linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] net/smc: fix TCP fallback socket release
@ 2018-12-16 23:07 Myungho Jung
  2018-12-17  5:02 ` kbuild test robot
  0 siblings, 1 reply; 2+ messages in thread
From: Myungho Jung @ 2018-12-16 23:07 UTC (permalink / raw)
  To: Ursula Braun, David S. Miller; +Cc: linux-s390, netdev, linux-kernel

clcsock can be released while kernel_accept() references it in TCP
listen worker. Also, clcsock needs to wake up before released if TCP
fallback is used and the clcsock is blocked by accept. Add a lock to
safely release clcsock and call kernel_sock_shutdown() to wake up
clcsock from accept in smc_release().

Reported-by: syzbot+0bf2e01269f1274b4b03@syzkaller.appspotmail.com
Reported-by: syzbot+e3132895630f957306bc@syzkaller.appspotmail.com
Signed-off-by: Myungho Jung <mhjungk@gmail.com>
---
 net/smc/af_smc.c | 12 +++++++++++-
 net/smc/smc.h    |  2 ++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 5fbaf1901571..a127a13689c3 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -147,8 +147,14 @@ static int smc_release(struct socket *sock)
 		sk->sk_shutdown |= SHUTDOWN_MASK;
 	}
 	if (smc->clcsock) {
+		if (smc->use_fallback && sk->sk_state == SMC_LISTEN) {
+			/* wake up clcsock accept */
+			rc = kernel_sock_shutdown(smc->clcsock, SHUT_RDWR);
+		}
+		mutex_lock(&smc->clcsock_release_lock);
 		sock_release(smc->clcsock);
 		smc->clcsock = NULL;
+		mutex_unlock(&smc->clcsock_release_lock);
 	}
 	if (smc->use_fallback) {
 		if (sk->sk_state != SMC_LISTEN && sk->sk_state != SMC_INIT)
@@ -205,6 +211,7 @@ static struct sock *smc_sock_alloc(struct net *net, struct socket *sock,
 	spin_lock_init(&smc->conn.send_lock);
 	sk->sk_prot->hash(sk);
 	sk_refcnt_debug_inc(sk);
+	mutex_init(&smc->clcsock_release_lock);
 
 	return sk;
 }
@@ -834,7 +841,10 @@ static int smc_clcsock_accept(struct smc_sock *lsmc, struct smc_sock **new_smc)
 	}
 	*new_smc = smc_sk(new_sk);
 
-	rc = kernel_accept(lsmc->clcsock, &new_clcsock, 0);
+	mutex_lock(&lsmc->clcsock_release_lock);
+	if (lsmc->clcsock)
+		rc = kernel_accept(lsmc->clcsock, &new_clcsock, 0);
+	mutex_unlock(&lsmc->clcsock_release_lock);
 	lock_sock(lsk);
 	if  (rc < 0)
 		lsk->sk_err = -rc;
diff --git a/net/smc/smc.h b/net/smc/smc.h
index 08786ace6010..9a2795cf5d30 100644
--- a/net/smc/smc.h
+++ b/net/smc/smc.h
@@ -219,6 +219,8 @@ struct smc_sock {				/* smc sock container */
 						 * started, waiting for unsent
 						 * data to be sent
 						 */
+	struct mutex            clcsock_release_lock;
+						/* protects clcsock */
 };
 
 static inline struct smc_sock *smc_sk(const struct sock *sk)
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] net/smc: fix TCP fallback socket release
  2018-12-16 23:07 [PATCH] net/smc: fix TCP fallback socket release Myungho Jung
@ 2018-12-17  5:02 ` kbuild test robot
  0 siblings, 0 replies; 2+ messages in thread
From: kbuild test robot @ 2018-12-17  5:02 UTC (permalink / raw)
  To: Myungho Jung
  Cc: kbuild-all, Ursula Braun, David S. Miller, linux-s390, netdev,
	linux-kernel

[-- Attachment #1: Type: text/plain, Size: 3787 bytes --]

Hi Myungho,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on net-next/master]
[also build test WARNING on v4.20-rc7 next-20181214]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Myungho-Jung/net-smc-fix-TCP-fallback-socket-release/20181217-122513
config: x86_64-randconfig-x015-201850 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings

