mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs
History
David Howells 92128a7170 rxrpc: Fix timeout of a call that hasn't yet been granted a channel 
[ Upstream commit db099c625b ]

afs_make_call() calls rxrpc_kernel_begin_call() to begin a call (which may
get stalled in the background waiting for a connection to become
available); it then calls rxrpc_kernel_set_max_life() to set the timeouts -
but that starts the call timer so the call timer might then expire before
we get a connection assigned - leading to the following oops if the call
stalled:

	BUG: kernel NULL pointer dereference, address: 0000000000000000
	...
	CPU: 1 PID: 5111 Comm: krxrpcio/0 Not tainted 6.3.0-rc7-build3+ #701
	RIP: 0010:rxrpc_alloc_txbuf+0xc0/0x157
	...
	Call Trace:
	 <TASK>
	 rxrpc_send_ACK+0x50/0x13b
	 rxrpc_input_call_event+0x16a/0x67d
	 rxrpc_io_thread+0x1b6/0x45f
	 ? _raw_spin_unlock_irqrestore+0x1f/0x35
	 ? rxrpc_input_packet+0x519/0x519
	 kthread+0xe7/0xef
	 ? kthread_complete_and_exit+0x1b/0x1b
	 ret_from_fork+0x22/0x30

Fix this by noting the timeouts in struct rxrpc_call when the call is
created.  The timer will be started when the first packet is transmitted.

It shouldn't be possible to trigger this directly from userspace through
AF_RXRPC as sendmsg() will return EBUSY if the call is in the
waiting-for-conn state if it dropped out of the wait due to a signal.

