* [PATCH net 1/3] net/smc: no shutdown in state SMC_LISTEN
2018-08-08 12:13 [PATCH net 0/3] net/smc: fixes 2018-08-08 Ursula Braun
@ 2018-08-08 12:13 ` Ursula Braun
2018-08-08 12:13 ` [PATCH net 2/3] net/smc: allow sysctl rmem and wmem defaults for servers Ursula Braun
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Ursula Braun @ 2018-08-08 12:13 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl,
linux-kernel
Invoking shutdown for a socket in state SMC_LISTEN does not make
sense. Nevertheless programs like syzbot fuzzing the kernel may
try to do this. For SMC this means a socket refcounting problem.
This patch makes sure a shutdown call for an SMC socket in state
SMC_LISTEN simply returns with -ENOTCONN.
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
---
net/smc/af_smc.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 05e4ffe5aabd..1288c7bf40d5 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -1397,8 +1397,7 @@ static int smc_shutdown(struct socket *sock, int how)
lock_sock(sk);
rc = -ENOTCONN;
- if ((sk->sk_state != SMC_LISTEN) &&
- (sk->sk_state != SMC_ACTIVE) &&
+ if ((sk->sk_state != SMC_ACTIVE) &&
(sk->sk_state != SMC_PEERCLOSEWAIT1) &&
(sk->sk_state != SMC_PEERCLOSEWAIT2) &&
(sk->sk_state != SMC_APPCLOSEWAIT1) &&
--
2.16.4
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH net 2/3] net/smc: allow sysctl rmem and wmem defaults for servers
2018-08-08 12:13 [PATCH net 0/3] net/smc: fixes 2018-08-08 Ursula Braun
2018-08-08 12:13 ` [PATCH net 1/3] net/smc: no shutdown in state SMC_LISTEN Ursula Braun
@ 2018-08-08 12:13 ` Ursula Braun
2018-08-08 12:13 ` [PATCH net 3/3] net/smc: move sock lock in smc_ioctl() Ursula Braun
2018-08-09 2:14 ` [PATCH net 0/3] net/smc: fixes 2018-08-08 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Ursula Braun @ 2018-08-08 12:13 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl,
linux-kernel
Without setsockopt SO_SNDBUF and SO_RCVBUF settings, the sysctl
defaults net.ipv4.tcp_wmem and net.ipv4.tcp_rmem should be the base
for the sizes of the SMC sndbuf and rcvbuf. Any TCP buffer size
optimizations for servers should be ignored.
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
---
net/smc/af_smc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 1288c7bf40d5..0ee7721afbe5 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -1122,6 +1122,8 @@ static void smc_tcp_listen_work(struct work_struct *work)
sock_hold(lsk); /* sock_put in smc_listen_work */
INIT_WORK(&new_smc->smc_listen_work, smc_listen_work);
smc_copy_sock_settings_to_smc(new_smc);
+ new_smc->sk.sk_sndbuf = lsmc->sk.sk_sndbuf;
+ new_smc->sk.sk_rcvbuf = lsmc->sk.sk_rcvbuf;
sock_hold(&new_smc->sk); /* sock_put in passive closing */
if (!schedule_work(&new_smc->smc_listen_work))
sock_put(&new_smc->sk);
--
2.16.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net 3/3] net/smc: move sock lock in smc_ioctl()
2018-08-08 12:13 [PATCH net 0/3] net/smc: fixes 2018-08-08 Ursula Braun
2018-08-08 12:13 ` [PATCH net 1/3] net/smc: no shutdown in state SMC_LISTEN Ursula Braun
2018-08-08 12:13 ` [PATCH net 2/3] net/smc: allow sysctl rmem and wmem defaults for servers Ursula Braun
@ 2018-08-08 12:13 ` Ursula Braun
2018-08-09 2:14 ` [PATCH net 0/3] net/smc: fixes 2018-08-08 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Ursula Braun @ 2018-08-08 12:13 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl,
linux-kernel
When an SMC socket is connecting it is decided whether fallback to
TCP is needed. To avoid races between connect and ioctl move the
sock lock before the use_fallback check.
Reported-by: syzbot+5b2cece1a8ecb2ca77d8@syzkaller.appspotmail.com
Reported-by: syzbot+19557374321ca3710990@syzkaller.appspotmail.com
Fixes: 1992d99882af ("net/smc: take sock lock in smc_ioctl()")
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
---
net/smc/af_smc.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 0ee7721afbe5..e7de5f282722 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -1522,12 +1522,16 @@ static int smc_ioctl(struct socket *sock, unsigned int cmd,
smc = smc_sk(sock->sk);
conn = &smc->conn;
+ lock_sock(&smc->sk);
if (smc->use_fallback) {
- if (!smc->clcsock)
+ if (!smc->clcsock) {
+ release_sock(&smc->sk);
return -EBADF;
- return smc->clcsock->ops->ioctl(smc->clcsock, cmd, arg);
+ }
+ answ = smc->clcsock->ops->ioctl(smc->clcsock, cmd, arg);
+ release_sock(&smc->sk);
+ return answ;
}
- lock_sock(&smc->sk);
switch (cmd) {
case SIOCINQ: /* same as FIONREAD */
if (smc->sk.sk_state == SMC_LISTEN) {
--
2.16.4
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH net 0/3] net/smc: fixes 2018-08-08
2018-08-08 12:13 [PATCH net 0/3] net/smc: fixes 2018-08-08 Ursula Braun
` (2 preceding siblings ...)
2018-08-08 12:13 ` [PATCH net 3/3] net/smc: move sock lock in smc_ioctl() Ursula Braun
@ 2018-08-09 2:14 ` David Miller
3 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2018-08-09 2:14 UTC (permalink / raw)
To: ubraun; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl,
linux-kernel
From: Ursula Braun <ubraun@linux.ibm.com>
Date: Wed, 8 Aug 2018 14:13:18 +0200
> here are small fixes for SMC: The first patch makes sure, shutdown code
> is not executed for sockets in state SMC_LISTEN. The second patch resets
> send and receive buffer values for accepted sockets, since TCP buffer size
> optimizations for the internal CLC socket should not be forwarded to the
> outer SMC socket. The third patch solves a race between connect and ioctl
> reported by syzbot.
Series applied, thank you.
^ permalink raw reply [flat|nested] 5+ messages in thread