torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
8240d8d3c5
linux/net/ipv4
History
Jibin Zhang f920436a44 net: use sock_gen_put() when sk_state is TCP_TIME_WAIT 
It is possible for a pointer of type struct inet_timewait_sock to be
returned from the functions __inet_lookup_established() and
__inet6_lookup_established(). This can cause a crash when the
returned pointer is of type struct inet_timewait_sock and
sock_put() is called on it. The following is a crash call stack that
shows sk->sk_wmem_alloc being accessed in sk_free() during the call to
sock_put() on a struct inet_timewait_sock pointer. To avoid this issue,
use sock_gen_put() instead of sock_put() when sk->sk_state
is TCP_TIME_WAIT.

mrdump.ko        ipanic() + 120
vmlinux          notifier_call_chain(nr_to_call=-1, nr_calls=0) + 132
vmlinux          atomic_notifier_call_chain(val=0) + 56
vmlinux          panic() + 344
vmlinux          add_taint() + 164
vmlinux          end_report() + 136
vmlinux          kasan_report(size=0) + 236
vmlinux          report_tag_fault() + 16
vmlinux          do_tag_recovery() + 16
vmlinux          __do_kernel_fault() + 88
vmlinux          do_bad_area() + 28
vmlinux          do_tag_check_fault() + 60
vmlinux          do_mem_abort() + 80
vmlinux          el1_abort() + 56
vmlinux          el1h_64_sync_handler() + 124
vmlinux        > 0xFFFFFFC080011294()
vmlinux          __lse_atomic_fetch_add_release(v=0xF2FFFF82A896087C)
vmlinux          __lse_atomic_fetch_sub_release(v=0xF2FFFF82A896087C)
vmlinux          arch_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C)
+ 8
vmlinux          raw_atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C)
+ 8
vmlinux          atomic_fetch_sub_release(i=1, v=0xF2FFFF82A896087C) + 8
vmlinux          __refcount_sub_and_test(i=1, r=0xF2FFFF82A896087C,
oldp=0) + 8
vmlinux          __refcount_dec_and_test(r=0xF2FFFF82A896087C, oldp=0) + 8
vmlinux          refcount_dec_and_test(r=0xF2FFFF82A896087C) + 8
vmlinux          sk_free(sk=0xF2FFFF82A8960700) + 28
vmlinux          sock_put() + 48
vmlinux          tcp6_check_fraglist_gro() + 236
vmlinux          tcp6_gro_receive() + 624
vmlinux          ipv6_gro_receive() + 912
vmlinux          dev_gro_receive() + 1116
vmlinux          napi_gro_receive() + 196
ccmni.ko         ccmni_rx_callback() + 208
ccmni.ko         ccmni_queue_recv_skb() + 388
ccci_dpmaif.ko   dpmaif_rxq_push_thread() + 1088
vmlinux          kthread() + 268
vmlinux          0xFFFFFFC08001F30C()

Fixes: c9d1d23e52 ("net: add heuristic for enabling TCP fraglist GRO")
Signed-off-by: Jibin Zhang <jibin.zhang@mediatek.com>
Signed-off-by: Shiming Cheng <shiming.cheng@mediatek.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Link: https://patch.msgid.link/20250429020412.14163-1-shiming.cheng@mediatek.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-05-01 07:00:19 -07:00
..
