forked from rrcarlosr/Jetpack
99 lines
3.9 KiB
Diff
99 lines
3.9 KiB
Diff
From ededc603b7588d482ca2431182805e593b4569bd Mon Sep 17 00:00:00 2001
|
|
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
|
Date: Wed, 31 Aug 2016 17:21:56 +0200
|
|
Subject: [PATCH 240/352] net: add back the missing serialization in
|
|
ip_send_unicast_reply()
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Some time ago Sami Pietikäinen reported a crash on -RT in
|
|
ip_send_unicast_reply() which was later fixed by Nicholas Mc Guire
|
|
(v3.12.8-rt11). Later (v3.18.8) the code was reworked and I dropped the
|
|
patch. As it turns out it was mistake.
|
|
I have reports that the same crash is possible with a similar backtrace.
|
|
It seems that vanilla protects access to this_cpu_ptr() via
|
|
local_bh_disable(). This does not work the on -RT since we can have
|
|
NET_RX and NET_TX running in parallel on the same CPU.
|
|
This is brings back the old locks.
|
|
|
|
|Unable to handle kernel NULL pointer dereference at virtual address 00000010
|
|
|PC is at __ip_make_skb+0x198/0x3e8
|
|
|[<c04e39d8>] (__ip_make_skb) from [<c04e3ca8>] (ip_push_pending_frames+0x20/0x40)
|
|
|[<c04e3ca8>] (ip_push_pending_frames) from [<c04e3ff0>] (ip_send_unicast_reply+0x210/0x22c)
|
|
|[<c04e3ff0>] (ip_send_unicast_reply) from [<c04fbb54>] (tcp_v4_send_reset+0x190/0x1c0)
|
|
|[<c04fbb54>] (tcp_v4_send_reset) from [<c04fcc1c>] (tcp_v4_do_rcv+0x22c/0x288)
|
|
|[<c04fcc1c>] (tcp_v4_do_rcv) from [<c0474364>] (release_sock+0xb4/0x150)
|
|
|[<c0474364>] (release_sock) from [<c04ed904>] (tcp_close+0x240/0x454)
|
|
|[<c04ed904>] (tcp_close) from [<c0511408>] (inet_release+0x74/0x7c)
|
|
|[<c0511408>] (inet_release) from [<c0470728>] (sock_release+0x30/0xb0)
|
|
|[<c0470728>] (sock_release) from [<c0470abc>] (sock_close+0x1c/0x24)
|
|
|[<c0470abc>] (sock_close) from [<c0115ec4>] (__fput+0xe8/0x20c)
|
|
|[<c0115ec4>] (__fput) from [<c0116050>] (____fput+0x18/0x1c)
|
|
|[<c0116050>] (____fput) from [<c0058138>] (task_work_run+0xa4/0xb8)
|
|
|[<c0058138>] (task_work_run) from [<c0011478>] (do_work_pending+0xd0/0xe4)
|
|
|[<c0011478>] (do_work_pending) from [<c000e740>] (work_pending+0xc/0x20)
|
|
|Code: e3530001 8a000001 e3a00040 ea000011 (e5973010)
|
|
|
|
Cc: stable-rt@vger.kernel.org
|
|
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
|
---
|
|
net/ipv4/tcp_ipv4.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
|
|
index 3738778..5365350 100644
|
|
--- a/net/ipv4/tcp_ipv4.c
|
|
+++ b/net/ipv4/tcp_ipv4.c
|
|
@@ -62,6 +62,7 @@
|
|
#include <linux/init.h>
|
|
#include <linux/times.h>
|
|
#include <linux/slab.h>
|
|
+#include <linux/locallock.h>
|
|
|
|
#include <net/net_namespace.h>
|
|
#include <net/icmp.h>
|
|
@@ -573,6 +574,7 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
|
|
}
|
|
EXPORT_SYMBOL(tcp_v4_send_check);
|
|
|
|
+static DEFINE_LOCAL_IRQ_LOCK(tcp_sk_lock);
|
|
/*
|
|
* This routine will send an RST to the other tcp.
|
|
*
|
|
@@ -701,6 +703,7 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb)
|
|
|
|
arg.tos = ip_hdr(skb)->tos;
|
|
arg.uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
|
|
+ local_lock(tcp_sk_lock);
|
|
local_bh_disable();
|
|
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
|
|
skb, &TCP_SKB_CB(skb)->header.h4.opt,
|
|
@@ -710,6 +713,7 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb)
|
|
__TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
|
|
__TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
|
|
local_bh_enable();
|
|
+ local_unlock(tcp_sk_lock);
|
|
|
|
#ifdef CONFIG_TCP_MD5SIG
|
|
out:
|
|
@@ -787,6 +791,7 @@ static void tcp_v4_send_ack(const struct sock *sk,
|
|
arg.bound_dev_if = oif;
|
|
arg.tos = tos;
|
|
arg.uid = sock_net_uid(net, sk_fullsock(sk) ? sk : NULL);
|
|
+ local_lock(tcp_sk_lock);
|
|
local_bh_disable();
|
|
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
|
|
skb, &TCP_SKB_CB(skb)->header.h4.opt,
|
|
@@ -795,6 +800,7 @@ static void tcp_v4_send_ack(const struct sock *sk,
|
|
|
|
__TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
|
|
local_bh_enable();
|
|
+ local_unlock(tcp_sk_lock);
|
|
}
|
|
|
|
static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
|
|
--
|
|
2.7.4
|
|
|