2006-11-01 05:35:14

by Chris Wright

[permalink] [raw]
Subject: [PATCH 01/61] [DECNET]: Fix sfuzz hanging on 2.6.18

-stable review patch. If anyone has any objections, please let us know.
------------------

From: Patrick McHardy <[email protected]>

Dave Jones wrote:
> sfuzz D 724EF62A 2828 28717 28691 (NOTLB)
> cd69fe98 00000082 0000012d 724ef62a 0001971a 00000010 00000007 df6d22b0
> dfd81080 725bbc5e 0001971a 000cc634 00000001 df6d23bc c140e260 00000202
> de1d5ba0 cd69fea0 de1d5ba0 00000000 00000000 de1d5b60 de1d5b8c de1d5ba0
> Call Trace:
> [<c05b1708>] lock_sock+0x75/0xa6
> [<e0b0b604>] dn_getname+0x18/0x5f [decnet]
> [<c05b083b>] sys_getsockname+0x5c/0xb0
> [<c05b0b46>] sys_socketcall+0xef/0x261
> [<c0403f97>] syscall_call+0x7/0xb
> DWARF2 unwinder stuck at syscall_call+0x7/0xb
>
> I wonder if the plethora of lockdep related changes inadvertantly broke something?

Looks like unbalanced locking.

Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
---
net/decnet/af_decnet.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

--- linux-2.6.18.1.orig/net/decnet/af_decnet.c
+++ linux-2.6.18.1/net/decnet/af_decnet.c
@@ -1177,8 +1177,10 @@ static int dn_getname(struct socket *soc
if (peer) {
if ((sock->state != SS_CONNECTED &&
sock->state != SS_CONNECTING) &&
- scp->accept_mode == ACC_IMMED)
+ scp->accept_mode == ACC_IMMED) {
+ release_sock(sk);
return -ENOTCONN;
+ }

memcpy(sa, &scp->peer, sizeof(struct sockaddr_dn));
} else {

--