Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp5898296rdb;
        Thu, 14 Dec 2023 02:57:44 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFNbED027Hj6oN7tJ4sayqOTgfJYngkH5SuU+tfaxyfHEAa+KTXeuMR4Wfqo8SusmeDB2AA
X-Received: by 2002:a17:902:fc8e:b0:1d0:6ffd:611e with SMTP id mf14-20020a170902fc8e00b001d06ffd611emr11548264plb.64.1702551464248;
        Thu, 14 Dec 2023 02:57:44 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702551464; cv=none;
        d=google.com; s=arc-20160816;
        b=XVZp5/GseqDN9w4/Aoxeww8OCwQzXYat5LDwfFj6Unp2CoM1oRN4mQZKZLE7sugF+G
         brjS2sXR3BYcKOyd7ZGcqzeTM1L6hocIboN7ctQT9WSF8UsXMIvQH5Sp9Pe/1qjDeAfD
         4h+OOhs1j7KEPF6OeJDgkCfFVLHTf2yS/5Il0BLgI4zv6YW7sxNXw6G/Vfhw7Qa3Hhuq
         hqcFgCYmuxPXl+PFx/Ew4MvznIVaT9wk0IK8rA5+6ePQIxyNN4zGvpA7grsGmAGvZEmC
         tSC+z3+1uD7cEM60318YfqE2a/dVU6e/Ya3GyVMWgutt+JBKRlTgzLpt09a0N+v6lIL7
         Ui/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :content-language:references:cc:to:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=7HMfppTjCsAQlZ2a3fZBv4GPzszAAfnmigM/QHv3mPQ=;
        fh=JMczcGUrC9+uax7mDja5mZmSMH6oXNPZxu05v2D2/iY=;
        b=kL9/iktORun9VfAYm4HL/+/xVzjkXSqOYyfpSY43tfKJI6bFniFS6rXKfoEB27iSCy
         gINV46mg22Gc6aqgeAeR7gKIUUsi79Kn9ISOwshDfh4A3z49LjMqG7J8mA7MyPkDbrdF
         5Lgsa0LUTMIJgJWKF9QZtDfQOvaQ1SPAxl0UjOsH5QMsc8Ej7H5pqnuuuoc0XlBMBXBc
         S8LuUTQOtu+NovasSyHIT6MsRK5Fz12Kq2z4ZzODoqE8dsnOvz7dSJPEzu+r766UpboM
         mvS6jesPAmZY3MoIhTiTNBkeymfwulso/ZSFbIK1lHnO+ZWZjn/hDtOlv4in8gAGXeC1
         9zsw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=jTYrGmMS;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2])
        by mx.google.com with ESMTPS id k15-20020a170902c40f00b001d346f6804fsi2093785plk.11.2023.12.14.02.57.43
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 14 Dec 2023 02:57:44 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=jTYrGmMS;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by agentk.vger.email (Postfix) with ESMTP id C71B280D04F4;
	Thu, 14 Dec 2023 02:57:41 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1443808AbjLNK50 (ORCPT
        <rfc822;aditya.jainadityajain.jain@gmail.com> + 99 others);
        Thu, 14 Dec 2023 05:57:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53360 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1443936AbjLNK5G (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 14 Dec 2023 05:57:06 -0500
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E2911A5;
        Thu, 14 Dec 2023 02:56:15 -0800 (PST)
Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-40c495ab68cso8039605e9.0;
        Thu, 14 Dec 2023 02:56:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1702551374; x=1703156174; darn=vger.kernel.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=7HMfppTjCsAQlZ2a3fZBv4GPzszAAfnmigM/QHv3mPQ=;
        b=jTYrGmMSfaLXlBYl/j+QVUJAjraIfaPXuVyiu4/0RPBhowah1xIft5/S3EKqhadteg
         pssvoLa9xZ/Q/bIbw8SCP8UpJW//K4tBvQfBweSH8FePxrXTyjiByCCR41EPi71RdMmK
         i89BNT9sHjZA3n5GkKi1kYYhz6TMt5vSO1xAf6WPmhh7QavjLJYLtuVqtaumPR+4gcRk
         M7e012ayBOJyrnbsy2s78uN/eJXbSnTRpji+ir5UDJgpVxY1zlDCMEZYjzHL53Yq0tDX
         HwgrO3YjV7qPMMRy29xpHNRkPA7yuqB62EQjl5iYxvBVa51CDvtT8wczfrcM3fh48XJJ
         MWEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1702551374; x=1703156174;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=7HMfppTjCsAQlZ2a3fZBv4GPzszAAfnmigM/QHv3mPQ=;
