p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
linux_old1/net/smc
History
Eric Dumazet be7f3e5999 net/smc: init conn.tx_work & conn.send_lock sooner 
syzkaller found that following program crashes the host :

{
  int fd = socket(AF_SMC, SOCK_STREAM, 0);
  int val = 1;

  listen(fd, 0);
  shutdown(fd, SHUT_RDWR);
  setsockopt(fd, 6, TCP_NODELAY, &val, 4);
}

Simply initialize conn.tx_work & conn.send_lock at socket creation,
rather than deeper in the stack.

ODEBUG: assert_init not available (active state 0) object type: timer_list hint:           (null)
WARNING: CPU: 1 PID: 13988 at lib/debugobjects.c:329 debug_print_object+0x16a/0x210 lib/debugobjects.c:326
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 13988 Comm: syz-executor0 Not tainted 4.17.0-rc4+ #46
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b9/0x294 lib/dump_stack.c:113
 panic+0x22f/0x4de kernel/panic.c:184
 __warn.cold.8+0x163/0x1b3 kernel/panic.c:536
 report_bug+0x252/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326
RSP: 0018:ffff880197a37880 EFLAGS: 00010086
RAX: 0000000000000061 RBX: 0000000000000005 RCX: ffffc90001ed0000
RDX: 0000000000004aaf RSI: ffffffff8160f6f1 RDI: 0000000000000001
RBP: ffff880197a378c0 R08: ffff8801aa7a0080 R09: ffffed003b5e3eb2
R10: ffffed003b5e3eb2 R11: ffff8801daf1f597 R12: 0000000000000001
R13: ffffffff88d96980 R14: ffffffff87fa19a0 R15: ffffffff81666ec0
 debug_object_assert_init+0x309/0x500 lib/debugobjects.c:692
 debug_timer_assert_init kernel/time/timer.c:724 [inline]
 debug_assert_init kernel/time/timer.c:776 [inline]
 del_timer+0x74/0x140 kernel/time/timer.c:1198
 try_to_grab_pending+0x439/0x9a0 kernel/workqueue.c:1223
 mod_delayed_work_on+0x91/0x250 kernel/workqueue.c:1592
 mod_delayed_work include/linux/workqueue.h:541 [inline]
 smc_setsockopt+0x387/0x6d0 net/smc/af_smc.c:1367
 __sys_setsockopt+0x1bd/0x390 net/socket.c:1903
 __do_sys_setsockopt net/socket.c:1914 [inline]
 __se_sys_setsockopt net/socket.c:1911 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1911
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: 01d2f7e2cd ("net/smc: sockopts TCP_NODELAY and TCP_CORK")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Ursula Braun <ubraun@linux.ibm.com>
Cc: linux-s390@vger.kernel.org
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2018-05-17 16:25:35 -04:00
..
Kconfig net/smc: remove Kconfig warning 2017-07-29 11:22:58 -07:00
Makefile smc: netlink interface for SMC sockets 2017-01-09 16:07:41 -05:00
af_smc.c net/smc: init conn.tx_work & conn.send_lock sooner 2018-05-17 16:25:35 -04:00
smc.h smc: add support for splice() 2018-05-04 11:45:06 -04:00
smc_cdc.c net/smc: fix structure size 2018-04-27 14:02:51 -04:00
smc_cdc.h net/smc: fix structure size 2018-04-27 14:02:51 -04:00
smc_clc.c net/smc: check for pending termination 2018-05-16 11:49:20 -04:00
smc_clc.h net/smc: add ipv6 support to CLC layer 2018-03-16 14:57:25 -04:00
smc_close.c net/smc: simplify wait when closing listen socket 2018-03-15 09:49:13 -04:00
smc_close.h net/smc: replace sock_put worker by socket refcounting 2018-01-26 10:41:56 -05:00
smc_core.c net/smc: check for pending termination 2018-05-16 11:49:20 -04:00
smc_core.h net/smc: check for pending termination 2018-05-16 11:49:20 -04:00
smc_diag.c net/smc: ipv6 support for smc_diag.c 2018-05-02 13:29:12 -04:00
smc_ib.c net/smc: pay attention to MAX_ORDER for CQ entries 2018-03-14 13:40:44 -04:00
smc_ib.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smc_llc.c net/smc: drop messages when link state is inactive 2018-05-16 11:49:20 -04:00
smc_llc.h net/smc: use a workqueue to defer llc send 2018-05-16 11:49:19 -04:00
smc_pnet.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smc_pnet.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smc_rx.c smc: add support for splice() 2018-05-04 11:45:06 -04:00
smc_rx.h smc: add support for splice() 2018-05-04 11:45:06 -04:00
smc_tx.c net/smc: init conn.tx_work & conn.send_lock sooner 2018-05-17 16:25:35 -04:00
smc_tx.h net/smc: init conn.tx_work & conn.send_lock sooner 2018-05-17 16:25:35 -04:00
smc_wr.c net/smc: periodic testlink support 2018-05-02 13:29:12 -04:00
smc_wr.h net/smc: pay attention to MAX_ORDER for CQ entries 2018-03-14 13:40:44 -04:00