From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Jakub Kicinski <jakub.kicinski@netronome.com>,
Dirk van der Merwe <dirk.vandermerwe@netronome.com>,
Eric Dumazet <edumazet@google.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <alexander.levin@microsoft.com>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 78/81] net: strparser: partially revert "strparser: Call skb_unclone conditionally"
Date: Tue, 7 May 2019 01:35:49 -0400 [thread overview]
Message-ID: <20190507053554.30848-78-sashal@kernel.org> (raw)
In-Reply-To: <20190507053554.30848-1-sashal@kernel.org>
From: Jakub Kicinski <jakub.kicinski@netronome.com>
[ Upstream commit 4a9c2e3746e6151fd5d077259d79ce9ca86d47d7 ]
This reverts the first part of commit 4e485d06bb8c ("strparser: Call
skb_unclone conditionally"). To build a message with multiple
fragments we need our own root of frag_list. We can't simply
use the frag_list of orig_skb, because it will lead to linking
all orig_skbs together creating very long frag chains, and causing
stack overflow on kfree_skb() (which is called recursively on
the frag_lists).
BUG: stack guard page was hit at 00000000d40fad41 (stack is 0000000029dde9f4..000000008cce03d5)
kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP
RIP: 0010:free_one_page+0x2b/0x490
Call Trace:
__free_pages_ok+0x143/0x2c0
skb_release_data+0x8e/0x140
? skb_release_data+0xad/0x140
kfree_skb+0x32/0xb0
[...]
skb_release_data+0xad/0x140
? skb_release_data+0xad/0x140
kfree_skb+0x32/0xb0
skb_release_data+0xad/0x140
? skb_release_data+0xad/0x140
kfree_skb+0x32/0xb0
skb_release_data+0xad/0x140
? skb_release_data+0xad/0x140
kfree_skb+0x32/0xb0
skb_release_data+0xad/0x140
? skb_release_data+0xad/0x140
kfree_skb+0x32/0xb0
skb_release_data+0xad/0x140
__kfree_skb+0xe/0x20
tcp_disconnect+0xd6/0x4d0
tcp_close+0xf4/0x430
? tcp_check_oom+0xf0/0xf0
tls_sk_proto_close+0xe4/0x1e0 [tls]
inet_release+0x36/0x60
__sock_release+0x37/0xa0
sock_close+0x11/0x20
__fput+0xa2/0x1d0
task_work_run+0x89/0xb0
exit_to_usermode_loop+0x9a/0xa0
do_syscall_64+0xc0/0xf0
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Let's leave the second unclone conditional, as I'm not entirely
sure what is its purpose :)
Fixes: 4e485d06bb8c ("strparser: Call skb_unclone conditionally")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
net/strparser/strparser.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/net/strparser/strparser.c b/net/strparser/strparser.c
index da1a676860ca..0f4e42792878 100644
--- a/net/strparser/strparser.c
+++ b/net/strparser/strparser.c
@@ -140,13 +140,11 @@ static int __strp_recv(read_descriptor_t *desc, struct sk_buff *orig_skb,
/* We are going to append to the frags_list of head.
* Need to unshare the frag_list.
*/
- if (skb_has_frag_list(head)) {
- err = skb_unclone(head, GFP_ATOMIC);
- if (err) {
- STRP_STATS_INCR(strp->stats.mem_fail);
- desc->error = err;
- return 0;
- }
+ err = skb_unclone(head, GFP_ATOMIC);
+ if (err) {
+ STRP_STATS_INCR(strp->stats.mem_fail);
+ desc->error = err;
+ return 0;
}
if (unlikely(skb_shinfo(head)->frag_list)) {
--
2.20.1
next prev parent reply other threads:[~2019-05-07 5:38 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-07 5:34 [PATCH AUTOSEL 4.19 01/81] iio: adc: xilinx: fix potential use-after-free on remove Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 02/81] iio: adc: xilinx: fix potential use-after-free on probe Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 03/81] iio: adc: xilinx: prevent touching unclocked h/w on remove Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 05/81] libnvdimm/namespace: Fix a potential NULL pointer dereference Sasha Levin
2019-05-07 5:34 ` Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 06/81] HID: input: add mapping for Expose/Overview key Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 07/81] HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 08/81] HID: input: add mapping for "Toggle Display" key Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 09/81] libnvdimm/btt: Fix a kmemdup failure check Sasha Levin
2019-05-07 5:34 ` Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 10/81] s390/dasd: Fix capacity calculation for large volumes Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 11/81] mac80211: fix unaligned access in mesh table hash function Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 12/81] mac80211: Increase MAX_MSG_LEN Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 13/81] cfg80211: Handle WMM rules in regulatory domain intersection Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 14/81] mac80211: fix memory accounting with A-MSDU aggregation Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 15/81] nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 16/81] Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 17/81] libnvdimm/pmem: fix a possible OOB access when read and write pmem Sasha Levin
2019-05-07 5:34 ` Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 18/81] mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 19/81] s390/3270: fix lockdep false positive on view->lock Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 21/81] clocksource/drivers/npcm: select TIMER_OF Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 22/81] clocksource/drivers/oxnas: Fix OX820 compatible Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 23/81] selftests: fib_tests: Fix 'Command line is not complete' errors sashal
2019-05-07 5:34 ` Sasha Levin
2019-05-07 5:34 ` Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 24/81] mISDN: Check address length before reading address family Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 25/81] vxge: fix return of a free'd memblock on a failed dma mapping Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 26/81] qede: fix write to free'd pointer error and double free of ptp Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 27/81] afs: Unlock pages for __pagevec_release() Sasha Levin
[not found] ` <20190507053554.30848-1-sashal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 04/81] acpi/nfit: Always dump _DSM output payload Sasha Levin
2019-05-07 5:34 ` Sasha Levin
2019-05-07 5:34 ` Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 20/81] drm/amd/display: extending AUX SW Timeout Sasha Levin
