UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/net
History
David Howells 88e2215975 rxrpc: Fix listen() setting the bar too high for the prealloc rings 
AF_RXRPC's listen() handler lets you set the backlog up to 32 (if you bump
up the sysctl), but whilst the preallocation circular buffers have 32 slots
in them, one of them has to be a dead slot because we're using CIRC_CNT().

This means that listen(rxrpc_sock, 32) will cause an oops when the socket
is closed because rxrpc_service_prealloc_one() allocated one too many calls
and rxrpc_discard_prealloc() won't then be able to get rid of them because
it'll think the ring is empty.  rxrpc_release_calls_on_socket() then tries
to abort them, but oopses because call->peer isn't yet set.

Fix this by setting the maximum backlog to RXRPC_BACKLOG_MAX - 1 to match
the ring capacity.

 BUG: kernel NULL pointer dereference, address: 0000000000000086
 ...
 RIP: 0010:rxrpc_send_abort_packet+0x73/0x240 [rxrpc]
 Call Trace:
  <TASK>
  ? __wake_up_common_lock+0x7a/0x90
  ? rxrpc_notify_socket+0x8e/0x140 [rxrpc]
  ? rxrpc_abort_call+0x4c/0x60 [rxrpc]
  rxrpc_release_calls_on_socket+0x107/0x1a0 [rxrpc]
  rxrpc_release+0xc9/0x1c0 [rxrpc]
  __sock_release+0x37/0xa0
  sock_close+0x11/0x20
  __fput+0x89/0x240
  task_work_run+0x59/0x90
  do_exit+0x319/0xaa0

