mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 13:53:33 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Eric Dumazet 693ddd6ffc skmsg: pass gfp argument to alloc_sk_msg() 
[ Upstream commit 2d1f274b95 ]

syzbot found that alloc_sk_msg() could be called from a
non sleepable context. sk_psock_verdict_recv() uses
rcu_read_lock() protection.

We need the callers to pass a gfp_t argument to avoid issues.

syzbot report was:

BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3613, name: syz-executor414
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
INFO: lockdep is turned off.
CPU: 0 PID: 3613 Comm: syz-executor414 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
__might_resched+0x538/0x6a0 kernel/sched/core.c:9877
might_alloc include/linux/sched/mm.h:274 [inline]
slab_pre_alloc_hook mm/slab.h:700 [inline]
slab_alloc_node mm/slub.c:3162 [inline]
slab_alloc mm/slub.c:3256 [inline]
kmem_cache_alloc_trace+0x59/0x310 mm/slub.c:3287
kmalloc include/linux/slab.h:600 [inline]
kzalloc include/linux/slab.h:733 [inline]
alloc_sk_msg net/core/skmsg.c:507 [inline]
sk_psock_skb_ingress_self+0x5c/0x330 net/core/skmsg.c:600
sk_psock_verdict_apply+0x395/0x440 net/core/skmsg.c:1014
sk_psock_verdict_recv+0x34d/0x560 net/core/skmsg.c:1201
tcp_read_skb+0x4a1/0x790 net/ipv4/tcp.c:1770
tcp_rcv_established+0x129d/0x1a10 net/ipv4/tcp_input.c:5971
tcp_v4_do_rcv+0x479/0xac0 net/ipv4/tcp_ipv4.c:1681
sk_backlog_rcv include/net/sock.h:1109 [inline]
__release_sock+0x1d8/0x4c0 net/core/sock.c:2906
release_sock+0x5d/0x1c0 net/core/sock.c:3462
tcp_sendmsg+0x36/0x40 net/ipv4/tcp.c:1483
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
__sys_sendto+0x46d/0x5f0 net/socket.c:2117
__do_sys_sendto net/socket.c:2129 [inline]
__se_sys_sendto net/socket.c:2125 [inline]
__x64_sys_sendto+0xda/0xf0 net/socket.c:2125
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