2019-05-07 5:34 ` Sasha Levin
2019-05-07 5:34 ` [PATCH AUTOSEL 4.19 28/81] drm/amd/display: If one stream full updates, full update all planes Sasha Levin
2019-05-07 5:34 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 29/81] s390/pkey: add one more argument space for debug feature entry Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 30/81] x86/build/lto: Fix truncated .bss with -fdata-sections Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 31/81] x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 32/81] x86/mm/tlb: Revert "x86/mm: Align TLB invalidation info" Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 33/81] KVM: x86: Raise #GP when guest vCPU do not support PMU Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 34/81] KVM: fix spectrev1 gadgets Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 35/81] KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 36/81] tools lib traceevent: Fix missing equality check for strcmp Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 37/81] ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 38/81] ocelot: Don't sleep in atomic context (irqs_disabled()) Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 39/81] x86/mm/KASLR: Fix the size of the direct mapping section Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 40/81] scsi: aic7xxx: fix EISA support Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 41/81] mm: fix inactive list balancing between NUMA nodes and cgroups Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 42/81] init: initialize jump labels before command line option parsing Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 43/81] selftests: netfilter: check icmp pkttoobig errors are set as related sashal
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 44/81] ipvs: do not schedule icmp errors from tunnels Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 45/81] netfilter: ctnetlink: don't use conntrack/expect object addresses as id Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 46/81] netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook() Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 47/81] MIPS: perf: ath79: Fix perfcount IRQ assignment Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 48/81] s390: ctcm: fix ctcm_new_device error return code Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 49/81] drm/sun4i: Set device driver data at bind time for use in unbind Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 50/81] drm/sun4i: Fix component unbinding and component master deletion Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 51/81] selftests/net: correct the return value for run_netsocktests sashal
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 52/81] netfilter: fix nf_l4proto_log_invalid to log invalid packets Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 53/81] gpu: ipu-v3: dp: fix CSC handling Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 54/81] drm/imx: don't skip DP channel disable for background plane Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 55/81] ARM: 8856/1: NOMMU: Fix CCR register faulty initialization when MPU is disabled Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 56/81] spi: Micrel eth switch: declare missing of table Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 57/81] spi: ST ST95HF NFC: " Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 58/81] x86/mm: Fix a crash with kmemleak_scan() Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 59/81] drm/sun4i: Unbind components before releasing DRM and memory Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 60/81] Input: synaptics-rmi4 - fix possible double free Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 61/81] btrfs: Switch memory allocations in async csum calculation path to kvmalloc Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 62/81] RDMA/hns: Bugfix for mapping user db Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 63/81] mm/memory_hotplug.c: drop memory device reference after find_memory_block() Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 64/81] powerpc/smp: Fix NMI IPI timeout Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 65/81] powerpc/smp: Fix NMI IPI xmon timeout Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 66/81] net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 67/81] mm/memory.c: fix modifying of page protection by insert_pfn() Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 68/81] usb: typec: Fix unchecked return value Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 69/81] f2fs: fix to data block override node segment by mistake Sasha Levin
2019-05-07 5:35 ` Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 70/81] netfilter: nf_tables: use-after-free in dynamic operations Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 71/81] netfilter: nf_tables: add missing ->release_ops() in error path of newrule() Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 72/81] net: fec: manage ahb clock in runtime pm Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 73/81] mlxsw: spectrum_switchdev: Add MDB entries in prepare phase Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 74/81] mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 75/81] mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 76/81] mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 77/81] net/tls: fix the IV leaks Sasha Levin
2019-05-07 5:35 ` Sasha Levin [this message]
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 79/81] NFC: nci: Add some bounds checking in nci_hci_cmd_received() Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 80/81] nfc: nci: Potential off by one in ->pipes[] array Sasha Levin
2019-05-07 5:35 ` [PATCH AUTOSEL 4.19 81/81] x86/kprobes: Avoid kretprobe recursion bug Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190507053554.30848-78-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=alexander.levin@microsoft.com \
--cc=davem@davemloft.net \
--cc=dirk.vandermerwe@netronome.com \
--cc=edumazet@google.com \
--cc=jakub.kicinski@netronome.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.