Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp851288yba;
        Wed, 24 Apr 2019 10:36:59 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxGcu4gfgGvf+aq8Hf8o/B551dttXVGUP7IKChInoIxKmBfNckSU54mIR0b2munwtTVThoO
X-Received: by 2002:a63:4b15:: with SMTP id y21mr32010979pga.430.1556127418899;
        Wed, 24 Apr 2019 10:36:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556127418; cv=none;
        d=google.com; s=arc-20160816;
        b=iOaFjF2VIAA7jw3lmfD6UGpp9/M/KVG7jkqsincQwnxrm1Z2wL+0j/Jge34kWQlCzb
         xiqs1WzP2RyrBNQVDMG5SzSEJ5haoDNDpBYsGxedLJgx5+bw1+I1F8kr3Bjjtm3+FAmm
         eunN44McnTHtJy0Mn0umfX9C1dFwEVTQtMo1EmZI5tPrsrOvawIr8WQYRm6enDhIRo/D
         CKlX8PjSvT4HHw80zHCyBP2durOwaKAtYMtzADnOtCTrBvUk/n2bgK4ZEVAQDEXmFALo
         MQgExZsRrhHkjku8qYEabs2u0CsRlCw6ShgLdCeyEzcFDGmv626hlKnuGMhXKHBon2FW
         3cSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=gyqQe6NLM8JT3JQrHBMcUd2KGjM4vS9sabX7uJJ2gkY=;
        b=OF/F/pAabsAa5gwUA3hNoOB12gUwqey4fhyEb9hOHoC5yhbswMobSP5VXcIWdwUcGV
         C1cNCj+hympi/cIqxlNrJz3dq5NXOKIsUxrZ78J5Nsnla0DO4nFsEFqIBv2UrsojeEMS
         a5LXkHFZvlnJp8tpSVLCbI0dASUNMWWEJRns3R1m/2w9KPhJxqW/U6dB6i7b1Ujkfuhf
         nHYedG2Enk4szkFpa3YRMmAcrAA2gk3WA45luqMqIXQK6qsHRraJH+lh+EiRjuZCB3mm
         8jU/anGBWZX5x7x13faOAXVHSjeE1aKPXjp8DlhpBF3L0okRbUWHebroli52s4qNwEBs
         AskQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=vH9+HPjO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x5si21307091pfo.84.2019.04.24.10.36.42;
        Wed, 24 Apr 2019 10:36:58 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=vH9+HPjO;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2391847AbfDXRfO (ORCPT <rfc822;luigi.mantellini.ml@gmail.com>
        + 99 others); Wed, 24 Apr 2019 13:35:14 -0400
Received: from mail.kernel.org ([198.145.29.99]:33934 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2391284AbfDXRfH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 24 Apr 2019 13:35:07 -0400
Received: from localhost (62-193-50-229.as16211.net [62.193.50.229])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id BCF0F20675;
        Wed, 24 Apr 2019 17:35:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1556127306;
        bh=P3sFKFtkuDb7hi5TIx/KRVv2qcR+uaX2D962qb2EPQg=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=vH9+HPjO1kST3eHUJtAR90RTuVL4D3qKqaHgJ3XWz/L/Lbl2mfoL2vIC6TcifCBKJ
         meSpyd402+1TXAGnP19O0owNMLS4o+CvGuqEVTbNyjbLIzcWGDQFu8fbnkuMKdPCvy
         5HQKVCwTFbTm5hE28HpipX2/zsq+y4pN9NoNRZUY=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Jakub Kicinski <jakub.kicinski@netronome.com>,
        Dirk van der Merwe <dirk.vandermerwe@netronome.com>,
        Eric Dumazet <edumazet@google.com>,
        "David S. Miller" <davem@davemloft.net>
Subject: [PATCH 5.0 024/115] net: strparser: partially revert "strparser: Call skb_unclone conditionally"
Date:   Wed, 24 Apr 2019 19:09:20 +0200
Message-Id: <20190424170926.463200926@linuxfoundation.org>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190424170924.797924502@linuxfoundation.org>
References: <20190424170924.797924502@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jakub Kicinski <jakub.kicinski@netronome.com>

[ Upstream commit 4a9c2e3746e6151fd5d077259d79ce9ca86d47d7 ]

This reverts the first part of commit 4e485d06bb8c ("strparser: Call
skb_unclone conditionally").  To build a message with multiple
fragments we need our own root of frag_list.  We can't simply
use the frag_list of orig_skb, because it will lead to linking
all orig_skbs together creating very long frag chains, and causing
stack overflow on kfree_skb() (which is called recursively on
the frag_lists).

BUG: stack guard page was hit at 00000000d40fad41 (stack is 0000000029dde9f4..000000008cce03d5)
kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP
RIP: 0010:free_one_page+0x2b/0x490

Call Trace:
  __free_pages_ok+0x143/0x2c0
  skb_release_data+0x8e/0x140
  ? skb_release_data+0xad/0x140
  kfree_skb+0x32/0xb0

  [...]

  skb_release_data+0xad/0x140
  ? skb_release_data+0xad/0x140
  kfree_skb+0x32/0xb0
  skb_release_data+0xad/0x140
  ? skb_release_data+0xad/0x140
  kfree_skb+0x32/0xb0
  skb_release_data+0xad/0x140
  ? skb_release_data+0xad/0x140
  kfree_skb+0x32/0xb0
  skb_release_data+0xad/0x140
  ? skb_release_data+0xad/0x140
  kfree_skb+0x32/0xb0
  skb_release_data+0xad/0x140
  __kfree_skb+0xe/0x20
  tcp_disconnect+0xd6/0x4d0
  tcp_close+0xf4/0x430
  ? tcp_check_oom+0xf0/0xf0
  tls_sk_proto_close+0xe4/0x1e0 [tls]
  inet_release+0x36/0x60
  __sock_release+0x37/0xa0
  sock_close+0x11/0x20
  __fput+0xa2/0x1d0
  task_work_run+0x89/0xb0
  exit_to_usermode_loop+0x9a/0xa0
  do_syscall_64+0xc0/0xf0
  entry_SYSCALL_64_after_hwframe+0x44/0xa9

Let's leave the second unclone conditional, as I'm not entirely
sure what is its purpose :)

Fixes: 4e485d06bb8c ("strparser: Call skb_unclone conditionally")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/strparser/strparser.c |   12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

--- a/net/strparser/strparser.c
+++ b/net/strparser/strparser.c
@@ -140,13 +140,11 @@ static int __strp_recv(read_descriptor_t
 			/* We are going to append to the frags_list of head.
 			 * Need to unshare the frag_list.
 			 */
-			if (skb_has_frag_list(head)) {
-				err = skb_unclone(head, GFP_ATOMIC);
-				if (err) {
-					STRP_STATS_INCR(strp->stats.mem_fail);
-					desc->error = err;
-					return 0;
-				}
+			err = skb_unclone(head, GFP_ATOMIC);
+			if (err) {
+				STRP_STATS_INCR(strp->stats.mem_fail);
+				desc->error = err;
+				return 0;
 			}
 
 			if (unlikely(skb_shinfo(head)->frag_list)) {