Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2243734imm;
        Mon, 16 Jul 2018 04:57:49 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpe2Mey3i7wZnrQY9iFUbAL0zSehsE/srwTx3slXGyQTfNGUf52pFnYh1tMpVsN4VbGwMKzy
X-Received: by 2002:a62:700a:: with SMTP id l10-v6mr17442791pfc.71.1531742269240;
        Mon, 16 Jul 2018 04:57:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1531742269; cv=none;
        d=google.com; s=arc-20160816;
        b=gVXpDYqtWGExeg+ZBl3tJ5wh+ErWAimiCN6QC8oUmpkdkkeAyosJVQnnJEN2CLndQz
         6UB/oQHIuT4KbZBI0iE4ELkLz8vQV78HawNbVMniEnk0Pyex3lEDl8OuSM2kiBxjcRPT
         Q6yYxIEZ9K1mtAcxHLq4/QGGH0zTi98sdnvQmn/6aSk+9do4xGhiV+G2rovTb+JGwwii
         zT1j2DHjQcqxAcyBXDXky+CZC65MxQeoLTP5gBeG0YqsPx2bNXwi6tvmkK9UFCOhu9dl
         4MCCl8QwMfvlHcEkLWvVFIBwyibaCAnfZVXdH5vdvWhHLy8z7hEjnmEK0Rka5ezROvk1
         XGeg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date:autocrypt
         :openpgp:from:references:cc:to:subject:arc-authentication-results;
        bh=oRiDUlO6MPmDgNLb6tFHijSkzpf+gpzBub6hcf5sBpA=;
        b=LMMlLDHVvDRZIhOpXdrK8fQ02CsMIiMRfZXCHCNFAC7/17h+/hwIYsDi/h1gncAaNa
         1uyKcu97DB/ydfO1bn/K34VOK93KdtjiS5bcTHH5t1yDpPMY+6NryVov/ao/SyaEq1gm
         6ebrNa6W1Q1yqGf+hOr/2BmfLoexhGJhV/BOk/N+aIlVua4tt+W4HctI7wOkRdUgOBZ6
         Xb0/mMcXv67PoVqDahJLEvSwY8Nz/FDCVUq9h4syR6TKHqf3NSfcGsd1KhIwJsxt1KPo
         ECB4LGcYUyRBcECDuif9+urEspFz5p7H0vx6kUX7Ir8ONMmEnpLo0RQMbWh58NwFUYDQ
         V1kg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n1-v6si16240077plp.166.2018.07.16.04.57.34;
        Mon, 16 Jul 2018 04:57:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729853AbeGPMYA (ORCPT <rfc822;noahbdev@gmail.com> + 99 others);
        Mon, 16 Jul 2018 08:24:00 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:36866 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1729245AbeGPMX4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 16 Jul 2018 08:23:56 -0400
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w6GBseAX065840
        for <linux-kernel@vger.kernel.org>; Mon, 16 Jul 2018 07:56:50 -0400
Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2k8s45ceu7-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Mon, 16 Jul 2018 07:56:49 -0400
Received: from localhost
        by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <ubraun@linux.ibm.com>;
        Mon, 16 Jul 2018 12:56:47 +0100
Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194)
        by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Mon, 16 Jul 2018 12:56:44 +0100
Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61])
        by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w6GBuhFT45744168
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Mon, 16 Jul 2018 11:56:44 GMT
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 3AD7511C05B;
        Mon, 16 Jul 2018 14:57:02 +0100 (BST)
Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 9F90611C054;
        Mon, 16 Jul 2018 14:57:01 +0100 (BST)
Received: from oc0447013845.ibm.com (unknown [9.145.8.139])