All warnings (new ones prefixed by >>):

   net/smc/af_smc.c: In function 'smc_tcp_listen_work':
>> net/smc/af_smc.c:1318:6: warning: 'rc' may be used uninitialized in this function [-Wmaybe-uninitialized]
      if (rc)
         ^

vim +/rc +1318 net/smc/af_smc.c

a046d57d Ursula Braun  2017-01-09  1306  
a046d57d Ursula Braun  2017-01-09  1307  static void smc_tcp_listen_work(struct work_struct *work)
a046d57d Ursula Braun  2017-01-09  1308  {
a046d57d Ursula Braun  2017-01-09  1309  	struct smc_sock *lsmc = container_of(work, struct smc_sock,
a046d57d Ursula Braun  2017-01-09  1310  					     tcp_listen_work);
3163c507 Ursula Braun  2018-01-24  1311  	struct sock *lsk = &lsmc->sk;
a046d57d Ursula Braun  2017-01-09  1312  	struct smc_sock *new_smc;
a046d57d Ursula Braun  2017-01-09  1313  	int rc = 0;
a046d57d Ursula Braun  2017-01-09  1314  
3163c507 Ursula Braun  2018-01-24  1315  	lock_sock(lsk);
3163c507 Ursula Braun  2018-01-24  1316  	while (lsk->sk_state == SMC_LISTEN) {
a046d57d Ursula Braun  2017-01-09  1317  		rc = smc_clcsock_accept(lsmc, &new_smc);
a046d57d Ursula Braun  2017-01-09 @1318  		if (rc)
a046d57d Ursula Braun  2017-01-09  1319  			goto out;
a046d57d Ursula Braun  2017-01-09  1320  		if (!new_smc)
a046d57d Ursula Braun  2017-01-09  1321  			continue;
a046d57d Ursula Braun  2017-01-09  1322  
a046d57d Ursula Braun  2017-01-09  1323  		new_smc->listen_smc = lsmc;
ee9dfbef Ursula Braun  2018-04-26  1324  		new_smc->use_fallback = lsmc->use_fallback;
603cc149 Karsten Graul 2018-07-25  1325  		new_smc->fallback_rsn = lsmc->fallback_rsn;
3163c507 Ursula Braun  2018-01-24  1326  		sock_hold(lsk); /* sock_put in smc_listen_work */
a046d57d Ursula Braun  2017-01-09  1327  		INIT_WORK(&new_smc->smc_listen_work, smc_listen_work);
a046d57d Ursula Braun  2017-01-09  1328  		smc_copy_sock_settings_to_smc(new_smc);
bd58c7e0 Ursula Braun  2018-08-08  1329  		new_smc->sk.sk_sndbuf = lsmc->sk.sk_sndbuf;
bd58c7e0 Ursula Braun  2018-08-08  1330  		new_smc->sk.sk_rcvbuf = lsmc->sk.sk_rcvbuf;
51f1de79 Ursula Braun  2018-01-26  1331  		sock_hold(&new_smc->sk); /* sock_put in passive closing */
51f1de79 Ursula Braun  2018-01-26  1332  		if (!schedule_work(&new_smc->smc_listen_work))
51f1de79 Ursula Braun  2018-01-26  1333  			sock_put(&new_smc->sk);
a046d57d Ursula Braun  2017-01-09  1334  	}
a046d57d Ursula Braun  2017-01-09  1335  
a046d57d Ursula Braun  2017-01-09  1336  out:
3163c507 Ursula Braun  2018-01-24  1337  	release_sock(lsk);
51f1de79 Ursula Braun  2018-01-26  1338  	sock_put(&lsmc->sk); /* sock_hold in smc_listen */
a046d57d Ursula Braun  2017-01-09  1339  }
a046d57d Ursula Braun  2017-01-09  1340  

:::::: The code at line 1318 was first introduced by commit
:::::: a046d57da19f812216f393e7c535f5858f793ac3 smc: CLC handshake (incl. preparation steps)

:::::: TO: Ursula Braun <ubraun@linux.vnet.ibm.com>
:::::: CC: David S. Miller <davem@davemloft.net>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 33097 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-12-17  5:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-16 23:07 [PATCH] net/smc: fix TCP fallback socket release Myungho Jung
2018-12-17  5:02 ` kbuild test robot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).