From: trondmy@kernel.org
To: linux-nfs@vger.kernel.org
Subject: [PATCH 1/2] SUNRPC: Do not dereference non-socket transports in sysfs
Date: Thu, 24 Mar 2022 17:33:44 -0400 [thread overview]
Message-ID: <20220324213345.5833-1-trondmy@kernel.org> (raw)
From: Trond Myklebust <trond.myklebust@hammerspace.com>
Do not cast the struct xprt to a sock_xprt unless we know it is a UDP or
TCP transport. Otherwise the call to lock the mutex will scribble over
whatever structure is actually there. This has been seen to cause hard
system lockups when the underlying transport was RDMA.
Fixes: e44773daf851 ("SUNRPC: Add srcaddr as a file in sysfs")
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
net/sunrpc/sysfs.c | 32 ++++++++++++++++++++++----------
1 file changed, 22 insertions(+), 10 deletions(-)
diff --git a/net/sunrpc/sysfs.c b/net/sunrpc/sysfs.c
index 05c758da6a92..8ce053f84421 100644
--- a/net/sunrpc/sysfs.c
+++ b/net/sunrpc/sysfs.c
@@ -107,22 +107,34 @@ static ssize_t rpc_sysfs_xprt_srcaddr_show(struct kobject *kobj,
struct rpc_xprt *xprt = rpc_sysfs_xprt_kobj_get_xprt(kobj);
struct sockaddr_storage saddr;
struct sock_xprt *sock;
+ const char *fmt = "<closed>\n";
ssize_t ret = -1;
- if (!xprt || !xprt_connected(xprt)) {
- xprt_put(xprt);
- return -ENOTCONN;
- }
+ if (!xprt || !xprt_connected(xprt))
+ goto out;
- sock = container_of(xprt, struct sock_xprt, xprt);
- mutex_lock(&sock->recv_mutex);
- if (sock->sock == NULL ||
- kernel_getsockname(sock->sock, (struct sockaddr *)&saddr) < 0)
+ switch (xprt->xprt_class->ident) {
+ case XPRT_TRANSPORT_UDP:
+ case XPRT_TRANSPORT_TCP:
+ break;
+ default:
+ fmt = "<not a socket>\n";
goto out;
+ };
- ret = sprintf(buf, "%pISc\n", &saddr);
-out:
+ sock = container_of(xprt, struct sock_xprt, xprt);
+ mutex_lock(&sock->recv_mutex);
+ if (sock->sock != NULL) {
+ ret = kernel_getsockname(sock->sock, (struct sockaddr *)&saddr);
+ if (ret >= 0) {
+ ret = sprintf(buf, "%pISc\n", &saddr);
+ fmt = NULL;
+ }
+ }
mutex_unlock(&sock->recv_mutex);
+out:
+ if (fmt)
+ ret = sprintf(buf, fmt);
xprt_put(xprt);
return ret + 1;
}
--
2.35.1
next reply other threads:[~2022-03-24 21:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-24 21:33 trondmy [this message]
2022-03-24 21:33 ` [PATCH 2/2] SUNRPC: Don't return error values in sysfs read of closed files trondmy
2022-03-24 21:42 ` [PATCH 1/2] SUNRPC: Do not dereference non-socket transports in sysfs Chuck Lever III
2022-03-24 22:01 ` Trond Myklebust
2022-03-25 1:58 ` [PATCH] SUNRPC: fix semicolon.cocci warnings kernel test robot
2022-03-25 2:03 ` [PATCH 1/2] SUNRPC: Do not dereference non-socket transports in sysfs kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220324213345.5833-1-trondmy@kernel.org \
--to=trondmy@kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox