aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorCong Wang <xiyou.wangcong@gmail.com>2018-08-06 14:06:02 -0400
committerDavid S. Miller <davem@davemloft.net>2018-08-07 15:39:13 -0400
commit455f05ecd2b219e9a216050796d30c830d9bc393 (patch)
treeddd03269c5845932976a7e947b6efc2d168cea80 /net
parenta94cead71c4651da5649134e3cdc29b1f32327a2 (diff)
vsock: split dwork to avoid reinitializations
syzbot reported that we reinitialize an active delayed work in vsock_stream_connect(): ODEBUG: init active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:1414 WARNING: CPU: 1 PID: 11518 at lib/debugobjects.c:329 debug_print_object+0x16a/0x210 lib/debugobjects.c:326 The pattern is apparently wrong, we should only initialize the dealyed work once and could repeatly schedule it. So we have to move out the initializations to allocation side. And to avoid confusion, we can split the shared dwork into two, instead of re-using the same one. Fixes: d021c344051a ("VSOCK: Introduce VM Sockets") Reported-by: <syzbot+8a9b1bd330476a4f3db6@syzkaller.appspotmail.com> Cc: Andy king <acking@vmware.com> Cc: Stefan Hajnoczi <stefanha@redhat.com> Cc: Jorgen Hansen <jhansen@vmware.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/vmw_vsock/af_vsock.c15
-rw-r--r--net/vmw_vsock/vmci_transport.c3
2 files changed, 9 insertions, 9 deletions
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index c1076c19b858..ab27a2872935 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -451,14 +451,14 @@ static int vsock_send_shutdown(struct sock *sk, int mode)
451 return transport->shutdown(vsock_sk(sk), mode); 451 return transport->shutdown(vsock_sk(sk), mode);
452} 452}
453 453
454void vsock_pending_work(struct work_struct *work) 454static void vsock_pending_work(struct work_struct *work)
455{ 455{
456 struct sock *sk; 456 struct sock *sk;
457 struct sock *listener; 457 struct sock *listener;
458 struct vsock_sock *vsk; 458 struct vsock_sock *vsk;
459 bool cleanup; 459 bool cleanup;
460 460
461 vsk = container_of(work, struct vsock_sock, dwork.work); 461 vsk = container_of(work, struct vsock_sock, pending_work.work);
462 sk = sk_vsock(vsk); 462 sk = sk_vsock(vsk);
463 listener = vsk->listener; 463 listener = vsk->listener;
464 cleanup = true; 464 cleanup = true;
@@ -498,7 +498,6 @@ out:
498 sock_put(sk); 498 sock_put(sk);
499 sock_put(listener); 499 sock_put(listener);
500} 500}
501EXPORT_SYMBOL_GPL(vsock_pending_work);
502 501
503/**** SOCKET OPERATIONS ****/ 502/**** SOCKET OPERATIONS ****/
504 503
@@ -597,6 +596,8 @@ static int __vsock_bind(struct sock *sk, struct sockaddr_vm *addr)
597 return retval; 596 return retval;
598} 597}
599 598
599static void vsock_connect_timeout(struct work_struct *work);
600
600struct sock *__vsock_create(struct net *net, 601struct sock *__vsock_create(struct net *net,
601 struct socket *sock, 602 struct socket *sock,
602 struct sock *parent, 603 struct sock *parent,
@@ -638,6 +639,8 @@ struct sock *__vsock_create(struct net *net,
638 vsk->sent_request = false; 639 vsk->sent_request = false;
639 vsk->ignore_connecting_rst = false; 640 vsk->ignore_connecting_rst = false;
640 vsk->peer_shutdown = 0; 641 vsk->peer_shutdown = 0;
642 INIT_DELAYED_WORK(&vsk->connect_work, vsock_connect_timeout);
643 INIT_DELAYED_WORK(&vsk->pending_work, vsock_pending_work);
641 644
642 psk = parent ? vsock_sk(parent) : NULL; 645 psk = parent ? vsock_sk(parent) : NULL;
643 if (parent) { 646 if (parent) {
@@ -1117,7 +1120,7 @@ static void vsock_connect_timeout(struct work_struct *work)
1117 struct vsock_sock *vsk; 1120 struct vsock_sock *vsk;
1118 int cancel = 0; 1121 int cancel = 0;
1119 1122
1120 vsk = container_of(work, struct vsock_sock, dwork.work); 1123 vsk = container_of(work, struct vsock_sock, connect_work.work);
1121 sk = sk_vsock(vsk); 1124 sk = sk_vsock(vsk);
1122 1125
1123 lock_sock(sk); 1126 lock_sock(sk);
@@ -1221,9 +1224,7 @@ static int vsock_stream_connect(struct socket *sock, struct sockaddr *addr,
1221 * timeout fires. 1224 * timeout fires.
1222 */ 1225 */
1223 sock_hold(sk); 1226 sock_hold(sk);
1224 INIT_DELAYED_WORK(&vsk->dwork, 1227 schedule_delayed_work(&vsk->connect_work, timeout);
1225 vsock_connect_timeout);
1226 schedule_delayed_work(&vsk->dwork, timeout);
1227 1228
1228 /* Skip ahead to preserve error code set above. */ 1229 /* Skip ahead to preserve error code set above. */
1229 goto out_wait; 1230 goto out_wait;
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index a7a73ffe675b..cb332adb84cd 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -1094,8 +1094,7 @@ static int vmci_transport_recv_listen(struct sock *sk,
1094 vpending->listener = sk; 1094 vpending->listener = sk;
1095 sock_hold(sk); 1095 sock_hold(sk);
1096 sock_hold(pending); 1096 sock_hold(pending);
1097 INIT_DELAYED_WORK(&vpending->dwork, vsock_pending_work); 1097 schedule_delayed_work(&vpending->pending_work, HZ);
1098 schedule_delayed_work(&vpending->dwork, HZ);
1099 1098
1100out: 1099out:
1101 return err; 1100 return err;
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-24 12:20:21 -0400