Re: [PATCH] net/smc: fix TCP fallback socket release
Hi Myungho,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net-next/master]
[also build test WARNING on v4.20-rc7 next-20181214]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Myungho-Jung/net-smc-fix-TCP-fallback-socket-release/20181217-122513
config: x86_64-randconfig-x015-201850 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings
All warnings (new ones prefixed by >>):
net/smc/af_smc.c: In function 'smc_tcp_listen_work':
>> net/smc/af_smc.c:1318:6: warning: 'rc' may be used uninitialized in this
>> function [-Wmaybe-uninitialized]
if (rc)
^
vim +/rc +1318 net/smc/af_smc.c
a046d57d Ursula Braun 2017-01-09 1306
a046d57d Ursula Braun 2017-01-09 1307 static void smc_tcp_listen_work(struct
work_struct *work)
a046d57d Ursula Braun 2017-01-09 1308 {
a046d57d Ursula Braun 2017-01-09 1309 struct smc_sock *lsmc =
container_of(work, struct smc_sock,
a046d57d Ursula Braun 2017-01-09 1310
tcp_listen_work);
3163c507 Ursula Braun 2018-01-24 1311 struct sock *lsk = >sk;
a046d57d Ursula Braun 2017-01-09 1312 struct smc_sock *new_smc;
a046d57d Ursula Braun 2017-01-09 1313 int rc = 0;
a046d57d Ursula Braun 2017-01-09 1314
3163c507 Ursula Braun 2018-01-24 1315 lock_sock(lsk);
3163c507 Ursula Braun 2018-01-24 1316 while (lsk->sk_state ==
SMC_LISTEN) {
a046d57d Ursula Braun 2017-01-09 1317 rc =
smc_clcsock_accept(lsmc, _smc);
a046d57d Ursula Braun 2017-01-09 @1318 if (rc)
a046d57d Ursula Braun 2017-01-09 1319 goto out;
a046d57d Ursula Braun 2017-01-09 1320 if (!new_smc)
a046d57d Ursula Braun 2017-01-09 1321 continue;
a046d57d Ursula Braun 2017-01-09 1322
a046d57d Ursula Braun 2017-01-09 1323 new_smc->listen_smc =
lsmc;
ee9dfbef Ursula Braun 2018-04-26 1324 new_smc->use_fallback =
lsmc->use_fallback;
603cc149 Karsten Graul 2018-07-25 1325 new_smc->fallback_rsn =
lsmc->fallback_rsn;
3163c507 Ursula Braun 2018-01-24 1326 sock_hold(lsk); /*
sock_put in smc_listen_work */
a046d57d Ursula Braun 2017-01-09 1327
INIT_WORK(_smc->smc_listen_work, smc_listen_work);
a046d57d Ursula Braun 2017-01-09 1328
smc_copy_sock_settings_to_smc(new_smc);
bd58c7e0 Ursula Braun 2018-08-08 1329 new_smc->sk.sk_sndbuf =
lsmc->sk.sk_sndbuf;
bd58c7e0 Ursula Braun 2018-08-08 1330 new_smc->sk.sk_rcvbuf =
lsmc->sk.sk_rcvbuf;
51f1de79 Ursula Braun 2018-01-26 1331
sock_hold(_smc->sk); /* sock_put in passive closing */
51f1de79 Ursula Braun 2018-01-26 1332 if
(!schedule_work(_smc->smc_listen_work))
51f1de79 Ursula Braun 2018-01-26 1333
sock_put(_smc->sk);
a046d57d Ursula Braun 2017-01-09 1334 }
a046d57d Ursula Braun 2017-01-09 1335
a046d57d Ursula Braun 2017-01-09 1336 out:
3163c507 Ursula Braun 2018-01-24 1337 release_sock(lsk);
51f1de79 Ursula Braun 2018-01-26 1338 sock_put(>sk); /*
sock_hold in smc_listen */
a046d57d Ursula Braun 2017-01-09 1339 }
a046d57d Ursula Braun 2017-01-09 1340
:: The code at line 1318 was first introduced by commit
:: a046d57da19f812216f393e7c535f5858f793ac3 smc: CLC handshake (incl.
preparation steps)
:: TO: Ursula Braun
:: CC: David S. Miller
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[PATCH] net/smc: fix TCP fallback socket release
clcsock can be released while kernel_accept() references it in TCP
listen worker. Also, clcsock needs to wake up before released if TCP
fallback is used and the clcsock is blocked by accept. Add a lock to
safely release clcsock and call kernel_sock_shutdown() to wake up
clcsock from accept in smc_release().
Reported-by: syzbot+0bf2e01269f1274b4...@syzkaller.appspotmail.com
Reported-by: syzbot+e3132895630f95730...@syzkaller.appspotmail.com
Signed-off-by: Myungho Jung
---
net/smc/af_smc.c | 12 +++-
net/smc/smc.h| 2 ++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 5fbaf1901571..a127a13689c3 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -147,8 +147,14 @@ static int smc_release(struct socket *sock)
sk->sk_shutdown |= SHUTDOWN_MASK;
}
if (smc->clcsock) {
+ if (smc->use_fallback && sk->sk_state == SMC_LISTEN) {
+ /* wake up clcsock accept */
+ rc = kernel_sock_shutdown(smc->clcsock, SHUT_RDWR);
+ }
+ mutex_lock(>clcsock_release_lock);
sock_release(smc->clcsock);
smc->clcsock = NULL;
+ mutex_unlock(>clcsock_release_lock);
}
if (smc->use_fallback) {
if (sk->sk_state != SMC_LISTEN && sk->sk_state != SMC_INIT)
@@ -205,6 +211,7 @@ static struct sock *smc_sock_alloc(struct net *net, struct
socket *sock,
spin_lock_init(>conn.send_lock);
sk->sk_prot->hash(sk);
sk_refcnt_debug_inc(sk);
+ mutex_init(>clcsock_release_lock);
return sk;
}
@@ -834,7 +841,10 @@ static int smc_clcsock_accept(struct smc_sock *lsmc,
struct smc_sock **new_smc)
}
*new_smc = smc_sk(new_sk);
- rc = kernel_accept(lsmc->clcsock, _clcsock, 0);
+ mutex_lock(>clcsock_release_lock);
+ if (lsmc->clcsock)
+ rc = kernel_accept(lsmc->clcsock, _clcsock, 0);
+ mutex_unlock(>clcsock_release_lock);
lock_sock(lsk);
if (rc < 0)
lsk->sk_err = -rc;
diff --git a/net/smc/smc.h b/net/smc/smc.h
index 08786ace6010..9a2795cf5d30 100644
--- a/net/smc/smc.h
+++ b/net/smc/smc.h
@@ -219,6 +219,8 @@ struct smc_sock { /* smc sock
container */
* started, waiting for unsent
* data to be sent
*/
+ struct mutexclcsock_release_lock;
+ /* protects clcsock */
};
static inline struct smc_sock *smc_sk(const struct sock *sk)
--
2.17.1