        b=vVYHbWkfHF6AzIt0KEyckaykMeFT53cInVgVwOR8eSXOXwDOTpmfoUwRw/ANfsyHTB
         Qsw44v/6s0ljJj03TaA/ZlHpfniP9t6Qj1jw665U+zPybtUr0BnGSlV+xIIT+8vVKU/S
         VfTvLItneKUb5/Z7paIfSYOvAHlPSoALhyXvBbSs2gXsXY8qpg/TcMTQ5eugdeTkrosJ
         33Hy02WGjzDsRyWDp/0CWzzYoSyV5rO/cR4JTcinUmAlwJfSJyjpOnSf2pahrndQUcsc
         mPHVqUUjIA6APQOfSkcFUcAZOGEuAHxYHPzT+1dPY5ahWViA9s0YVwcm0+c+qjW98ccU
         SzZw==
X-Gm-Message-State: AOJu0Yx9geqhbduCeXu406rjFiPbOS/HMRzTZED4Cj5rKbjz6KvR/02v
        hYeGUKKhOYJc7dTxd6gRU40=
X-Received: by 2002:a05:600c:1c86:b0:3fe:d637:7b25 with SMTP id k6-20020a05600c1c8600b003fed6377b25mr11633139wms.0.1702551373533;
        Thu, 14 Dec 2023 02:56:13 -0800 (PST)
Received: from [10.0.0.4] ([37.169.173.39])
        by smtp.gmail.com with ESMTPSA id f9-20020a7bcd09000000b0040c26a459b4sm1163640wmj.0.2023.12.14.02.56.12
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 14 Dec 2023 02:56:13 -0800 (PST)
Message-ID: <1a97421c-c1f3-4974-ac81-9bc1e224f797@gmail.com>
Date:   Thu, 14 Dec 2023 11:56:11 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH net] net: Return error from sk_stream_wait_connect() if
 sk_wait_event() fails
To:     Shigeru Yoshida <syoshida@redhat.com>, davem@davemloft.net,
        kuba@kernel.org, pabeni@redhat.com
Cc:     netdev@vger.kernel.org, linux-kernel@vger.kernel.org
References: <20231214050922.3480023-1-syoshida@redhat.com>
Content-Language: en-US
From:   Eric Dumazet <eric.dumazet@gmail.com>
In-Reply-To: <20231214050922.3480023-1-syoshida@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 14 Dec 2023 02:57:41 -0800 (PST)


On 12/14/23 06:09, Shigeru Yoshida wrote:
> The following NULL pointer dereference issue occurred:
>
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> <...>
> RIP: 0010:ccid_hc_tx_send_packet net/dccp/ccid.h:166 [inline]
> RIP: 0010:dccp_write_xmit+0x49/0x140 net/dccp/output.c:356
> <...>
> Call Trace:
>   <TASK>
>   dccp_sendmsg+0x642/0x7e0 net/dccp/proto.c:801
>   inet_sendmsg+0x63/0x90 net/ipv4/af_inet.c:846
>   sock_sendmsg_nosec net/socket.c:730 [inline]
>   __sock_sendmsg+0x83/0xe0 net/socket.c:745
>   ____sys_sendmsg+0x443/0x510 net/socket.c:2558
>   ___sys_sendmsg+0xe5/0x150 net/socket.c:2612
>   __sys_sendmsg+0xa6/0x120 net/socket.c:2641
>   __do_sys_sendmsg net/socket.c:2650 [inline]
>   __se_sys_sendmsg net/socket.c:2648 [inline]
>   __x64_sys_sendmsg+0x45/0x50 net/socket.c:2648
>   do_syscall_x64 arch/x86/entry/common.c:51 [inline]
>   do_syscall_64+0x43/0x110 arch/x86/entry/common.c:82
>   entry_SYSCALL_64_after_hwframe+0x63/0x6b
>
> sk_wait_event() returns an error (-EPIPE) if disconnect() is called on the
> socket waiting for the event. However, sk_stream_wait_connect() returns
> success, i.e. zero, even if sk_wait_event() returns -EPIPE, so a function
> that waits for a connection with sk_stream_wait_connect() may misbehave.
>
> In the case of the above DCCP issue, dccp_sendmsg() is waiting for the
> connection. If disconnect() is called in concurrently, the above issue
> occurs.
>
> This patch fixes the issue by returning error from sk_stream_wait_connect()
> if sk_wait_event() fails.
>
> Fixes: 419ce133ab92 ("tcp: allow again tcp_disconnect() when threads are waiting")
> Signed-off-by: Shigeru Yoshida <syoshida@redhat.com>

Reviewed-by: Eric Dumazet <edumazet@google.com>