* [PATCH] net/smc: fix TCP fallback socket release
@ 2018-12-16 23:07 Myungho Jung
2018-12-17 5:02 ` kbuild test robot
0 siblings, 1 reply; 2+ messages in thread
From: Myungho Jung @ 2018-12-16 23:07 UTC (permalink / raw)
To: Ursula Braun, David S. Miller; +Cc: linux-s390, netdev, linux-kernel
clcsock can be released while kernel_accept() references it in TCP
listen worker. Also, clcsock needs to wake up before released if TCP
fallback is used and the clcsock is blocked by accept. Add a lock to
safely release clcsock and call kernel_sock_shutdown() to wake up
clcsock from accept in smc_release().
Reported-by: syzbot+0bf2e01269f1274b4b03@syzkaller.appspotmail.com
Reported-by: syzbot+e3132895630f957306bc@syzkaller.appspotmail.com
Signed-off-by: Myungho Jung <mhjungk@gmail.com>
---
net/smc/af_smc.c | 12 +++++++++++-
net/smc/smc.h | 2 ++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 5fbaf1901571..a127a13689c3 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -147,8 +147,14 @@ static int smc_release(struct socket *sock)
sk->sk_shutdown |= SHUTDOWN_MASK;
}
if (smc->clcsock) {
+ if (smc->use_fallback && sk->sk_state == SMC_LISTEN) {
+ /* wake up clcsock accept */
+ rc = kernel_sock_shutdown(smc->clcsock, SHUT_RDWR);
+ }
+ mutex_lock(&smc->clcsock_release_lock);
sock_release(smc->clcsock);
smc->clcsock = NULL;
+ mutex_unlock(&smc->clcsock_release_lock);
}
if (smc->use_fallback) {
if (sk->sk_state != SMC_LISTEN && sk->sk_state != SMC_INIT)
@@ -205,6 +211,7 @@ static struct sock *smc_sock_alloc(struct net *net, struct socket *sock,
spin_lock_init(&smc->conn.send_lock);
sk->sk_prot->hash(sk);
sk_refcnt_debug_inc(sk);
+ mutex_init(&smc->clcsock_release_lock);
return sk;
}
@@ -834,7 +841,10 @@ static int smc_clcsock_accept(struct smc_sock *lsmc, struct smc_sock **new_smc)
}
*new_smc = smc_sk(new_sk);
- rc = kernel_accept(lsmc->clcsock, &new_clcsock, 0);
+ mutex_lock(&lsmc->clcsock_release_lock);
+ if (lsmc->clcsock)
+ rc = kernel_accept(lsmc->clcsock, &new_clcsock, 0);
+ mutex_unlock(&lsmc->clcsock_release_lock);
lock_sock(lsk);
if (rc < 0)
lsk->sk_err = -rc;
diff --git a/net/smc/smc.h b/net/smc/smc.h
index 08786ace6010..9a2795cf5d30 100644
--- a/net/smc/smc.h
+++ b/net/smc/smc.h
@@ -219,6 +219,8 @@ struct smc_sock { /* smc sock container */
* started, waiting for unsent
* data to be sent
*/
+ struct mutex clcsock_release_lock;
+ /* protects clcsock */
};
static inline struct smc_sock *smc_sk(const struct sock *sk)
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] net/smc: fix TCP fallback socket release
2018-12-16 23:07 [PATCH] net/smc: fix TCP fallback socket release Myungho Jung
@ 2018-12-17 5:02 ` kbuild test robot
0 siblings, 0 replies; 2+ messages in thread
From: kbuild test robot @ 2018-12-17 5:02 UTC (permalink / raw)
To: Myungho Jung
Cc: kbuild-all, Ursula Braun, David S. Miller, linux-s390, netdev,
linux-kernel
[-- Attachment #1: Type: text/plain, Size: 3787 bytes --]
Hi Myungho,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net-next/master]
[also build test WARNING on v4.20-rc7 next-20181214]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Myungho-Jung/net-smc-fix-TCP-fallback-socket-release/20181217-122513
