Re: [PATCH] smc: fix refcount bug in sk_psock_get (2)

From: Wen Gu
Date: Mon Jul 11 2022 - 03:21:40 EST

Next message: Xuewen Yan: "Re: [PATCH] sched/schedutil: Fix deadlock between cpuset and cpu hotplug when using schedutil"
Previous message: Ben Dooks: "Re: [PATCH] of/irq: parse interrupts-extended during irq init heirarchy calculation"
In reply to: Hawkins Jiawei: "Re: [PATCH] smc: fix refcount bug in sk_psock_get (2)"
Next in thread: Hawkins Jiawei: "Re: [PATCH] smc: fix refcount bug in sk_psock_get (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2022/7/9 10:46 am, Hawkins Jiawei wrote:

syzbot is try to setup TLS on a SMC socket.

During SMC fallback process in connect syscall, kernel will sets the
smc->sk.sk_socket->file->private_data to smc->clcsock
in smc_switch_to_fallback(), and set smc->clcsock->sk_user_data
to origin smc in smc_fback_replace_callbacks().

Later, sk_psock_get() will treat the smc->clcsock->sk_user_data
as sk_psock type, which triggers the refcnt warning.

Thanks for your analysis.

Although syzbot found this issue in SMC, seems that it is a generic
issue about sk_user_data usage? Fixing it from SK_USER_DATA_PTRMASK
as you plan should be a right way.

Next message: Xuewen Yan: "Re: [PATCH] sched/schedutil: Fix deadlock between cpuset and cpu hotplug when using schedutil"
Previous message: Ben Dooks: "Re: [PATCH] of/irq: parse interrupts-extended during irq init heirarchy calculation"
In reply to: Hawkins Jiawei: "Re: [PATCH] smc: fix refcount bug in sk_psock_get (2)"
Next in thread: Hawkins Jiawei: "Re: [PATCH] smc: fix refcount bug in sk_psock_get (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]