1. 27 2月, 2020 1 次提交
    • U
      net/smc: fix cleanup for linkgroup setup failures · 51e3dfa8
      Ursula Braun 提交于
      If an SMC connection to a certain peer is setup the first time,
      a new linkgroup is created. In case of setup failures, such a
      linkgroup is unusable and should disappear. As a first step the
      linkgroup is removed from the linkgroup list in smc_lgr_forget().
      
      There are 2 problems:
      smc_listen_decline() might be called before linkgroup creation
      resulting in a crash due to calling smc_lgr_forget() with
      parameter NULL.
      If a setup failure occurs after linkgroup creation, the connection
      is never unregistered from the linkgroup, preventing linkgroup
      freeing.
      
      This patch introduces an enhanced smc_lgr_cleanup_early() function
      which
      * contains a linkgroup check for early smc_listen_decline()
        invocations
      * invokes smc_conn_free() to guarantee unregistering of the
        connection.
      * schedules fast linkgroup removal of the unusable linkgroup
      
      And the unused function smcd_conn_free() is removed from smc_core.h.
      
      Fixes: 3b2dec26 ("net/smc: restructure client and server code in af_smc")
      Fixes: 2a0674ff ("net/smc: improve abnormal termination of link groups")
      Signed-off-by: NUrsula Braun <ubraun@linux.ibm.com>
      Signed-off-by: NKarsten Graul <kgraul@linux.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      51e3dfa8
  2. 14 2月, 2020 1 次提交
  3. 16 12月, 2019 1 次提交
    • U
      net/smc: add fallback check to connect() · 86434744
      Ursula Braun 提交于
      FASTOPEN setsockopt() or sendmsg() may switch the SMC socket to fallback
      mode. Once fallback mode is active, the native TCP socket functions are
      called. Nevertheless there is a small race window, when FASTOPEN
      setsockopt/sendmsg runs in parallel to a connect(), and switch the
      socket into fallback mode before connect() takes the sock lock.
      Make sure the SMC-specific connect setup is omitted in this case.
      
      This way a syzbot-reported refcount problem is fixed, triggered by
      different threads running non-blocking connect() and FASTOPEN_KEY
      setsockopt.
      
      Reported-by: syzbot+96d3f9ff6a86d37e44c8@syzkaller.appspotmail.com
      Fixes: 6d6dd528 ("net/smc: fix refcount non-blocking connect() -part 2")
      Signed-off-by: NUrsula Braun <ubraun@linux.ibm.com>
      Signed-off-by: NKarsten Graul <kgraul@linux.ibm.com>
      Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      86434744
  4. 17 11月, 2019 3 次提交
  5. 13 11月, 2019 1 次提交
  6. 30 10月, 2019 1 次提交
  7. 26 10月, 2019 2 次提交
  8. 23 10月, 2019 1 次提交
  9. 06 8月, 2019 2 次提交
  10. 28 6月, 2019 1 次提交
  11. 27 6月, 2019 1 次提交
  12. 21 5月, 2019 1 次提交
  13. 13 4月, 2019 7 次提交
  14. 12 4月, 2019 3 次提交
  15. 22 2月, 2019 1 次提交
  16. 08 2月, 2019 3 次提交
  17. 04 2月, 2019 1 次提交
  18. 02 2月, 2019 1 次提交
  19. 08 1月, 2019 1 次提交
    • C
      smc: move unhash as early as possible in smc_release() · 26d92e95
      Cong Wang 提交于
      In smc_release() we release smc->clcsock before unhash the smc
      sock, but a parallel smc_diag_dump() may be still reading
      smc->clcsock, therefore this could cause a use-after-free as
      reported by syzbot.
      
      Reported-and-tested-by: syzbot+fbd1e5476e4c94c7b34e@syzkaller.appspotmail.com
      Fixes: 51f1de79 ("net/smc: replace sock_put worker by socket refcounting")
      Cc: Ursula Braun <ubraun@linux.ibm.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Reported-by: syzbot+0bf2e01269f1274b4b03@syzkaller.appspotmail.com
      Reported-by: syzbot+e3132895630f957306bc@syzkaller.appspotmail.com
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      26d92e95
  20. 19 12月, 2018 1 次提交
    • M
      net/smc: fix TCP fallback socket release · 78abe3d0
      Myungho Jung 提交于
      clcsock can be released while kernel_accept() references it in TCP
      listen worker. Also, clcsock needs to wake up before released if TCP
      fallback is used and the clcsock is blocked by accept. Add a lock to
      safely release clcsock and call kernel_sock_shutdown() to wake up
      clcsock from accept in smc_release().
      
      Reported-by: syzbot+0bf2e01269f1274b4b03@syzkaller.appspotmail.com
      Reported-by: syzbot+e3132895630f957306bc@syzkaller.appspotmail.com
      Signed-off-by: NMyungho Jung <mhjungk@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      78abe3d0
  21. 24 11月, 2018 5 次提交
  22. 22 11月, 2018 1 次提交