FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-15 21:30:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7716682cc5
linux/net
History
Eric Dumazet 7716682cc5 tcp/dccp: fix another race at listener dismantle 
Ilya reported following lockdep splat:

kernel: =========================
kernel: [ BUG: held lock freed! ]
kernel: 4.5.0-rc1-ceph-00026-g5e0a311 #1 Not tainted
kernel: -------------------------
kernel: swapper/5/0 is freeing memory
ffff880035c9d200-ffff880035c9dbff, with a lock still held there!
kernel: (&(&queue->rskq_lock)->rlock){+.-...}, at:
[<ffffffff816f6a88>] inet_csk_reqsk_queue_add+0x28/0xa0
kernel: 4 locks held by swapper/5/0:
kernel: #0:  (rcu_read_lock){......}, at: [<ffffffff8169ef6b>]
netif_receive_skb_internal+0x4b/0x1f0
kernel: #1:  (rcu_read_lock){......}, at: [<ffffffff816e977f>]
ip_local_deliver_finish+0x3f/0x380
kernel: #2:  (slock-AF_INET){+.-...}, at: [<ffffffff81685ffb>]
sk_clone_lock+0x19b/0x440
kernel: #3:  (&(&queue->rskq_lock)->rlock){+.-...}, at:
[<ffffffff816f6a88>] inet_csk_reqsk_queue_add+0x28/0xa0

To properly fix this issue, inet_csk_reqsk_queue_add() needs
to return to its callers if the child as been queued
into accept queue.

We also need to make sure listener is still there before
calling sk->sk_data_ready(), by holding a reference on it,
since the reference carried by the child can disappear as
soon as the child is put on accept queue.

Reported-by: Ilya Dryomov <idryomov@gmail.com>
Fixes: ebb516af60 ("tcp/dccp: fix race at listener dismantle phase")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 11:35:51 -05:00
..
6lowpan
9p Rework and error handling fixes, primarily in the fscatch and fd transports. 2016-01-24 12:39:09 -08:00
802
8021q
appletalk
atm
ax25
batman-adv batman-adv: Drop immediate orig_node free function 2016-01-16 22:50:00 +08:00
bluetooth Bluetooth: Fix incorrect removing of IRKs 2016-01-29 11:47:24 +01:00
bridge bridge: mdb: avoid uninitialized variable warning 2016-02-16 15:37:28 -05:00
caif
can
ceph libceph: MOSDOpReply v7 encoding 2016-02-04 18:26:08 +01:00
core net: Copy inner L3 and L4 headers as unaligned on GRE TEB 2016-02-16 15:25:01 -05:00
dcb
dccp tcp/dccp: fix another race at listener dismantle 2016-02-18 11:35:51 -05:00
decnet
dns_resolver
dsa net: dsa: Unregister slave_dev in error path 2016-02-17 22:05:16 -05:00
ethernet net: Add eth_platform_get_mac_address() helper. 2016-01-06 16:31:56 -05:00
hsr
ieee802154 inet: kill unused skb_free op 2016-01-05 22:25:57 -05:00
ipv4 tcp/dccp: fix another race at listener dismantle 2016-02-18 11:35:51 -05:00
ipv6 tcp/dccp: fix another race at listener dismantle 2016-02-18 11:35:51 -05:00
ipx
irda irda: fix a potential use-after-free in ircomm_param_request 2016-01-29 22:56:46 -08:00
iucv af_iucv: Validate socket address length in iucv_sock_bind() 2016-01-19 14:21:08 -05:00
key
l2tp l2tp: Fix error creating L2TP tunnels 2016-02-17 15:34:47 -05:00
l3mdev
lapb
llc
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-01 15:56:08 -08:00
mac802154 mac802154: constify ieee802154_llsec_ops structure 2016-01-04 20:40:41 +01:00
mpls
netfilter netfilter: nft_counter: fix erroneous return values 2016-02-08 13:05:02 +01:00
netlabel
netlink netlink: not trim skb for mmaped socket when dump 2016-01-29 20:25:17 -08:00
netrom
nfc NFC 4.5 pull request 2016-01-04 21:48:15 -05:00
openvswitch vxlan, gre, geneve: Set a large MTU on ovs-created tunnel devices 2016-02-10 05:50:03 -05:00
packet
phonet phonet: properly unshare skbs in phonet_rcv() 2016-01-12 12:05:38 -05:00
rds Initial roundup of 4.5 merge window patches 2016-01-23 18:45:06 -08:00
rfkill rfkill: fix rfkill_fop_read wait_event usage 2016-01-26 11:32:05 +01:00
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-01-12 18:57:02 -08:00
sched net_sched fix: reclassification needs to consider ether protocol changes 2016-02-18 11:14:19 -05:00
sctp sctp: translate network order to host order when users get a hmacid 2016-02-09 04:53:16 -05:00
sunrpc Initial roundup of 4.5 merge window patches 2016-01-23 18:45:06 -08:00
switchdev switchdev: Require RTNL mutex to be held when sending FDB notifications 2016-01-28 16:21:31 -08:00
tipc tipc: fix premature addition of node to lookup table 2016-02-16 15:57:11 -05:00
unix af_unix: Guard against other == sk in unix_dgram_sendmsg 2016-02-16 12:53:35 -05:00
vmw_vsock vsock: Fix blocking ops call in prepare_to_wait 2016-02-13 05:57:39 -05:00
wimax
wireless regulatory: fix world regulatory domain data 2016-01-14 11:10:13 +01:00
x25
xfrm net: preserve IP control block during GSO segmentation 2016-01-15 14:35:24 -05:00
compat.c
Kconfig net, sched: add clsact qdisc 2016-01-10 22:13:15 -05:00
Makefile
socket.c kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
sysctl_net.c