From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ursula Braun Subject: [PATCH net-next 1/4] net/smc: return 0 for ioctl calls in states INIT and CLOSED Date: Wed, 23 May 2018 16:38:09 +0200 Message-ID: <20180523143812.25824-2-ubraun@linux.ibm.com> References: <20180523143812.25824-1-ubraun@linux.ibm.com> Cc: netdev@vger.kernel.org, linux-s390@vger.kernel.org, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, raspl@linux.ibm.com, ubraun@linux.ibm.com To: davem@davemloft.net Return-path: Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:55026 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933376AbeEWOiX (ORCPT ); Wed, 23 May 2018 10:38:23 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4NEZP6W100067 for ; Wed, 23 May 2018 10:38:22 -0400 Received: from e06smtp12.uk.ibm.com (e06smtp12.uk.ibm.com [195.75.94.108]) by mx0b-001b2d01.pphosted.com with ESMTP id 2j58p7d72r-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 23 May 2018 10:38:20 -0400 Received: from localhost by e06smtp12.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 23 May 2018 15:38:19 +0100 In-Reply-To: <20180523143812.25824-1-ubraun@linux.ibm.com> Sender: netdev-owner@vger.kernel.org List-ID: A connected SMC-socket contains addresses of descriptors for the send buffer and the rmb (receive buffer). Fields of these descriptors are used to determine the answer for certain ioctl requests. Add extra handling for unconnected SMC socket states without valid buffer descriptor addresses. Signed-off-by: Ursula Braun Reported-by: syzbot+e6714328fda813fc670f@syzkaller.appspotmail.com --- net/smc/af_smc.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c index 48530dab5c94..f2d925921d81 100644 --- a/net/smc/af_smc.c +++ b/net/smc/af_smc.c @@ -1490,20 +1490,32 @@ static int smc_ioctl(struct socket *sock, unsigned int cmd, case SIOCINQ: /* same as FIONREAD */ if (smc->sk.sk_state == SMC_LISTEN) return -EINVAL; - answ = atomic_read(&smc->conn.bytes_to_rcv); + if (smc->sk.sk_state == SMC_INIT || + smc->sk.sk_state == SMC_CLOSED) + answ = 0; + else + answ = atomic_read(&smc->conn.bytes_to_rcv); break; case SIOCOUTQ: /* output queue size (not send + not acked) */ if (smc->sk.sk_state == SMC_LISTEN) return -EINVAL; - answ = smc->conn.sndbuf_desc->len - + if (smc->sk.sk_state == SMC_INIT || + smc->sk.sk_state == SMC_CLOSED) + answ = 0; + else + answ = smc->conn.sndbuf_desc->len - atomic_read(&smc->conn.sndbuf_space); break; case SIOCOUTQNSD: /* output queue size (not send only) */ if (smc->sk.sk_state == SMC_LISTEN) return -EINVAL; - answ = smc_tx_prepared_sends(&smc->conn); + if (smc->sk.sk_state == SMC_INIT || + smc->sk.sk_state == SMC_CLOSED) + answ = 0; + else + answ = smc_tx_prepared_sends(&smc->conn); break; default: return -ENOIOCTLCMD; -- 2.16.3