Fixes: 9d35d880e0 ("rxrpc: Move client call connection to the I/O thread")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: linux-afs@lists.infradead.org
cc: netdev@vger.kernel.org
cc: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-05-17 13:58:47 +02:00
..
9p 9p-for-6.2-rc1 2022-12-23 11:39:18 -08:00
adfs
affs affs: initialize fsdata in affs_truncate() 2023-01-10 14:55:20 +01:00
afs rxrpc: Fix timeout of a call that hasn't yet been granted a channel 2023-05-17 13:58:47 +02:00
autofs
befs
bfs
btrfs btrfs: scrub: reject unsupported scrub flags 2023-05-11 23:11:34 +09:00
cachefiles fscache,cachefiles: add prepare_ondemand_read() callback 2022-12-07 10:56:29 +08:00
ceph ceph: fix potential use-after-free bug when trimming caps 2023-05-11 23:10:55 +09:00
cifs cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath 2023-05-11 23:11:36 +09:00
coda coda: Avoid partial allocation of sig_inputArgs 2023-03-10 09:29:12 +01:00
configfs configfs: fix possible memory leak in configfs_create_dir() 2022-12-02 11:11:22 +01:00
cramfs fs/cramfs/inode.c: initialize file_ra_state 2023-03-10 09:29:31 +01:00
crypto for-6.2/block-2022-12-08 2022-12-13 10:43:59 -08:00
debugfs debugfs: fix error when writing negative value to atomic_t debugfs file 2022-11-30 16:13:16 -08:00
devpts
dlm fs: dlm: fix DLM_IFL_CB_PENDING gets overwritten 2023-05-11 23:10:55 +09:00
ecryptfs ecryptfs: use stub posix acl handlers 2022-10-20 10:13:31 +02:00
efivarfs efi: vars: prohibit reading random seed variables 2022-12-01 09:51:21 +01:00
efs
erofs erofs: fix potential overflow calculating xattr_isize 2023-05-11 23:10:56 +09:00
exfat exfat: fix inode->i_blocks for non-512 byte sector size device 2023-03-10 09:29:29 +01:00
exportfs exportfs: use pr_debug for unreachable debug statements 2022-11-28 12:54:45 -05:00
ext2 \n 2022-12-12 20:32:50 -08:00
ext4 ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline 2023-05-11 23:11:30 +09:00
f2fs f2fs: fix to check return value of inc_valid_block_count() 2023-05-11 23:11:14 +09:00
fat MM patches for 6.2-rc1. 2022-12-13 19:29:45 -08:00
freevxfs freevxfs: Kconfig: fix spelling 2023-01-31 16:44:08 -08:00
fscache fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work() 2023-01-30 12:51:54 +00:00
fuse fuse: add inode/permission checks to fileattr_get/fileattr_set 2023-03-10 09:29:47 +01:00
gfs2 gfs2: Improve gfs2_make_fs_rw error handling 2023-03-10 09:29:19 +01:00
hfs hfs: fix missing hfs_bnode_get() in __hfs_bnode_create 2023-03-10 09:29:28 +01:00
hfsplus fs: hfsplus: fix UAF issue in hfsplus_put_super 2023-03-10 09:29:28 +01:00
hostfs
hpfs hpfs: remove ->writepage 2022-12-11 18:12:18 -08:00
hugetlbfs hugetlbfs: inode: remove unnecessary (void*) conversions 2022-11-30 15:58:56 -08:00
iomap New XFS code for 6.2: 2022-12-14 10:11:51 -08:00
isofs - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
jbd2 jdb2: Don't refuse invalidation of already invalidated buffers 2023-05-11 23:11:15 +09:00
jffs2 fs: rename current get acl method 2022-10-20 10:13:27 +02:00
jfs fs/jfs: fix shift exponent db_agl2size negative 2023-03-11 13:50:20 +01:00
kernfs kernfs: fix all kernel-doc warnings and multiple typos 2022-11-23 19:28:26 +01:00
ksmbd ksmbd: fix deadlock in ksmbd_find_crypto_ctx() 2023-05-11 23:10:54 +09:00
lockd lockd: set file_lock start and end when decoding nlm4 testargs 2023-03-30 12:51:35 +02:00
minix
netfs use less confusing names for iov_iter direction initializers 2022-11-25 13:01:55 -05:00
nfs NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease 2023-05-11 23:11:28 +09:00
nfs_common
nfsd NFSD: callback request does not use correct credential for AUTH_SYS 2023-04-13 17:02:40 +02:00
nilfs2 nilfs2: fix infinite loop in nilfs_mdt_get_block() 2023-05-11 23:11:33 +09:00
nls
notify Merge tag 'fsnotify-for_v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2022-10-07 08:28:50 -07:00
ntfs - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
ntfs3 fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() 2023-05-17 13:58:40 +02:00
ocfs2 ocfs2: fix data corruption after failed write 2023-03-22 13:38:06 +01:00
omfs omfs: remove ->writepage 2022-12-11 18:12:18 -08:00
openpromfs
orangefs orangefs: four fixes from Zhang Xiaoxu and two from Colin Ian King 2022-12-14 11:16:33 -08:00
overlayfs ovl: fail on invalid uid/gid mapping at copy up 2023-01-27 16:17:19 +01:00
proc sysctl: fix proc_dobool() usability 2023-03-10 09:28:46 +01:00