Fixes: 43312915b5 ("skmsg: Get rid of unncessary memset()")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Cong Wang <cong.wang@bytedance.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-10-29 10:08:32 +02:00
..
6lowpan
9p iov_iter stuff, part 2, rebased 2022-08-08 20:04:35 -07:00
802
8021q
appletalk
atm net/atm: fix proc_mpc_write incorrect return value 2022-10-29 10:08:32 +02:00
ax25 net: avoid overflow when rose /proc displays timer information. 2022-08-05 19:00:02 -07:00
batman-adv batman-adv: Fix hang up with small MTU hard-interface 2022-08-20 14:17:45 +02:00
bluetooth Bluetooth: L2CAP: Fix user-after-free 2022-10-21 12:39:11 +02:00
bpf bpf: Allow calling bpf_prog_test kfuncs in tracing programs 2022-08-09 18:46:11 -07:00
bpfilter
bridge netfilter: ebtables: fix memory leak when blob is malformed 2022-09-20 23:50:03 +02:00
caif caif: Fix bitmap data type in "struct caifsock" 2022-07-22 12:51:45 +01:00
can can: bcm: check the result of can_send() in bcm_can_tx() 2022-10-21 12:39:10 +02:00
ceph libceph: clean up ceph_osdc_start_request prototype 2022-08-03 14:05:39 +02:00
core skmsg: pass gfp argument to alloc_sk_msg() 2022-10-29 10:08:32 +02:00
dcb
dccp dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock 2022-08-01 12:11:56 -07:00
decnet dn_route: replace "jiffies-now>0" with "jiffies!=now" 2022-07-29 20:12:49 -07:00
dns_resolver
dsa net: dsa: hellcreek: Print warning only once 2022-08-31 19:54:04 -07:00
ethernet
ethtool net: delete extra space and tab in blank line 2022-07-25 19:38:31 -07:00
hsr
ieee802154 net/ieee802154: don't warn zero-sized raw_sendmsg() 2022-10-21 12:39:28 +02:00
ife
ipv4 net: flag sockets supporting msghdr originated zerocopy 2022-10-26 12:22:56 +02:00
ipv6 netfilter: nft_fib: Fix for rpath check with VRF devices 2022-10-21 12:38:18 +02:00
iucv
kcm kcm: fix strp_init() order and cleanup 2022-08-31 12:16:44 -07:00
key Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2022-08-24 12:51:50 +01:00
l2tp
l3mdev
lapb
llc
mac80211 wifi: mac80211: accept STA changes without link changes 2022-10-21 12:39:06 +02:00
mac802154 net: mac802154: Fix a condition in the receive path 2022-08-29 11:10:22 +02:00
mctp mctp: prevent double key removal and unref 2022-10-15 08:02:58 +02:00
mpls net: Use u64_stats_fetch_begin_irq() for stats fetch. 2022-08-29 13:02:27 +01:00
mptcp mptcp: fix unreleased socket in accept queue 2022-09-28 19:05:21 -07:00
ncsi
netfilter netfilter: conntrack: revisit the gc initial rescheduling bias 2022-10-21 12:38:11 +02:00
netlabel netlabel: fix typo in comment 2022-08-10 09:24:41 +01:00
netlink net: genl: fix error path memory leak in policy dumping 2022-08-18 10:20:48 -07:00
netrom
nfc
nsh
openvswitch openvswitch: Fix overreporting of drops in dropwatch 2022-10-21 12:39:06 +02:00
packet net/af_packet: check len when min_header_len equals to 0 2022-07-29 12:09:27 +01:00
phonet
psample
qrtr net: qrtr: start MHI channel after endpoit creation 2022-08-15 11:21:42 +01:00
rds net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() 2022-10-21 12:38:20 +02:00
rfkill
rose rose: check NULL rose_loopback_neigh->loopback 2022-08-22 14:24:54 +01:00
rxrpc rxrpc: Remove rxrpc_get_reply_time() which is no longer used 2022-09-01 11:44:13 +01:00
sched net: sched: cls_u32: Avoid memcpy() false-positive warning 2022-10-21 12:39:11 +02:00
sctp sctp: handle the error returned from sctp_auth_asoc_init_active_key 2022-10-21 12:38:19 +02:00
smc net/smc: Fix an error code in smc_lgr_create() 2022-10-29 10:08:32 +02:00
strparser
sunrpc NFS client bugfixes for Linux 6.0 2022-09-12 17:53:46 -04:00
switchdev
tipc tipc: fix an information leak in tipc_topsrv_kern_subscr 2022-10-29 10:08:32 +02:00
tls tls: strp: make sure the TCP skbs do not have overlapping data 2022-10-29 10:08:32 +02:00
unix af_unix: Fix memory leaks of the whole sk due to OOB skb. 2022-10-21 12:38:20 +02:00
vmw_vsock vhost/vsock: Use kvmalloc/kvfree for larger packets. 2022-10-21 12:38:19 +02:00
wireless wifi: cfg80211: get correct AP link chandef 2022-10-21 12:38:03 +02:00
x25 net/x25: fix call timeouts in blocking connects 2022-08-08 20:48:51 -07:00
xdp xsk: Fix backpressure mechanism on Tx 2022-10-21 12:38:05 +02:00
xfrm xfrm: Update ipcomp_scratches with NULL when freed 2022-10-21 12:39:07 +02:00
compat.c net: clear msg_get_inq in __get_compat_msghdr() 2022-09-20 08:23:20 -07:00
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c net: Fix a data-race around sysctl_somaxconn. 2022-08-24 13:46:58 +01:00
sysctl_net.c