From: Dust Li <dust.li@linux.alibaba.com>
To: Alexandra Winter <wintera@linux.ibm.com>,
David Miller <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Eric Dumazet <edumazet@google.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"D. Wythe" <alibuda@linux.alibaba.com>,
Sidraya Jayagond <sidraya@linux.ibm.com>,
Wenjia Zhang <wenjia@linux.ibm.com>,
Wang Liang <wangliang74@huawei.com>
Cc: netdev@vger.kernel.org, linux-s390@vger.kernel.org,
Aswin Karuvally <aswin@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Simon Horman <horms@kernel.org>,
Mahanta Jambigi <mjambigi@linux.ibm.com>,
Tony Lu <tonylu@linux.alibaba.com>,
Wen Gu <guwen@linux.alibaba.com>,
linux-rdma@vger.kernel.org, stable@vger.kernel.org,
syzbot+f69bfae0a4eb29976e44@syzkaller.appspotmail.com
Subject: Re: [PATCH net] net/smc: Initialize smc hashtables before registering users
Date: Tue, 23 Dec 2025 16:00:31 +0800 [thread overview]
Message-ID: <aUpMH7_lHm1pFXcZ@linux.alibaba.com> (raw)
In-Reply-To: <64405058-23a9-49df-aed0-891fa0a19fbb@linux.ibm.com>
On 2025-12-22 10:50:37, Alexandra Winter wrote:
>
>
>On 17.12.25 16:25, Dust Li wrote:
>> On 2025-12-17 12:48:19, Alexandra Winter wrote:
>>> During initialisation of the SMC module initialize smc_v4/6_hashinfo before
>>> calling smc_nl_init(), proto_register() or sock_register(), to avoid a race
>>> that can cause use of an uninitialised pointer in case an smc protocol is
>>> called before the module is done initialising.
>>>
>>> syzbot report:
>>> KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
>>> Call Trace:
>>> <TASK>
>>> smc_diag_dump+0x59/0xa0 net/smc/smc_diag.c:236
>>> netlink_dump+0x647/0xd80 net/netlink/af_netlink.c:2325
>>> __netlink_dump_start+0x59f/0x780 net/netlink/af_netlink.c:2440
>>> netlink_dump_start include/linux/netlink.h:339 [inline]
>>> smc_diag_handler_dump+0x1ab/0x250 net/smc/smc_diag.c:251
>>> sock_diag_rcv_msg+0x3dc/0x5f0
>>> netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550
>>> netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
>>> netlink_unicast+0x7f0/0x990 net/netlink/af_netlink.c:1357
>>> netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901
>>
>> I don't think this is related to smc_nl_init().
>>
>> Here the calltrace is smc_diag_dump(), which was registered in
>> sock_diag_register(&smc_diag_handler).
>>
>> But smc_nl_init() is registering the general netlink in SMC,
>> which is unrelated to smc_diag_dump().
>
>
>I had assumed some dependency between the smc netlink diag socket and smc_nl_init()
>and wrongly assumed that the smc_diag_init() and smc_init() could race.
>I now understand that modprobe will ensure smc_diag_init() is called before smc_init(),
>so you are right: this patch is indeed NOT a fix for this sysbot report [1]
>
>
>> I think the root cause should be related to the initializing between
>> smc_diag.ko and smc_v4/6_hashinfo.ht.
>
>Given modprobe initializes the modules sequentially, I do not see how these could race.
>
>I guess this syszbot report was fixed by
>f584239a9ed2 ("net/smc: fix general protection fault in __smc_diag_dump")
>as reported in [2] .
>
>I'm not sure about the correct procedure, if nobody recommends a better action, I'll send a
>
>#syz dup: general protection fault in __smc_diag_dump
>to
>syzbot+f69bfae0a4eb29976e44@syzkaller.appspotmail.com
>(this one: general protection fault in smc_diag_dump_proto [1])
>
>
>I still think initializing the hashtables before smc_nl_init()
>makes sense. I'll resend this patch without mentioning syzbot.
Agree.
Best regards,
Dust
prev parent reply other threads:[~2025-12-23 8:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-17 11:48 [PATCH net] net/smc: Initialize smc hashtables before registering users Alexandra Winter
2025-12-17 11:50 ` kernel test robot
2025-12-17 15:25 ` Dust Li
2025-12-22 9:50 ` Alexandra Winter
2025-12-23 8:00 ` Dust Li [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aUpMH7_lHm1pFXcZ@linux.alibaba.com \
--to=dust.li@linux.alibaba.com \
--cc=agordeev@linux.ibm.com \
--cc=alibuda@linux.alibaba.com \
--cc=andrew+netdev@lunn.ch \
--cc=aswin@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gor@linux.ibm.com \
--cc=guwen@linux.alibaba.com \
--cc=hca@linux.ibm.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mjambigi@linux.ibm.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sidraya@linux.ibm.com \
--cc=stable@vger.kernel.org \
--cc=svens@linux.ibm.com \
--cc=syzbot+f69bfae0a4eb29976e44@syzkaller.appspotmail.com \
--cc=tonylu@linux.alibaba.com \
--cc=wangliang74@huawei.com \
--cc=wenjia@linux.ibm.com \
--cc=wintera@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.