Fixes: 00e907127e ("rxrpc: Preallocate peers, conns and calls for incoming service requests")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-afs@lists.infradead.org
Link: https://lists.infradead.org/pipermail/linux-afs/2022-March/005079.html
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2022-05-22 21:30:53 +01:00
..
6lowpan net: don't include ndisc.h from ipv6.h 2022-02-04 14:15:11 -08:00
9p xen/grant-table: remove readonly parameter from functions 2022-03-15 20:34:40 -05:00
802 net: 802: Use memset_startat() to clear struct fields 2021-11-19 11:23:23 +00:00
8021q vlan: use correct format characters 2022-03-17 16:34:49 -07:00
appletalk
atm proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
ax25 ax25: Fix UAF bugs in ax25 timers 2022-03-29 10:24:34 +02:00
batman-adv batman-adv: Don't skb_split skbuffs with frag_list 2022-04-17 23:41:44 +02:00
bluetooth Bluetooth: Fix the creation of hdev->name 2022-05-11 17:18:42 -07:00
bpf bpf: Fix release of page_pool in BPF_PROG_RUN in test runner 2022-04-11 17:30:15 +02:00
bpfilter uaccess: remove CONFIG_SET_FS 2022-02-25 09:36:06 +01:00
bridge net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. 2022-05-19 09:20:44 +02:00
caif net: caif: Use netif_rx(). 2022-03-04 12:02:19 +00:00
can can: isotp: remove re-binding of bound socket 2022-04-29 11:02:47 +02:00
ceph libceph: disambiguate cluster/pool full log message 2022-04-25 10:45:15 +02:00
core net: fix dev_fill_forward_path with pppoe + bridge 2022-05-16 12:58:55 +02:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-03 08:01:55 -08:00
dccp Revert "tcp/dccp: get rid of inet_twsk_purge()" 2022-05-13 12:24:12 +01:00
decnet decnet: Use container_of() for struct dn_neigh casts 2022-05-10 12:21:51 +02:00
dns_resolver
dsa net: dsa: flush switchdev workqueue on bridge join error path 2022-05-09 18:08:04 -07:00
ethernet gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers 2021-11-24 17:21:42 -08:00
ethtool ethtool: add support to set/get completion queue event size 2022-02-23 20:33:05 -08:00
hsr net: add per-cpu storage and net->core_stats 2022-03-11 23:17:24 -08:00
ieee802154 net: ipv6: Handle delivery_time in ipv6 defrag 2022-03-03 14:38:48 +00:00
ife
ipv4 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2022-05-18 12:47:36 +01:00
ipv6 Revert "tcp/dccp: get rid of inet_twsk_purge()" 2022-05-13 12:24:12 +01:00
iucv s390/iucv: sort out physical vs virtual pointers usage 2022-02-22 16:09:13 -08:00
kcm net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
key net: af_key: check encryption module availability consistency 2022-05-18 09:42:16 +02:00
l2tp l2tp: add netns refcount tracker to l2tp_dfs_seq_data 2021-12-10 06:38:27 -08:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-15 14:27:24 -07:00
lapb
llc llc: only change llc->dev when bind() succeeds 2022-03-25 16:55:41 -07:00
mac80211 mac80211: Reset MBSSID parameters upon connection 2022-05-04 11:37:46 +02:00
mac802154 mac802154: use dev_addr_set() - manual 2021-10-20 14:27:40 +01:00
mctp mctp: defer the kfree of object mdev->addrs 2022-04-26 09:14:47 +02:00
mpls net: mpls: Fix GCC 12 warning 2022-02-10 15:29:39 +00:00
mptcp mptcp: Do TCP fallback on early DSS checksum failure 2022-05-18 13:05:42 +01:00
ncsi all: replace find_next{,_zero}_bit with find_first{,_zero}_bit where appropriate 2022-01-15 08:47:31 -08:00
netfilter netfilter: nf_tables: disable expression reduction infra 2022-05-18 17:34:26 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-03-21 10:59:11 +00:00
netlink netlink: do not reset transport header in netlink_recvmsg() 2022-05-06 15:37:36 -07:00
netrom netrom: fix api breakage in nr_setsockopt() 2022-01-07 14:11:05 +00:00
nfc NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc 2022-05-17 17:55:53 -07:00
nsh
openvswitch openvswitch: fix OOB access in reserve_sfa_size() 2022-04-15 11:50:02 +01:00
packet net/packet: fix packet_sock xmit return value checking 2022-04-15 11:17:30 +01:00
phonet phonet: Use netif_rx(). 2022-03-07 11:40:41 +00:00
psample
qrtr bus: mhi: core: Add an API for auto queueing buffers for DL channel 2021-12-17 17:17:14 +01:00
rds net: rds: use maybe_get_net() when acquiring refcount on TCP sockets 2022-05-05 16:44:49 -07:00
rfkill rfkill: make new event layout opt-in 2022-03-18 13:09:17 +02:00
rose net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
rxrpc rxrpc: Fix listen() setting the bar too high for the prealloc rings 2022-05-22 21:30:53 +01:00
sched net/sched: act_pedit: sanitize shift argument before usage 2022-05-16 11:48:30 +01:00
sctp sctp: check asoc strreset_chunk in sctp_generate_reconf_event 2022-04-23 22:34:17 +01:00
smc net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending 2022-05-12 10:01:36 -07:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-09 01:05:28 +01:00
sunrpc SUNRPC: Ensure that the gssproxy client can start in a connected state 2022-05-07 14:31:15 -04:00
switchdev net: switchdev: remove lag_mod_cb from switchdev_handle_fdb_event_to_device 2022-02-24 21:31:43 -08:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
tls tls: Fix context leak on tls_device_down 2022-05-12 10:01:36 -07:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
vmw_vsock vsock/virtio: enable VQs early on probe 2022-03-24 18:36:36 -07:00
wireless nl80211: fix locking in nl80211_set_tx_bitrate_mask() 2022-05-09 14:00:07 +02:00
x25 net/x25: Fix null-ptr-deref caused by x25_disconnect 2022-03-26 11:48:16 -07:00
xdp xsk: Fix possible crash when multiple sockets are created 2022-04-26 16:19:54 +02:00
xfrm xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown 2022-05-17 11:02:07 +02:00
Kconfig page_pool: Add allocation stats 2022-03-03 09:55:28 +00:00
Kconfig.debug net: add networking namespace refcount tracker 2021-12-10 06:38:26 -08:00
Makefile
compat.c
devres.c
socket.c fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
sysctl_net.c sections: move and rename core_kernel_data() to is_kernel_core_data() 2021-11-09 10:02:50 -08:00