pstore pstore: Revert pmsg_lock back to a normal mutex 2023-05-11 23:11:20 +09:00
qnx4
qnx6
quota ext4: fix bug_on in __es_tree_search caused by bad quota inode 2022-12-08 21:49:23 -05:00
ramfs tmpfile API change 2022-10-10 19:45:17 -07:00
reiserfs reiserfs: Add security prefix to xattr name in reiserfs_security_write() 2023-05-11 23:10:52 +09:00
romfs
smbfs_common
squashfs revert "squashfs: harden sanity check in squashfs_read_xattr_id_table" 2023-02-03 17:52:25 -08:00
sysfs
sysv fs: sysv: Fix sysv_nblocks() returns wrong value 2022-12-10 14:13:37 -05:00
tracefs
ubifs ubifs: Fix memory leak in do_rename 2023-05-11 23:10:54 +09:00
udf udf: Fix off-by-one error when discarding preallocation 2023-03-17 08:57:49 +01:00
ufs
unicode
vboxsf
verity fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY 2023-04-06 12:12:24 +02:00
xfs xfs: don't consider future format versions valid 2023-05-11 23:10:55 +09:00
zonefs zonefs: Always invalidate last cached page on append write 2023-04-06 12:12:42 +02:00
Kconfig
Kconfig.binfmt Xtensa updates for v6.1 2022-10-10 14:21:11 -07:00
Makefile fs: fix sysctls.c built 2023-05-11 23:10:51 +09:00
aio.c aio: fix mremap after fork null-deref 2023-02-03 17:52:24 -08:00
anon_inodes.c
attr.c attr: use consistent sgid stripping checks 2022-10-18 10:09:47 +02:00
bad_inode.c fs: rename current get acl method 2022-10-20 10:13:27 +02:00
binfmt_elf.c elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size} 2023-01-05 15:12:12 +00:00
binfmt_elf_fdpic.c elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size} 2023-01-05 15:12:12 +00:00
binfmt_elf_test.c
binfmt_flat.c
binfmt_misc.c binfmt_misc: fix shift-out-of-bounds in check_special_flags 2022-12-02 13:57:04 -08:00
binfmt_script.c
buffer.c - hfs and hfsplus kmap API modernization from Fabio Francesco 2022-10-12 11:00:22 -07:00
char_dev.c chardev: fix error handling in cdev_device_add() 2022-12-02 17:48:59 +01:00
compat_binfmt_elf.c
coredump.c coredump: Move dump_emit_page() to kill unused warning 2023-01-10 21:03:01 -05:00
d_path.c
dax.c fsdax: force clear dirty mark if CoW 2023-04-13 17:02:47 +02:00
dcache.c tmpfile API change 2022-10-10 19:45:17 -07:00
direct-io.c
drop_caches.c
eventfd.c eventfd: provide a eventfd_signal_mask() helper 2022-11-22 06:07:55 -07:00
eventpoll.c eventpoll: add EPOLL_URING_WAKE poll wakeup flag 2022-11-21 07:45:29 -07:00
exec.c fs.vfsuid.conversion.v6.2 2022-12-12 19:20:05 -08:00
fcntl.c
fhandle.c
file.c fs: prevent out-of-bounds array speculation when closing a file descriptor 2023-03-17 08:57:45 +01:00
file_table.c
filesystems.c
fs-writeback.c writeback: fix call of incorrect macro 2023-05-17 13:58:45 +02:00
fs_context.c
fs_parser.c ext4: journal_path mount options should follow links 2022-12-01 10:46:54 -05:00
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c fs.vfsuid.conversion.v6.2 2022-12-12 19:20:05 -08:00
internal.h fs.ovl.setgid.v6.2 2022-12-12 19:03:10 -08:00
ioctl.c
kernel_read_file.c
libfs.c libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value 2022-11-30 16:13:16 -08:00
locks.c filelocks: use mount idmapping for setlease permission check 2023-03-17 08:58:03 +01:00
mbcache.c ext4: fix deadlock due to mbcache entry corruption 2022-12-08 21:49:25 -05:00
mount.h
mpage.c
namei.c Landlock updates for v6.2-rc1 2022-12-13 09:14:50 -08:00
namespace.c fs: drop peer group ids under namespace lock 2023-04-13 17:02:50 +02:00
no-block.c
nsfs.c
open.c fs: Use CHECK_DATA_CORRUPTION() when kernel bugs are detected 2023-03-10 09:29:05 +01:00
pipe.c
pnode.c pnode: terminate at peers of source 2022-12-21 14:45:25 +01:00
pnode.h
posix_acl.c fs.idmapped.mnt_idmap.v6.2 2022-12-12 19:30:18 -08:00
proc_namespace.c
read_write.c iov_iter work; most of that is about getting rid of 2022-12-12 18:29:54 -08:00
readdir.c
remap_range.c New VFS code for 6.2: 2022-12-13 10:26:38 -08:00
select.c
seq_file.c use less confusing names for iov_iter direction initializers 2022-11-25 13:01:55 -05:00
signalfd.c
splice.c use less confusing names for iov_iter direction initializers 2022-11-25 13:01:55 -05:00
stack.c
stat.c fs: use type safe idmapping helpers 2022-10-26 10:02:34 +02:00
statfs.c
super.c fscrypt: destroy keyring after security_sb_delete() 2023-03-30 12:51:35 +02:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c Revert "userfaultfd: don't fail on unrecognized features" 2023-04-26 14:30:01 +02:00
utimes.c
xattr.c fs.xattr.simple.rework.rbtree.rwlock.v6.2 2022-12-13 10:08:36 -08:00