mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 06:33:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/include/net
History
David Howells 92128a7170 rxrpc: Fix timeout of a call that hasn't yet been granted a channel 
[ Upstream commit db099c625b ]

afs_make_call() calls rxrpc_kernel_begin_call() to begin a call (which may
get stalled in the background waiting for a connection to become
available); it then calls rxrpc_kernel_set_max_life() to set the timeouts -
but that starts the call timer so the call timer might then expire before
we get a connection assigned - leading to the following oops if the call
stalled:

	BUG: kernel NULL pointer dereference, address: 0000000000000000
	...
	CPU: 1 PID: 5111 Comm: krxrpcio/0 Not tainted 6.3.0-rc7-build3+ #701
	RIP: 0010:rxrpc_alloc_txbuf+0xc0/0x157
	...
	Call Trace:
	 <TASK>
	 rxrpc_send_ACK+0x50/0x13b
	 rxrpc_input_call_event+0x16a/0x67d
	 rxrpc_io_thread+0x1b6/0x45f
	 ? _raw_spin_unlock_irqrestore+0x1f/0x35
	 ? rxrpc_input_packet+0x519/0x519
	 kthread+0xe7/0xef
	 ? kthread_complete_and_exit+0x1b/0x1b
	 ret_from_fork+0x22/0x30

Fix this by noting the timeouts in struct rxrpc_call when the call is
created.  The timer will be started when the first packet is transmitted.

It shouldn't be possible to trigger this directly from userspace through
AF_RXRPC as sendmsg() will return EBUSY if the call is in the
waiting-for-conn state if it dropped out of the wait due to a signal.