        by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Mon, 16 Jul 2018 14:57:01 +0100 (BST)
Subject: Re: [PATCH net 1/4] net/smc: take sock lock in smc_ioctl()
To:     Stefano Brivio <sbrivio@redhat.com>
Cc:     davem@davemloft.net, netdev@vger.kernel.org,
        linux-s390@vger.kernel.org, schwidefsky@de.ibm.com,
        heiko.carstens@de.ibm.com, raspl@linux.ibm.com,
        linux-kernel@vger.kernel.org, eric.dumazet@gmail.com,
        lifeasageek@gmail.com
References: <20180716100101.79272-1-ubraun@linux.ibm.com>
 <20180716120915.09d35dc0@epycfail>
From:   Ursula Braun <ubraun@linux.ibm.com>
Openpgp: preference=signencrypt
Autocrypt: addr=ubraun@linux.ibm.com; keydata=
 xsFNBFfk6uIBEADL7CmNIA6b1fxIX9RZltqQwLRemtjMyS1iSLenbaS0NMF2MLWgSsXyuy0A
 0Bz5h+xlOt3SMj7jv8YZmFvSw1EXElJ+RMa/LeiN51zDLICNgcr459odThtqrjEsJdoOVFY1
 veN7VZrMUllLyJ/w7e6gBOPJYd2pSApVD4fJH50VV/Pr44hYTE4NlabhTS2d9RgkfDRYmOqU
 GLzv4Eq3CFF9SazyhpQj2L4osV5NUYABaNr/11CUAAjUAduEaTt3fmzlsTU/Djng4ASrK+Ir
 3HFGwLZPgpGF7th+Wcy7EUxUgzjifloMQ8HIhC9/Co8oHHrSZMb6f7hawws+BXBpRIZT5exy
 THsh5tFsC+9zNra0MDXluvfHhk5GKcD1LXo2P/Lvfmede2IBk68oQ4roMeo01hIqj3n3koJj
 SsinaOLX9M6hA+poMV0lPSeqKxgFuxG1T3O0fjUR5ZDu5k3MLWCWOShNABRcUdiQCRXxPEe1
 Hd5NPVJ69b2JtuGi4Xzk30Ns2m0OdIHekfBZqQGNLJ9/v2lF9Ah47IgFqKHA43YpQ5EZFYxG
 Odfkwyn1HJMXKs48+t0TP+yOBuNp7GPUcepJf5LS/XM5WPp2OSmifF0ep3sLYzb1Y1yTZynD
 wA9UDYNNQ/hgz9FwkhjL/OoTHxN1sdW4mKm3D224YlWMDYYqPwARAQABzUlVcnN1bGEgQnJh
 dW4gKFVzY2hpIGdwZyAtLWdlbi1rZXkgU2VwdC4gMjAxNikgPHVicmF1bkBsaW51eC52bmV0
 LmlibS5jb20+wsF+BBMBAgAoBQJX5OriAhsDBQkSzAMABgsJCAcDAgYVCAIJCgsEFgIDAQIe
 AQIXgAAKCRDMvao0xe1mReP+EACOO9V6JN/Dtzy4UP0F3YbQ6evGHIgSevKWq57/KPm7UHIk
 LcLn4tFOpgd3PyqJmfS1z77xeCOkgo1OsHq6m34POyTN4YkGDWF16urtzUaLKdV2/IYQ8BP4
 c2H9owtg2NiIsNWtHJ/AgLIov0PbicJjDqv8VGgIvVTIMWgqHxA25O8jkuYrcf8RvEMO1Nc5
 qfdCy4d0dFjGlSRm8uxZwNKG0/j3NxakSFze8AFWoRqhcmaGw6khS+wmjvkj2ssCAqKjObCL
 +qEREGmIo9shGfoFdX6hGkI0OZNUb+QGP3JVtnD6vzR/b8OMaW6LUnO7c0d8BAm/D7BDAlSb
 zJgaVIoCiJnH0fSnT5mhEJ5ng0gOg/GhPG/GvJBpaQ8uQatGBktSFaG2g9bWZS5gwlpQ3oCj
 Qj0NzfEi4wuKCrz/rmyMGWm/NWs28l4QUm2Tv+VtUSpsuOGucxsHI3Fi104GXTykgwPDNECE
 /t2JYy385715Gy7PXAi1MttOZHawJQj9aomBBfurJayMGnskAROy2ePaqaBY2Lz31kVTakCP
 p8e93YM0+Gcj2i8jhQ7tjUkxCxoy7JioDTpYvgoE/zRALqAB1p9lpXHDZO89OWL4qji7MQZj
 sMamoxY6Gvej4tojyy9nfQONltSBlBeoHZ5GP9xCBkl6B41KWOM1MkyipQ/Jms7BTQRX5Ori
 ARAA0mx2KR6ltAKQ1OBcyjiwk2j9MOHfe/R2Zc2m2wGTzNn3NFZjB5txxcN5ARDlNJDsOdYe
 kbR7nssEvwRkafrndwN4y+ZdlPgNqbDg3c0HNPzSmBdY+7y7wo540gPmKBORLCpfe0/EWx/J
 wzBekS7utaBSX7wAs9tZksUB8Xnyh5yR1UdIDtwRaJ6MyXwElFR/x0+nX0Jt3cbXyjWPowgM
 nhmbiBhKew1DgptAPrt+RjJf4VCHNNTtyEpQUUcNAZklPqTgTtmIB1+XxdWqyXg86xcZXjyT
 7u0qTATFI4MlxM3iE2t+JCYX5kZsgH/G70L/LCNCFSH9I74A+45eBehPhCav8fcWxpttLp05
 KUy6vT+CgyzrPcUM0kXM5RMj67JK7UQiKcGud5H5bgul+aizp92w0KKpZZOfHXxL3VMhhvsW
 3snMJZETRjJd/Wll7ZD7Lw+Bf036t48Kt6k+HepNBs434qmAycEXD4x829EegMBLaCikszGw
 EBkLr6cEHx88+RJb/wXjtBEDloYTIVSBFazYl9lUQpk6Ze9xh6R/GW3lQLfm6zFLXQYCUgd8
 baRgLwLcV94SINzJuWfCIwkJt6331lH9QeAocjwn1Q85vW2sp65abS8LRcx09ZVh16fYXis6
 LH8c+U63geGUlTQ8KSnqPt1weEgJK7dLkX6XAi8AEQEAAcLBZQQYAQIADwUCV+Tq4gIbDAUJ
