Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-29 06:12:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
1c24285372
linux/fs/dlm
History
Guoqing Jiang 1c24285372 dlm: use sock_create_lite inside tcp_accept_from_sock 
With commit 0ffdaf5b41 ("net/sock: add WARN_ON(parent->sk)
in sock_graft()"), a calltrace happened as follows:

[  457.018340] WARNING: CPU: 0 PID: 15623 at ./include/net/sock.h:1703 inet_accept+0x135/0x140
...
[  457.018381] RIP: 0010:inet_accept+0x135/0x140
[  457.018381] RSP: 0018:ffffc90001727d18 EFLAGS: 00010286
[  457.018383] RAX: 0000000000000001 RBX: ffff880012413000 RCX: 0000000000000001
[  457.018384] RDX: 000000000000018a RSI: 00000000fffffe01 RDI: ffffffff8156fae8
[  457.018384] RBP: ffffc90001727d38 R08: 0000000000000000 R09: 0000000000004305
[  457.018385] R10: 0000000000000001 R11: 0000000000004304 R12: ffff880035ae7a00
[  457.018386] R13: ffff88001282af10 R14: ffff880034e4e200 R15: 0000000000000000
[  457.018387] FS:  0000000000000000(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
[  457.018388] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  457.018389] CR2: 00007fdec22f9000 CR3: 0000000002b5a000 CR4: 00000000000006f0
[  457.018395] Call Trace:
[  457.018402]  tcp_accept_from_sock.part.8+0x12d/0x449 [dlm]
[  457.018405]  ? vprintk_emit+0x248/0x2d0
[  457.018409]  tcp_accept_from_sock+0x3f/0x50 [dlm]
[  457.018413]  process_recv_sockets+0x3b/0x50 [dlm]
[  457.018415]  process_one_work+0x138/0x370
[  457.018417]  worker_thread+0x4d/0x3b0
[  457.018419]  kthread+0x109/0x140
[  457.018421]  ? rescuer_thread+0x320/0x320
[  457.018422]  ? kthread_park+0x60/0x60
[  457.018424]  ret_from_fork+0x25/0x30

Since newsocket created by sock_create_kern sets it's
sock by the path:

	sock_create_kern -> __sock_creat
			 ->pf->create => inet_create
			 -> sock_init_data

Then WARN_ON is triggered by "con->sock->ops->accept =>
inet_accept -> sock_graft", it also means newsock->sk
is leaked since sock_graft will replace it with a new
sk.

To resolve the issue, we need to use sock_create_lite
instead of sock_create_kern, like commit 0933a578cd
("rds: tcp: use sock_create_lite() to create the accept
socket") did.

Reported-by: Zhilong Liu <zlliu@suse.com>
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: David Teigland <teigland@redhat.com>
2017-08-07 11:23:09 -05:00
..
ast.c dlm: don't specify WQ_UNBOUND for the ast callback workqueue 2016-10-19 11:13:04 -05:00
ast.h dlm: use workqueue for callbacks 2011-07-15 12:30:43 -05:00
config.c dlm: audit and remove any unnecessary uses of module.h 2016-10-19 11:00:03 -05:00
config.h dlm: add log_info config option 2016-06-21 09:04:24 -05:00
debug_fs.c dlm: Improve a size determination in table_seq_start() 2017-08-07 11:23:09 -05:00
dir.c dlm: use INFO for recovery messages 2014-02-14 11:54:44 -06:00
dir.h dlm: use rsbtbl as resource directory 2012-07-16 14:16:19 -05:00
dlm_internal.h Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
Kconfig fs/dlm: remove CONFIG_EXPERIMENTAL 2012-11-01 15:27:24 -05:00
lock.c dlm: Delete an error message for a failed memory allocation in dlm_recover_waiters_pre() 2017-08-07 11:23:09 -05:00
lock.h dlm: adopt orphan locks 2014-11-19 14:48:02 -06:00
lockspace.c dlm: constify kset_uevent_ops structure 2017-08-07 11:23:09 -05:00
lockspace.h
lowcomms.c dlm: use sock_create_lite inside tcp_accept_from_sock 2017-08-07 11:23:09 -05:00
lowcomms.h dlm: fix deadlock between dlm_send and dlm_controld 2012-08-08 11:33:35 -05:00
lvb_table.h
main.c dlm: audit and remove any unnecessary uses of module.h 2016-10-19 11:00:03 -05:00
Makefile
member.c dlm: Delete an unnecessary variable initialisation in dlm_ls_start() 2017-08-07 11:23:09 -05:00
member.h dlm: add recovery callbacks 2012-01-04 08:56:31 -06:00
memory.c dlm: NULL dereference on failure in kmem_cache_create() 2012-05-15 10:39:28 -05:00
memory.h dlm: improve rsb searches 2011-07-12 16:02:09 -05:00
midcomms.c
midcomms.h
netlink.c dlm for 4.10 2016-12-14 08:31:37 -08:00
plock.c dlm for 4.4 2015-11-05 11:15:25 -08:00
rcom.c dlm: fix missing endian conversion of rcom_status flags 2014-10-14 15:11:48 -05:00
rcom.h dlm: use rsbtbl as resource directory 2012-07-16 14:16:19 -05:00
recover.c dlm: use INFO for recovery messages 2014-02-14 11:54:44 -06:00
recover.h dlm: use rsbtbl as resource directory 2012-07-16 14:16:19 -05:00
recoverd.c dlm: use INFO for recovery messages 2014-02-14 11:54:44 -06:00
recoverd.h dlm: fix unlock balance warnings 2012-08-08 11:33:49 -05:00
requestqueue.c dlm: fixes for nodir mode 2012-05-02 14:15:27 -05:00
requestqueue.h
user.c dlm: avoid double-free on error path in dlm_device_{register,unregister} 2017-08-07 11:23:09 -05:00
user.h dlm: record full callback state 2011-03-10 10:40:00 -06:00
util.c
util.h