variables is
probably a typo.

This could explain QFQ hangs Dave reported to me, after 2^23 packets ?

(23 = 64 - 41)

Reported-by: Dave Taht <dave.taht@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Stephen Hemminger <shemminger@vyatta.com>
CC: Dave Taht <dave.taht@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c
index 1033434..7b03254 100644 (file)
--- a/net/sched/sch_qfq.c
+++ b/net/sched/sch_qfq.c
@@ -817,11 +817,11 @@ skip_unblock:
 static void qfq_update_start(struct qfq_sched *q, struct qfq_class *cl)
 {
        unsigned long mask;
-       uint32_t limit, roundedF;
+       u64 limit, roundedF;
        int slot_shift = cl->grp->slot_shift;
 
        roundedF = qfq_round_down(cl->F, slot_shift);
-       limit = qfq_round_down(q->V, slot_shift) + (1UL << slot_shift);
+       limit = qfq_round_down(q->V, slot_shift) + (1ULL << slot_shift);
 
        if (!qfq_gt(cl->F, q->V) || qfq_gt(roundedF, limit)) {
                /* timestamp was stale */