[PATCH 4.6 08/81] tuntap: correctly wake up process during uninit

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
	Xi Wang <xii@google.com>, "Michael S. Tsirkin" <mst@redhat.com>,
	Jason Wang <jasowang@redhat.com>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.6 08/81] tuntap: correctly wake up process during uninit
Date: Wed, 22 Jun 2016 15:45:31 -0700	[thread overview]
Message-ID: <20160622223743.682413962@linuxfoundation.org> (raw)
In-Reply-To: <20160622223743.240652686@linuxfoundation.org>

4.6-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jason Wang <jasowang@redhat.com>

[ Upstream commit addf8fc4acb1cf79492ac64966f07178793cb3d7 ]

We used to check dev->reg_state against NETREG_REGISTERED after each
time we are woke up. But after commit 9e641bdcfa4e ("net-tun:
restructure tun_do_read for better sleep/wakeup efficiency"), it uses
skb_recv_datagram() which does not check dev->reg_state. This will
result if we delete a tun/tap device after a process is blocked in the
reading. The device will wait for the reference count which was held
by that process for ever.

Fixes this by using RCV_SHUTDOWN which will be checked during
sk_recv_datagram() before trying to wake up the process during uninit.

Fixes: 9e641bdcfa4e ("net-tun: restructure tun_do_read for better
sleep/wakeup efficiency")
Cc: Eric Dumazet <edumazet@google.com>
Cc: Xi Wang <xii@google.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/tun.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -568,11 +568,13 @@ static void tun_detach_all(struct net_de
 	for (i = 0; i < n; i++) {
 		tfile = rtnl_dereference(tun->tfiles[i]);
 		BUG_ON(!tfile);
+		tfile->socket.sk->sk_shutdown = RCV_SHUTDOWN;
 		tfile->socket.sk->sk_data_ready(tfile->socket.sk);
 		RCU_INIT_POINTER(tfile->tun, NULL);
 		--tun->numqueues;
 	}
 	list_for_each_entry(tfile, &tun->disabled, next) {
+		tfile->socket.sk->sk_shutdown = RCV_SHUTDOWN;
 		tfile->socket.sk->sk_data_ready(tfile->socket.sk);
 		RCU_INIT_POINTER(tfile->tun, NULL);
 	}
@@ -628,6 +630,7 @@ static int tun_attach(struct tun_struct
 			goto out;
 	}
 	tfile->queue_index = tun->numqueues;
+	tfile->socket.sk->sk_shutdown &= ~RCV_SHUTDOWN;
 	rcu_assign_pointer(tfile->tun, tun);
 	rcu_assign_pointer(tun->tfiles[tun->numqueues], tfile);
 	tun->numqueues++;
@@ -1425,9 +1428,6 @@ static ssize_t tun_do_read(struct tun_st
 	if (!iov_iter_count(to))
 		return 0;
 
-	if (tun->dev->reg_state != NETREG_REGISTERED)
-		return -EIO;
-
 	/* Read frames from queue */
 	skb = __skb_recv_datagram(tfile->socket.sk, noblock ? MSG_DONTWAIT : 0,
 				  &peeked, &off, &err);

next prev parent reply	other threads:[~2016-06-22 23:05 UTC|newest]