netfilter netfilter: fib: avoid lookup if socket is available 2025-03-21 10:12:15 +01:00
af_inet.c net: dismiss sk_forward_alloc_get() 2025-02-19 19:05:28 -08:00
ah4.c net: fill in MODULE_DESCRIPTION()s for ipv4 modules 2024-02-09 14:12:02 -08:00
arp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-20 10:37:30 -08:00
bpf_tcp_ca.c tcp: Pass flags to __tcp_send_ack 2025-03-17 13:56:38 +00:00
cipso_ipv4.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
datagram.c ipv4: Use inet_sk_init_flowi4() in ip4_datagram_release_cb(). 2024-12-20 13:50:09 -08:00
devinet.c net: switch to netif_disable_lro in inetdev_init 2025-04-03 15:32:08 -07:00
esp4_offload.c xfrm: Add an inbound percpu state cache. 2024-10-29 11:56:18 +01:00
esp4.c ipsec-2025-01-27 2025-01-27 15:15:12 -08:00
fib_frontend.c inet: fix lwtunnel_valid_encap_type() lock imbalance 2025-03-05 19:16:56 -08:00
fib_lookup.h
fib_notifier.c net: do not acquire rtnl in fib_seq_sum() 2024-10-11 15:35:05 -07:00
fib_rules.c ipv4: fib_rules: Add DSCP mask matching 2025-02-21 16:08:47 -08:00
fib_semantics.c ipv4: fib: Namespacify fib_info hash tables. 2025-03-03 15:04:10 -08:00
fib_trie.c ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). 2025-03-03 15:04:11 -08:00
fou_bpf.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
fou_core.c fou: fix initialization of grc 2024-09-09 17:21:47 -07:00
fou_nl.c tools: ynl-gen: use big-endian netlink attribute types 2024-10-22 15:33:24 +02:00
fou_nl.h
gre_demux.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
gre_offload.c net: gro: rename skb_gro_header_hard() 2024-03-05 13:30:11 +01:00
icmp.c inet: ping: avoid skb_clone() dance in ping_rcv() 2025-02-28 14:41:33 -08:00
igmp_internal.h netlink: support dumping IPv4 multicast addresses 2025-02-11 11:26:53 +01:00
igmp.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
inet_connection_sock.c tcp/dccp: Remove inet_connection_sock_af_ops.addr2sockaddr(). 2025-03-24 12:10:13 -07:00
inet_diag.c tcp/dccp: remove icsk->icsk_timeout 2025-03-25 10:34:33 -07:00
inet_fragment.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
inet_hashtables.c inet: call inet6_ehashfn() once from inet6_hash_connect() 2025-03-06 15:26:02 -08:00
inet_timewait_sock.c tcp: add RCU management to inet_bind_bucket 2025-03-04 17:46:26 -08:00
inetpeer.c inetpeer: use EXPORT_IPV6_MOD[_GPL]() 2025-02-14 13:09:39 -08:00
ip_forward.c net: fix IPSTATS_MIB_OUTFORWDATAGRAMS increment after fragment check 2023-10-13 09:58:45 -07:00
ip_fragment.c inet: frags: save a pair of atomic operations in reassembly 2025-03-18 13:18:36 +01:00
ip_gre.c net: ip_tunnel: Use link netns in newlink() of rtnl_link_ops 2025-02-21 15:28:02 -08:00
ip_input.c ipv4: remove useless arg 2025-01-02 17:17:40 -08:00
ip_options.c net: ip: make ip_route_input() return drop reasons 2024-11-12 11:24:51 +01:00
ip_output.c tcp: add new TCP_TW_ACK_OOW state and allow ECN bits in TOS 2025-03-17 13:56:17 +00:00
ip_sockglue.c Networking changes for 6.14. 2025-01-22 08:28:57 -08:00
ip_tunnel_core.c net: fix geneve_opt length integer overflow 2025-04-03 15:47:35 -07:00
ip_tunnel.c net: move misc netdev_lock flavors to a separate header 2025-03-08 09:06:50 -08:00
ip_vti.c net: ip_tunnel: Use link netns in newlink() of rtnl_link_ops 2025-02-21 15:28:02 -08:00
ipcomp.c
ipconfig.c
ipip.c net: ip_tunnel: Use link netns in newlink() of rtnl_link_ops 2025-02-21 15:28:02 -08:00
ipmr_base.c ipmr: do not call mr_mfc_uses_dev() for unres entries 2025-01-23 07:08:13 -08:00
ipmr.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
Kconfig net/tcp: Expand goo.gl link 2024-07-30 18:35:12 -07:00
Makefile bpfilter: remove bpfilter 2024-01-04 10:23:10 -08:00
metrics.c net: remove NULL-pointer net parameter in ip_metrics_convert 2024-06-05 10:06:00 +01:00
netfilter.c netfilter: ipv4: Convert ip_route_me_harder() to dscp_t. 2024-11-15 11:00:29 +01:00
netlink.c
nexthop.c nexthop: Convert RTM_DELNEXTHOP to per-netns RTNL. 2025-03-25 07:32:00 -07:00
ping.c inet: ping: avoid skb_clone() dance in ping_rcv() 2025-02-28 14:41:33 -08:00
proc.c tcp: be less liberal in TSEcr received while in SYN_RECV state 2025-02-26 18:11:17 -08:00
protocol.c
raw_diag.c inet_diag: add module pointer to "struct inet_diag_handler" 2024-01-23 15:13:54 +01:00
raw.c ipv4: remove get_rttos 2025-02-18 18:27:19 -08:00
route.c ipv4: use RCU protection in __ip_rt_update_pmtu() 2025-02-06 16:14:14 -08:00
syncookies.c tcp: be less liberal in TSEcr received while in SYN_RECV state 2025-02-26 18:11:17 -08:00
sysctl_net_ipv4.c tcp: add tcp_rto_max_ms sysctl 2025-02-11 13:08:00 +01:00
tcp_ao.c net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals 2024-11-03 12:10:11 -08:00
tcp_bbr.c tcp: Add new args for cong_control in tcp_congestion_ops 2024-05-02 16:26:56 -07:00
tcp_bic.c
tcp_bpf.c bpf: Fix wrong copied_seq calculation 2025-01-29 13:32:23 -08:00
tcp_cdg.c
tcp_cong.c tcp: only release congestion control if it has been initialized 2024-10-31 18:22:48 -07:00
tcp_cubic.c tcp_cubic: fix incorrect HyStart round start detection 2025-01-20 12:26:41 +00:00
tcp_dctcp.c tcp: helpers for ECN mode handling 2025-03-17 13:54:11 +00:00
tcp_dctcp.h tcp: Pass flags to __tcp_send_ack 2025-03-17 13:56:38 +00:00
tcp_diag.c tcp: ulp: diag: more info without CAP_NET_ADMIN 2025-03-07 19:39:53 -08:00
tcp_fastopen.c Revert "tcp: avoid atomic operations on sk->sk_rmem_alloc" 2025-03-31 16:53:54 -07:00
tcp_highspeed.c
tcp_htcp.c tcp: Use clamp() in htcp_alpha_update() 2024-08-06 12:16:25 -07:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c Revert "tcp: avoid atomic operations on sk->sk_rmem_alloc" 2025-03-31 16:53:54 -07:00
tcp_ipv4.c tcp/dccp: remove icsk->icsk_timeout 2025-03-25 10:34:33 -07:00
tcp_lp.c tcp: rename tcp_time_stamp() to tcp_time_stamp_ts() 2023-10-23 09:35:01 +01:00
tcp_metrics.c tcp: convert to dev_net_rcu() 2025-03-03 15:44:19 -08:00
tcp_minisocks.c tcp: add new TCP_TW_ACK_OOW state and allow ECN bits in TOS 2025-03-17 13:56:17 +00:00
tcp_nv.c
tcp_offload.c net: use sock_gen_put() when sk_state is TCP_TIME_WAIT 2025-05-01 07:00:19 -07:00
tcp_output.c tcp/dccp: remove icsk->icsk_ack.timeout 2025-03-25 10:34:33 -07:00
tcp_plb.c
tcp_rate.c
tcp_recovery.c tcp: fix excessive TLP and RACK timeouts from HZ rounding 2023-10-17 17:25:42 -07:00
tcp_scalable.c
tcp_sigpool.c net/tcp_sigpool: Use nested-BH locking for sigpool_scratch. 2024-06-24 16:41:22 -07:00
tcp_timer.c Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
tcp_ulp.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c Revert "tcp: avoid atomic operations on sk->sk_rmem_alloc" 2025-03-31 16:53:54 -07:00
tunnel4.c net: fill in MODULE_DESCRIPTION()s for ipv4 modules 2024-02-09 14:12:02 -08:00
udp_bpf.c
udp_diag.c inet_diag: add module pointer to "struct inet_diag_handler" 2024-01-23 15:13:54 +01:00
udp_impl.h
udp_offload.c net: ipv6: fix UDPv6 GSO segmentation with NAT 2025-04-29 14:46:28 -07:00
udp_tunnel_core.c Revert "udp_tunnel: GRO optimizations" 2025-03-25 09:15:07 -07:00
udp_tunnel_nic.c udp_tunnel: Use flex array to simplify code 2023-10-03 11:39:34 +02:00
udp_tunnel_stub.c
udp.c udp: Fix memory accounting leak. 2025-04-02 17:18:27 -07:00
udplite.c
xfrm4_input.c ipv4: Convert ip_route_input_noref() to dscp_t. 2024-10-03 16:21:21 -07:00
xfrm4_output.c
xfrm4_policy.c xfrm: Convert struct xfrm_dst_lookup_params -> tos to dscp_t. 2024-11-06 12:42:51 +01:00
xfrm4_protocol.c ipv4: Convert ip_route_input_noref() to dscp_t. 2024-10-03 16:21:21 -07:00
xfrm4_state.c
xfrm4_tunnel.c net: fill in MODULE_DESCRIPTION()s for ipv4 modules 2024-02-09 14:12:02 -08:00