Fixes: 9d35d880e0 ("rxrpc: Move client call connection to the I/O thread")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: linux-afs@lists.infradead.org
cc: netdev@vger.kernel.org
cc: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-05-17 13:58:47 +02:00
..
9p net/9p: distinguish zero-copy requests 2022-12-06 07:30:55 +09:00
bluetooth Bluetooth: Fix printing errors if LE Connection times out 2023-04-20 12:36:54 +02:00
caif
iucv
mana net: mana: Fix IRQ name - add PCI and queue number 2023-01-20 18:17:17 -08:00
netfilter netfilter: nf_tables: deactivate anonymous set from preparation phase 2023-05-11 23:11:36 +09:00
netns netfilter: ctnetlink: make event listener tracking global 2023-03-11 13:50:30 +01:00
nfc
phonet
sctp sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop 2023-03-11 13:50:31 +01:00
tc_act net/sched: transition act_pedit to rcu and percpu stats 2023-03-11 13:50:33 +01:00
6lowpan.h
act_api.h net/sched: move struct action_ops definition out of ifdef 2022-12-09 09:18:07 +00:00
addrconf.h ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr 2022-07-28 10:42:44 -07:00
af_ieee802154.h
af_rxrpc.h rxrpc: Fix timeout of a call that hasn't yet been granted a channel 2023-05-17 13:58:47 +02:00
af_unix.h
af_vsock.h vsock: add API call for data ready 2022-08-23 10:43:11 +02:00
ah.h
amt.h
arp.h
atmclip.h
ax25.h ax25: fix incorrect dev_tracker usage 2022-07-28 22:06:15 -07:00
ax88796.h ax88796: Fix some typo in a comment 2022-08-09 22:14:02 -07:00
bareudp.h
bond_3ad.h net: bonding: Share lacpdu_mcast_addr definition 2022-09-16 14:34:01 +01:00
bond_alb.h bonding (gcc13): synchronize bond_{a,t}lb_xmit() types 2022-11-02 20:38:13 -07:00
bond_options.h
bonding.h bonding: fix ns validation on backup slaves 2023-04-20 12:36:54 +02:00
bpf_sk_storage.h
busy_poll.h net: Fix a data-race around sysctl_net_busy_poll. 2022-08-24 13:46:58 +01:00
calipso.h
cfg80211-wext.h wifi: cfg80211: Avoid clashing function prototypes 2022-11-16 11:31:47 +02:00
cfg80211.h wifi: cfg80211: Correct example of ieee80211_iface_limit 2022-12-01 13:53:19 +01:00
cfg802154.h ieee802154: Advertize coordinators discovery 2022-11-29 15:34:22 +01:00
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h net: copy from user before calling __get_compat_msghdr 2022-07-24 18:39:17 -06:00
datalink.h
dcbevent.h
dcbnl.h net: dcb: add new apptrust attribute 2022-11-03 15:16:50 +01:00
devlink.h net: devlink: add DEVLINK_INFO_VERSION_GENERIC_FW_BOOTLOADER 2022-12-12 11:39:13 +01:00
dropreason.h net: dropreason: add SKB_DROP_REASON_FRAG_TOO_FAR 2022-10-31 20:14:27 -07:00
dsa.h net: dsa: move tag_8021q headers to their proper place 2022-11-22 20:41:53 -08:00
dsfield.h
dst.h net: add atomic_long_t to net_device_stats fields 2022-11-16 12:48:44 +00:00
dst_cache.h
dst_metadata.h xfrm: interface: Add unstable helpers for setting/getting XFRM metadata from TC-BPF 2022-12-05 21:58:27 -08:00
dst_ops.h
erspan.h
esp.h
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h
firewire.h firewire: net: Make use of get_unaligned_be48(), put_unaligned_be48() 2022-07-28 22:21:54 -07:00
flow.h net: Remove DECnet leftovers from flow.h. 2022-10-03 12:41:59 +01:00
flow_dissector.h flow_dissector: Add L2TPv3 dissectors 2022-09-20 09:13:38 +02:00
flow_offload.h net: flow_offload: add support for ARP frame matching 2022-11-14 11:24:16 +00:00
fou.h
fq.h
fq_impl.h wifi: mac80211: add support for restricting netdev features per vif 2022-12-01 15:09:10 +01:00
garp.h
gen_stats.h
genetlink.h mptcp: more detailed error reporting on endpoint creation 2022-11-21 13:09:07 +00:00
geneve.h net: geneve: fix array of flexible structures warnings 2022-10-31 10:43:04 +00:00
gre.h
gro.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-08-25 16:07:42 -07:00
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h Merge tag 'ieee802154-for-net-next-2022-10-25' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan-next 2022-10-26 15:24:36 +01:00
if_inet6.h
ife.h
ila.h
inet6_connection_sock.h
inet6_hashtables.h net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set 2022-07-29 11:58:54 +01:00
inet_common.h
inet_connection_sock.h net: Add a bhash2 table hashed by port and address 2022-08-24 19:30:07 -07:00
inet_dscp.h
inet_ecn.h
inet_frag.h net: dropreason: add SKB_DROP_REASON_FRAG_REASM_TIMEOUT 2022-10-31 20:14:27 -07:00
inet_hashtables.h tcp: Add TIME_WAIT sockets in bhash2. 2022-12-30 07:25:52 +00:00
inet_sock.h net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set 2022-07-29 11:58:54 +01:00
inet_timewait_sock.h tcp: Add TIME_WAIT sockets in bhash2. 2022-12-30 07:25:52 +00:00