Thread overview: 86+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-22 22:45 [PATCH 4.6 00/81] 4.6.3-stable review Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 01/81] scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 02/81] scsi: Add QEMU CD-ROM to VPD Inquiry Blacklist Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 03/81] tipc: check nl sock before parsing nested attributes Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 04/81] netlink: Fix dump skb leak/double free Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 05/81] tipc: fix nametable publication field in nl compat Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 06/81] switchdev: pass pointer to fib_info instead of copy Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 07/81] macsec: fix netlink attribute for key id Greg Kroah-Hartman
2016-06-22 22:45 ` Greg Kroah-Hartman [this message]
2016-06-22 22:45 ` [PATCH 4.6 09/81] bpf: Use mount_nodev not mount_ns to mount the bpf filesystem Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 10/81] udp: prevent skbs lingering in tunnel socket queues Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 11/81] uapi glibc compat: fix compilation when !__USE_MISC in glibc Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 12/81] ipv4: Fix non-initialized TTL when CONFIG_SYSCTL=n Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 13/81] bpf, inode: disallow userns mounts Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 14/81] net: mvneta: Fix lacking spinlock initialization Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 15/81] net: hwbm: Fix unbalanced spinlock in error case Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 16/81] sfc: on MC reset, clear PIO buffer linkage in TXQs Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 17/81] team: dont call netdev_change_features under team->lock Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 18/81] net: alx: use custom skb allocator Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 19/81] net: stmmac: Fix incorrect memcpy source memory Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 20/81] vxlan: Accept user specified MTU value when create new vxlan link Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 21/81] net: nps_enet: Disable interrupts before napi reschedule Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 22/81] bpf, trace: use READ_ONCE for retrieving file ptr Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 23/81] tcp: record TLP and ER timer stats in v6 stats Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 24/81] bridge: Dont insert unnecessary local fdb entry on changing mac address Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 25/81] l2tp: fix configuration passed to setup_udp_tunnel_sock() Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 26/81] ipv6: Skip XFRM lookup if dst_entry in socket cache is valid Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 27/81] KVM: arm/arm64: vgic-v2: Clear all dirty LRs Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 28/81] KVM: arm/arm64: vgic-v3: " Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 31/81] drivers/perf: arm_pmu: Defer the setting of __oprofile_cpu_pmu Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 32/81] ALSA: hda - Add PCI ID for Kabylake Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 33/81] ALSA: hda - Fix headset mic detection problem for Dell machine Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 34/81] ALSA: hda/realtek - ALC256 speaker noise issue Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 35/81] ALSA: hda/realtek - Add support for new codecs ALC700/ALC701/ALC703 Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 36/81] ALSA: hda/realtek: Add T560 docking unit fixup Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 37/81] ARM: fix PTRACE_SETVFPREGS on SMP systems Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 39/81] gpio: bcm-kona: fix bcm_kona_gpio_reset() warnings Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 40/81] gpiolib: Fix NULL pointer deference Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 41/81] gpiolib: Fix unaligned used of reference counters Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 42/81] s390/bpf: fix recache skb->data/hlen for skb_vlan_push/pop Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 43/81] s390/bpf: reduce maximum program size to 64 KB Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 44/81] irqchip/gic-v3: Fix ICC_SGI1R_EL1.INTID decoding mask Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 45/81] crypto: public_key: select CRYPTO_AKCIPHER Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 46/81] crypto: ccp - Fix AES XTS error for request sizes above 4096 Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 47/81] arm64: Provide "model name" in /proc/cpuinfo for PER_LINUX32 tasks Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 48/81] arm64: mm: always take dirty state from new pte in ptep_set_access_flags Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 49/81] powerpc/pseries/eeh: Handle RTAS delay requests in configure_bridge Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 50/81] powerpc: Fix definition of SIAR and SDAR registers Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 51/81] powerpc: Use privileged SPR number for MMCR2 Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 52/81] powerpc/pseries: Add POWER8NVL support to ibm,client-architecture-support call Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 53/81] powerpc/mm/hash: Fix the reference bit update when handling hash fault Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 54/81] pinctrl: mediatek: fix dual-edge code defect Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 55/81] parisc: Fix pagefault crash in unaligned __get_user() call Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 56/81] memcg: add RCU locking around css_for_each_descendant_pre() in memcg_offline_kmem() Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 57/81] ecryptfs: forbid opening files without mmap handler Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 58/81] wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 59/81] mm: thp: broken page count after commit aa88b68c3b1d Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 60/81] x86/entry/traps: Dont force in_interrupt() to return true in IST handlers Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 61/81] proc: prevent stacking filesystems on top Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 62/81] sched: panic on corrupted stack end Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 63/81] fix d_walk()/non-delayed __d_free() race Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 64/81] sparc64: Reduce TLB flushes during hugepte changes Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 65/81] sparc64: Take ctx_alloc_lock properly in hugetlb_setup() Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 66/81] sparc: Harden signal return frame checks Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 67/81] sparc64: Fix return from trap window fill crashes Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 68/81] gpio: zynq: Fix the error path Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 69/81] gpio: zynq: initialize clock even without CONFIG_PM Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 70/81] drm/core: Do not preserve framebuffer on rmfb, v4 Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 71/81] netfilter: x_tables: dont move to non-existent next rule Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 72/81] netfilter: x_tables: validate targets of jumps Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 73/81] netfilter: x_tables: add and use xt_check_entry_offsets Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 74/81] netfilter: x_tables: kill check_entry helper Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 75/81] netfilter: x_tables: assert minimum target size Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 76/81] netfilter: x_tables: add compat version of xt_check_entry_offsets Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 77/81] netfilter: x_tables: check standard target size too Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 78/81] netfilter: x_tables: check for bogus target offset Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 79/81] netfilter: x_tables: validate all offsets and sizes in a rule Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 80/81] netfilter: x_tables: dont reject valid target size on some architectures Greg Kroah-Hartman
2016-06-23  4:52 ` [PATCH 4.6 00/87] 4.6.3-stable review -rc2 Greg Kroah-Hartman
2016-06-23 19:45   ` Guenter Roeck
2016-06-24 17:15     ` Greg Kroah-Hartman
2016-06-23 21:53   ` Shuah Khan
2016-06-24 17:14     ` Greg Kroah-Hartman
     [not found] ` <20160622223745.208652702@linuxfoundation.org>
2016-06-23  7:21   ` [PATCH 4.6 38/81] gpio: bail out silently on NULL descriptors Linus Walleij
2016-06-23  9:16     ` Hans de Goede
2016-06-24  2:50     ` Greg Kroah-Hartman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160622223743.682413962@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=jasowang@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=stable@vger.kernel.org \
    --cc=xii@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox