diff options
| author | David S. Miller <davem@davemloft.net> | 2018-08-08 22:14:23 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-08-08 22:14:23 -0400 |
| commit | ef91b6f91ab8edfb3b90a03896004023dbac3e6e (patch) | |
| tree | 3edc813b7168552a1ca9afad1f04b698a65f371e | |
| parent | 11ba961c916127651e12af6cad3891f8aeb25aa9 (diff) | |
| parent | 7311d665ca68907b9c43d6d1021f816f9a7bbd57 (diff) | |
Merge branch 'smc-fixes'
Ursula Braun says:
====================
net/smc: fixes 2018-08-08
here are small fixes for SMC: The first patch makes sure, shutdown code
is not executed for sockets in state SMC_LISTEN. The second patch resets
send and receive buffer values for accepted sockets, since TCP buffer size
optimizations for the internal CLC socket should not be forwarded to the
outer SMC socket. The third patch solves a race between connect and ioctl
reported by syzbot.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/smc/af_smc.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c index 05e4ffe5aabd..e7de5f282722 100644 --- a/net/smc/af_smc.c +++ b/net/smc/af_smc.c | |||
| @@ -1122,6 +1122,8 @@ static void smc_tcp_listen_work(struct work_struct *work) | |||
| 1122 | sock_hold(lsk); /* sock_put in smc_listen_work */ | 1122 | sock_hold(lsk); /* sock_put in smc_listen_work */ |
| 1123 | INIT_WORK(&new_smc->smc_listen_work, smc_listen_work); | 1123 | INIT_WORK(&new_smc->smc_listen_work, smc_listen_work); |
| 1124 | smc_copy_sock_settings_to_smc(new_smc); | 1124 | smc_copy_sock_settings_to_smc(new_smc); |
| 1125 | new_smc->sk.sk_sndbuf = lsmc->sk.sk_sndbuf; | ||
| 1126 | new_smc->sk.sk_rcvbuf = lsmc->sk.sk_rcvbuf; | ||
| 1125 | sock_hold(&new_smc->sk); /* sock_put in passive closing */ | 1127 | sock_hold(&new_smc->sk); /* sock_put in passive closing */ |
| 1126 | if (!schedule_work(&new_smc->smc_listen_work)) | 1128 | if (!schedule_work(&new_smc->smc_listen_work)) |
| 1127 | sock_put(&new_smc->sk); | 1129 | sock_put(&new_smc->sk); |
| @@ -1397,8 +1399,7 @@ static int smc_shutdown(struct socket *sock, int how) | |||
| 1397 | lock_sock(sk); | 1399 | lock_sock(sk); |
| 1398 | 1400 | ||
| 1399 | rc = -ENOTCONN; | 1401 | rc = -ENOTCONN; |
| 1400 | if ((sk->sk_state != SMC_LISTEN) && | 1402 | if ((sk->sk_state != SMC_ACTIVE) && |
| 1401 | (sk->sk_state != SMC_ACTIVE) && | ||
| 1402 | (sk->sk_state != SMC_PEERCLOSEWAIT1) && | 1403 | (sk->sk_state != SMC_PEERCLOSEWAIT1) && |
| 1403 | (sk->sk_state != SMC_PEERCLOSEWAIT2) && | 1404 | (sk->sk_state != SMC_PEERCLOSEWAIT2) && |
| 1404 | (sk->sk_state != SMC_APPCLOSEWAIT1) && | 1405 | (sk->sk_state != SMC_APPCLOSEWAIT1) && |
| @@ -1521,12 +1522,16 @@ static int smc_ioctl(struct socket *sock, unsigned int cmd, | |||
| 1521 | 1522 | ||
| 1522 | smc = smc_sk(sock->sk); | 1523 | smc = smc_sk(sock->sk); |
| 1523 | conn = &smc->conn; | 1524 | conn = &smc->conn; |
| 1525 | lock_sock(&smc->sk); | ||
| 1524 | if (smc->use_fallback) { | 1526 | if (smc->use_fallback) { |
| 1525 | if (!smc->clcsock) | 1527 | if (!smc->clcsock) { |
| 1528 | release_sock(&smc->sk); | ||
| 1526 | return -EBADF; | 1529 | return -EBADF; |
| 1527 | return smc->clcsock->ops->ioctl(smc->clcsock, cmd, arg); | 1530 | } |
| 1531 | answ = smc->clcsock->ops->ioctl(smc->clcsock, cmd, arg); | ||
| 1532 | release_sock(&smc->sk); | ||
| 1533 | return answ; | ||
| 1528 | } | 1534 | } |
| 1529 | lock_sock(&smc->sk); | ||
| 1530 | switch (cmd) { | 1535 | switch (cmd) { |
| 1531 | case SIOCINQ: /* same as FIONREAD */ | 1536 | case SIOCINQ: /* same as FIONREAD */ |
| 1532 | if (smc->sk.sk_state == SMC_LISTEN) { | 1537 | if (smc->sk.sk_state == SMC_LISTEN) { |