inetpeer.h
ioam6.h
ip.h net: use struct_group to copy ip/ipv6 header addresses 2022-11-17 10:42:45 +01:00
ip6_checksum.h
ip6_fib.h
ip6_route.h
ip6_tunnel.h
ip_fib.h
ip_tunnels.h net: Add helper function to parse netlink msg of ip_tunnel_parm 2022-10-03 07:59:06 +01:00
ip_vs.h ipvs: run_estimation should control the kthread tasks 2022-12-10 22:44:43 +01:00
ipcomp.h xfrm: ipcomp: add extack to ipcomp{4,6}_init_state 2022-09-29 07:18:00 +02:00
ipconfig.h
ipv6.h IPv6/GRO: generic helper to remove temporary HBH/jumbo header in driver 2022-12-12 15:41:44 -08:00
ipv6_frag.h net: dropreason: add SKB_DROP_REASON_FRAG_REASM_TIMEOUT 2022-10-31 20:14:27 -07:00
ipv6_stubs.h bpf: Change bpf_getsockopt(SOL_IPV6) to reuse do_ipv6_getsockopt() 2022-09-02 20:34:32 -07:00
iw_handler.h
kcm.h
l3mdev.h
lag.h
lapb.h
lib80211.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h add missing includes and forward declarations to networking includes under linux/ 2022-07-28 11:29:36 +02:00
llc_sap.h
lwtunnel.h
mac80211.h wifi: mac80211: Proper mark iTXQs for resumption 2023-01-10 13:24:12 +01:00
mac802154.h mac802154: Drop IEEE802154_HW_RX_DROP_BAD_CKSUM 2022-10-12 12:57:19 +02:00
macsec.h net: macsec: remove the prepare flag from the MACsec offloading context 2022-09-23 06:56:08 -07:00
mctp.h
mctpdevice.h
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mptcp.h mptcp: remove MPTCP 'ifdef' in TCP SYN cookies 2022-12-12 13:11:24 -08:00
mrp.h mrp: introduce active flags to prevent UAF when applicant uninit 2022-11-18 12:14:55 +00:00
ncsi.h
ndisc.h
neighbour.h net: neigh: decrement the family specific qlen 2022-11-18 10:29:50 +00:00
net_debug.h
net_failover.h
net_namespace.h net: add a refcount tracker for kernel sockets 2022-10-24 11:04:43 +01:00
net_ratelimit.h
net_trackers.h
netevent.h
netlabel.h
netlink.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-03 13:21:54 -07:00
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h ieee802154: Advertize coordinators discovery 2022-11-29 15:34:22 +01:00
nsh.h
p8022.h
page_pool.h
pie.h
ping.h inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-01 12:42:46 +01:00
pkt_cls.h net: sched: cls_api: introduce tc_cls_bind_class() helper 2022-10-02 16:07:17 +01:00
pkt_sched.h net/sched: taprio: allow user input of per-tc max SDU 2022-09-29 18:52:05 -07:00
pptp.h
protocol.h
psample.h
psnap.h
raw.h raw: Fix NULL deref in raw_get_next(). 2023-04-13 17:02:41 +02:00
rawv6.h
red.h treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
regulatory.h
request_sock.h
rose.h net: rose: add netdev ref tracker to 'struct rose_sock' 2022-08-01 11:59:23 -07:00
route.h Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2022-07-25 13:25:39 +01:00
rpl.h
rsi_91x.h
rtnetlink.h rtnetlink: Honour NLM_F_ECHO flag in rtnl_delete_link 2022-10-31 18:10:21 -07:00
rtnh.h
sch_generic.h net/sched: sch_taprio: fix possible use-after-free 2023-01-16 13:25:34 +00:00
scm.h scm: fix MSG_CTRUNC setting condition for SO_PASSSEC 2023-05-11 23:11:08 +09:00
secure_seq.h
seg6.h
seg6_hmac.h
seg6_local.h
selftests.h
slhc_vj.h
smc.h net/smc: Pass on DMBE bit mask in IRQ handler 2022-07-27 13:24:42 +01:00
snmp.h
sock.h net: add sock_init_data_uid() 2023-03-10 09:28:16 +01:00
sock_reuseport.h soreuseport: Fix socket selection for SO_INCOMING_CPU. 2022-10-25 11:35:16 +02:00
Space.h
stp.h
strparser.h
switchdev.h bridge: switchdev: Allow device drivers to install locked FDB entries 2022-11-09 19:06:13 -08:00
tc_wrapper.h net/sched: Retire tcindex classifier 2023-03-11 13:50:20 +01:00
tcp.h bpf-next-for-netdev 2022-12-12 11:27:42 -08:00
tcp_states.h
timewait_sock.h
tipc.h
tls.h net/tls: Describe ciphers sizes by const structs 2022-09-22 17:27:41 -07:00
tls_toe.h
transp_v6.h inet6: Remove inet6_destroy_sock(). 2022-10-24 09:40:39 +01:00
tso.h net: tso: inline tso_count_descs() 2022-12-12 15:04:39 -08:00
tun_proto.h
udp.h udp: track the forward memory release threshold in an hot cacheline 2022-10-24 10:52:50 +01:00
udp_tunnel.h net: Change the udp encap_err_rcv to allow use of {ip,ipv6}_icmp_error() 2022-11-08 16:42:28 +00:00
udplite.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2022-10-12 17:50:37 -07:00
vsock_addr.h
vxlan.h
wext.h
x25.h
x25device.h
xdp.h xdp: Adjust xdp_frame layout to avoid using bitfields 2022-09-26 13:28:19 -07:00
xdp_priv.h
xdp_sock.h
xdp_sock_drv.h xsk: Remove unused xsk_buff_discard 2022-09-30 07:55:46 -07:00
xfrm.h bpf-next-for-netdev 2022-12-12 11:27:42 -08:00
xsk_buff_pool.h xsk: Fix unaligned descriptor validation 2023-05-11 23:11:12 +09:00