 EswDAAAKCRDMvao0xe1mRax3D/9Y4D2ANmumdJgvEAPLdEm3kLEL858HVx7GJolVrA9szN3a
 82YVrJiaXgSVf3j6hSl1tI2qeSRTLNzgfFJUP7EI8WAMI0HV70Ilh3b6HEq7Mcts9uEFasz1
 FidTJ0P4oM8mGVuWk47ozXoqIFtyqDfV9lKRaj8oC8gW9zDcNeQXdJzGbjR8WQa2J4BjN2ir
 G1uP1uWmXa9BhZYFQizhRkboZvkVHQNw6MxkQPhK1DNdQb+Z2uH8ELD41Kw3nxLnIHb3w7Ff
 mS8HBL+cu9sNWrW2TXZ1NTJucTg3+2zRHnpGzt11roz5xgEWxPRraZo1SsPOJ5eAxi2u/JNo
 AFLDNjI9K6N5ZJQfJSlbQ9+6nOzW1th8K2iPcPWuWbplQKeaRo6UQCafCJaj+CxC2iTzmzau
 Sw+xokHdgtDvSBFHvpJf0atERNKd5bWcJGtpxQxPQlx/XsWm4pB4XXlbk1WjOoFQeRQOyWCv
 eHRz7wGpY0fe9Q/UWkV40gLoP6d9BD9ZWbGvvT2NZtDCnaHTZ/trtADgxno5TVdr3VzIHah3
 mLlLUk+oxMnqJvLTPXppz2/0AsGbEFcLs6fO7P1zr48yAGzNqXlZCiCUZ5DPqvAeOEFHiJUh
 HjXBWPHQYZeG0DNdRY/dunPOGKIYwUlSY/SaIGvstrmeIGlMBd3TqWZ8qIqvrg==
Date:   Mon, 16 Jul 2018 13:56:42 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <20180716120915.09d35dc0@epycfail>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TM-AS-GCONF: 00
x-cbid: 18071611-0028-0000-0000-000002DC1AB6
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18071611-0029-0000-0000-00002393D7B2
Message-Id: <11a146f0-eebc-ece9-ed2b-32ad9a32a687@linux.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-07-16_04:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1806210000 definitions=main-1807160140
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



On 07/16/2018 12:09 PM, Stefano Brivio wrote:
> On Mon, 16 Jul 2018 12:01:01 +0200
> Ursula Braun <ubraun@linux.ibm.com> wrote:
> 
>> From: Ursula Braun <ursula.braun@linux.ibm.com>
>>
>> SMC ioctl processing requires the sock lock to work properly in
>> all thinkable scenarios.
>> Problem has been found with RaceFuzzer and fixes:
>>    KASAN: null-ptr-deref Read in smc_ioctl
>>
>> Reported-by: Byoungyoung Lee <lifeasageek@gmail.com>
>> Reported-by: syzbot+35b2c5aa76fd398b9fd4@syzkaller.appspotmail.com
>> Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
>> ---
>>  net/smc/af_smc.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
>> index 5334157f5065..a4381b38a521 100644
>> --- a/net/smc/af_smc.c
>> +++ b/net/smc/af_smc.c
>> @@ -1524,6 +1524,7 @@ static int smc_ioctl(struct socket *sock, unsigned int cmd,
>>  			return -EBADF;
>>  		return smc->clcsock->ops->ioctl(smc->clcsock, cmd, arg);
>>  	}
>> +	lock_sock(&smc->sk);
>>  	switch (cmd) {
>>  	case SIOCINQ: /* same as FIONREAD */
>>  		if (smc->sk.sk_state == SMC_LISTEN)
> 
>                         return -EINVAL;
> 
> you should also unlock here, and:
> 
>         case SIOCOUTQ:
>                 /* output queue size (not send + not acked) */
>                 if (smc->sk.sk_state == SMC_LISTEN)
>                         return -EINVAL;
> 
> here, and:
> 
>         case SIOCOUTQNSD:
>                 /* output queue size (not send only) */
>                 if (smc->sk.sk_state == SMC_LISTEN)
>                         return -EINVAL;
> 
> here, and:
> 
>         case SIOCATMARK:
>                 if (smc->sk.sk_state == SMC_LISTEN)
>                         return -EINVAL;
> 
> here.
> 

sorry, my fault! V2 is on its way. Thanks for your hint.