Received: by 2002:ac0:a591:0:0:0:0:0 with SMTP id m17-v6csp686194imm; Thu, 5 Jul 2018 07:16:49 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfgXR88/UWTZjpCsJYdCE8+F5syyr1zzxUqldl8erSS3gXxtVRjJT7v3MzWrImjixdjFzFZ X-Received: by 2002:a63:5143:: with SMTP id r3-v6mr5995684pgl.11.1530800209307; Thu, 05 Jul 2018 07:16:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530800209; cv=none; d=google.com; s=arc-20160816; b=Hl3r1sVS1uf7WBCLPnQhNkkD24XcVoUzyD9rqZXhvUZln/VVOdCk0XHFfAi4rIQnCq xlhBwxeM5WJhDNBP2xq9QhKlp+4K1qfgZdNjXz4GUn7wH6UUsDUJgAkEOun2cx12vJdt C+RssGTn55T94b40tqRzn7//MXy0FD13ZN2kJRkSAu08zhklTmrlN++8YqTMQxCPR4x9 u2zVsNNcazpVb3NyyncRxy1cnuNZTpv7sB9dLJhE0r9lSGKDTTWxY8z8gVotMwB4Zf+N 2IP2smKS6YGeQBWF7OIrl2+fXcpJP8aGnmlbiPUJet88A66jXq25BfK8wfzVCY87Z2F9 nkfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Bt0XWy8lCmVi6E/siWdPmj9FvhcNTJ/eUA/VuVRTLsI=; b=BXds0Tqpia8rL173z8GYF51LbHWfdpwzfVTWunE1HphCEBHWKz3nqdlk+N3XdW7FVK nXRYGkvM5HnLdsXADI+ALjQfDSrdIDIOFr0yj2y1RIBpNeMXIjT1cMkm8i7FNEXItnAp qzybP4I26XYsrMyhj3+p5drobrP157QinBS5+XnnfO49V0iF+0f57VZUHJrjCOgCPPd4 jf4FSJTpblydXUPoSQYuh6BIUaus2Zr7I89IR8zY/BdYXPI9sZeSjrd+57/xTn+6H15i DJko08x2f0R9420+4LKz84YnIhtFCsdRx43jykU+xlxbLYXTE6wjNQjZfGYkyk7dNkmO wgGQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c8-v6si5676073pgn.473.2018.07.05.07.16.24; Thu, 05 Jul 2018 07:16:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753649AbeGEOPm (ORCPT + 99 others); Thu, 5 Jul 2018 10:15:42 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:39408 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753353AbeGEOPk (ORCPT ); Thu, 5 Jul 2018 10:15:40 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w65EEQ1t047389 for ; Thu, 5 Jul 2018 10:15:39 -0400 Received: from e06smtp01.uk.ibm.com (e06smtp01.uk.ibm.com [195.75.94.97]) by mx0a-001b2d01.pphosted.com with ESMTP id 2k1kpr3t8u-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 05 Jul 2018 10:15:39 -0400 Received: from localhost by e06smtp01.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 5 Jul 2018 15:15:37 +0100 Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196) by e06smtp01.uk.ibm.com (192.168.101.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 5 Jul 2018 15:15:34 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w65EFWD436962422 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 5 Jul 2018 14:15:32 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 566D011C066; Thu, 5 Jul 2018 17:15:57 +0100 (BST) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1117A11C064; Thu, 5 Jul 2018 17:15:57 +0100 (BST) Received: from tuxmaker.boeblingen.de.ibm.com (unknown [9.152.85.9]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTPS; Thu, 5 Jul 2018 17:15:57 +0100 (BST) From: Ursula Braun To: davem@davemloft.net Cc: netdev@vger.kernel.org, linux-s390@vger.kernel.org, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, raspl@linux.ibm.com, linux-kernel@vger.kernel.org, ebiggers3@gmail.com Subject: [PATCH net 1/1] net/smc: reduce sock_put() for fallback sockets Date: Thu, 5 Jul 2018 16:15:30 +0200 X-Mailer: git-send-email 2.16.4 X-TM-AS-GCONF: 00 x-cbid: 18070514-4275-0000-0000-000002957F40 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18070514-4276-0000-0000-0000379D0898 Message-Id: <20180705141530.72728-1-ubraun@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-07-05_04:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=573 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807050164 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org smc_release() calls a sock_put() for smc fallback sockets to cover the passive closing sock_hold() in __smc_connect() and smc_tcp_listen_work(). This does not make sense for sockets in state SMC_LISTEN and SMC_INIT. An SMC socket stays in state SMC_INIT if connect fails. The sock_put in smc_connect_abort() does not cover all failures. Move it into smc_connect_decline_fallback(). Fixes: ee9dfbef02d18 ("net/smc: handle sockopts forcing fallback") Reported-by: syzbot+3a0748c8f2f210c0ef9b@syzkaller.appspotmail.com Reported-by: syzbot+9e60d2428a42049a592a@syzkaller.appspotmail.com Signed-off-by: Ursula Braun --- net/smc/af_smc.c | 15 ++++++++++----- net/smc/smc_close.c | 2 ++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c index e017b6a4452b..5334157f5065 100644 --- a/net/smc/af_smc.c +++ b/net/smc/af_smc.c @@ -147,7 +147,8 @@ static int smc_release(struct socket *sock) smc->clcsock = NULL; } if (smc->use_fallback) { - sock_put(sk); /* passive closing */ + if (sk->sk_state != SMC_LISTEN && sk->sk_state != SMC_INIT) + sock_put(sk); /* passive closing */ sk->sk_state = SMC_CLOSED; sk->sk_state_change(sk); } @@ -417,12 +418,18 @@ static int smc_connect_decline_fallback(struct smc_sock *smc, int reason_code) { int rc; - if (reason_code < 0) /* error, fallback is not possible */ + if (reason_code < 0) { /* error, fallback is not possible */ + if (smc->sk.sk_state == SMC_INIT) + sock_put(&smc->sk); /* passive closing */ return reason_code; + } if (reason_code != SMC_CLC_DECL_REPLY) { rc = smc_clc_send_decline(smc, reason_code); - if (rc < 0) + if (rc < 0) { + if (smc->sk.sk_state == SMC_INIT) + sock_put(&smc->sk); /* passive closing */ return rc; + } } return smc_connect_fallback(smc); } @@ -435,8 +442,6 @@ static int smc_connect_abort(struct smc_sock *smc, int reason_code, smc_lgr_forget(smc->conn.lgr); mutex_unlock(&smc_create_lgr_pending); smc_conn_free(&smc->conn); - if (reason_code < 0 && smc->sk.sk_state == SMC_INIT) - sock_put(&smc->sk); /* passive closing */ return reason_code; } diff --git a/net/smc/smc_close.c b/net/smc/smc_close.c index fa41d9881741..ac961dfb1ea1 100644 --- a/net/smc/smc_close.c +++ b/net/smc/smc_close.c @@ -107,6 +107,8 @@ static void smc_close_active_abort(struct smc_sock *smc) } switch (sk->sk_state) { case SMC_INIT: + sk->sk_state = SMC_PEERABORTWAIT; + break; case SMC_ACTIVE: sk->sk_state = SMC_PEERABORTWAIT; release_sock(sk); -- 2.16.4