config: x86_64-randconfig-x015-201850 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings
All warnings (new ones prefixed by >>):
net/smc/af_smc.c: In function 'smc_tcp_listen_work':
>> net/smc/af_smc.c:1318:6: warning: 'rc' may be used uninitialized in this function [-Wmaybe-uninitialized]
if (rc)
^
vim +/rc +1318 net/smc/af_smc.c
a046d57d Ursula Braun 2017-01-09 1306
a046d57d Ursula Braun 2017-01-09 1307 static void smc_tcp_listen_work(struct work_struct *work)
a046d57d Ursula Braun 2017-01-09 1308 {
a046d57d Ursula Braun 2017-01-09 1309 struct smc_sock *lsmc = container_of(work, struct smc_sock,
a046d57d Ursula Braun 2017-01-09 1310 tcp_listen_work);
3163c507 Ursula Braun 2018-01-24 1311 struct sock *lsk = &lsmc->sk;
a046d57d Ursula Braun 2017-01-09 1312 struct smc_sock *new_smc;
a046d57d Ursula Braun 2017-01-09 1313 int rc = 0;
a046d57d Ursula Braun 2017-01-09 1314
3163c507 Ursula Braun 2018-01-24 1315 lock_sock(lsk);
3163c507 Ursula Braun 2018-01-24 1316 while (lsk->sk_state == SMC_LISTEN) {
a046d57d Ursula Braun 2017-01-09 1317 rc = smc_clcsock_accept(lsmc, &new_smc);
a046d57d Ursula Braun 2017-01-09 @1318 if (rc)
a046d57d Ursula Braun 2017-01-09 1319 goto out;
a046d57d Ursula Braun 2017-01-09 1320 if (!new_smc)
a046d57d Ursula Braun 2017-01-09 1321 continue;
a046d57d Ursula Braun 2017-01-09 1322
a046d57d Ursula Braun 2017-01-09 1323 new_smc->listen_smc = lsmc;
ee9dfbef Ursula Braun 2018-04-26 1324 new_smc->use_fallback = lsmc->use_fallback;
603cc149 Karsten Graul 2018-07-25 1325 new_smc->fallback_rsn = lsmc->fallback_rsn;
3163c507 Ursula Braun 2018-01-24 1326 sock_hold(lsk); /* sock_put in smc_listen_work */
a046d57d Ursula Braun 2017-01-09 1327 INIT_WORK(&new_smc->smc_listen_work, smc_listen_work);
a046d57d Ursula Braun 2017-01-09 1328 smc_copy_sock_settings_to_smc(new_smc);
bd58c7e0 Ursula Braun 2018-08-08 1329 new_smc->sk.sk_sndbuf = lsmc->sk.sk_sndbuf;
bd58c7e0 Ursula Braun 2018-08-08 1330 new_smc->sk.sk_rcvbuf = lsmc->sk.sk_rcvbuf;
51f1de79 Ursula Braun 2018-01-26 1331 sock_hold(&new_smc->sk); /* sock_put in passive closing */
51f1de79 Ursula Braun 2018-01-26 1332 if (!schedule_work(&new_smc->smc_listen_work))
51f1de79 Ursula Braun 2018-01-26 1333 sock_put(&new_smc->sk);
a046d57d Ursula Braun 2017-01-09 1334 }
a046d57d Ursula Braun 2017-01-09 1335
a046d57d Ursula Braun 2017-01-09 1336 out:
3163c507 Ursula Braun 2018-01-24 1337 release_sock(lsk);
51f1de79 Ursula Braun 2018-01-26 1338 sock_put(&lsmc->sk); /* sock_hold in smc_listen */
a046d57d Ursula Braun 2017-01-09 1339 }
a046d57d Ursula Braun 2017-01-09 1340
:::::: The code at line 1318 was first introduced by commit
:::::: a046d57da19f812216f393e7c535f5858f793ac3 smc: CLC handshake (incl. preparation steps)
:::::: TO: Ursula Braun <ubraun@linux.vnet.ibm.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 33097 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-12-17 5:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-16 23:07 [PATCH] net/smc: fix TCP fallback socket release Myungho Jung
2018-12-17 5:02 ` kbuild test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).