[PATCH 4.4 05/22] vsock: split dwork to avoid reinitializations

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org,
	syzbot+8a9b1bd330476a4f3db6@syzkaller.appspotmail.com,
	Andy king <acking@vmware.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	Jorgen Hansen <jhansen@vmware.com>,
	Cong Wang <xiyou.wangcong@gmail.com>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.4 05/22] vsock: split dwork to avoid reinitializations
Date: Tue, 21 Aug 2018 08:21:31 +0200	[thread overview]
Message-ID: <20180821055139.754978865@linuxfoundation.org> (raw)
In-Reply-To: <20180821055139.462620042@linuxfoundation.org>

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Cong Wang <xiyou.wangcong@gmail.com>

[ Upstream commit 455f05ecd2b219e9a216050796d30c830d9bc393 ]

syzbot reported that we reinitialize an active delayed
work in vsock_stream_connect():

	ODEBUG: init active (active state 0) object type: timer_list hint:
	delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:1414
	WARNING: CPU: 1 PID: 11518 at lib/debugobjects.c:329
	debug_print_object+0x16a/0x210 lib/debugobjects.c:326

The pattern is apparently wrong, we should only initialize
the dealyed work once and could repeatly schedule it. So we
have to move out the initializations to allocation side.
And to avoid confusion, we can split the shared dwork
into two, instead of re-using the same one.

Fixes: d021c344051a ("VSOCK: Introduce VM Sockets")
Reported-by: <syzbot+8a9b1bd330476a4f3db6@syzkaller.appspotmail.com>
Cc: Andy king <acking@vmware.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/net/af_vsock.h         |    4 ++--
 net/vmw_vsock/af_vsock.c       |   15 ++++++++-------
 net/vmw_vsock/vmci_transport.c |    3 +--
 3 files changed, 11 insertions(+), 11 deletions(-)

--- a/include/net/af_vsock.h
+++ b/include/net/af_vsock.h
@@ -62,7 +62,8 @@ struct vsock_sock {
 	struct list_head pending_links;
 	struct list_head accept_queue;
 	bool rejected;
-	struct delayed_work dwork;
+	struct delayed_work connect_work;
+	struct delayed_work pending_work;
 	u32 peer_shutdown;
 	bool sent_request;
 	bool ignore_connecting_rst;
@@ -73,7 +74,6 @@ struct vsock_sock {
 
 s64 vsock_stream_has_data(struct vsock_sock *vsk);
 s64 vsock_stream_has_space(struct vsock_sock *vsk);
-void vsock_pending_work(struct work_struct *work);
 struct sock *__vsock_create(struct net *net,
 			    struct socket *sock,
 			    struct sock *parent,
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -430,14 +430,14 @@ static int vsock_send_shutdown(struct so
 	return transport->shutdown(vsock_sk(sk), mode);
 }
 
-void vsock_pending_work(struct work_struct *work)
+static void vsock_pending_work(struct work_struct *work)
 {
 	struct sock *sk;
 	struct sock *listener;
 	struct vsock_sock *vsk;
 	bool cleanup;
 
-	vsk = container_of(work, struct vsock_sock, dwork.work);
+	vsk = container_of(work, struct vsock_sock, pending_work.work);
 	sk = sk_vsock(vsk);
 	listener = vsk->listener;
 	cleanup = true;
@@ -477,7 +477,6 @@ out:
 	sock_put(sk);
 	sock_put(listener);
 }
-EXPORT_SYMBOL_GPL(vsock_pending_work);
 
 /**** SOCKET OPERATIONS ****/
 
@@ -576,6 +575,8 @@ static int __vsock_bind(struct sock *sk,
 	return retval;
 }
 
+static void vsock_connect_timeout(struct work_struct *work);
+
 struct sock *__vsock_create(struct net *net,
 			    struct socket *sock,
 			    struct sock *parent,
@@ -618,6 +619,8 @@ struct sock *__vsock_create(struct net *
 	vsk->sent_request = false;
 	vsk->ignore_connecting_rst = false;
 	vsk->peer_shutdown = 0;
+	INIT_DELAYED_WORK(&vsk->connect_work, vsock_connect_timeout);
+	INIT_DELAYED_WORK(&vsk->pending_work, vsock_pending_work);
 
 	psk = parent ? vsock_sk(parent) : NULL;
 	if (parent) {
@@ -1094,7 +1097,7 @@ static void vsock_connect_timeout(struct
 	struct sock *sk;
 	struct vsock_sock *vsk;
 
-	vsk = container_of(work, struct vsock_sock, dwork.work);
+	vsk = container_of(work, struct vsock_sock, connect_work.work);
 	sk = sk_vsock(vsk);
 
 	lock_sock(sk);
@@ -1195,9 +1198,7 @@ static int vsock_stream_connect(struct s
 			 * timeout fires.
 			 */
 			sock_hold(sk);
-			INIT_DELAYED_WORK(&vsk->dwork,
-					  vsock_connect_timeout);
-			schedule_delayed_work(&vsk->dwork, timeout);
+			schedule_delayed_work(&vsk->connect_work, timeout);
 
 			/* Skip ahead to preserve error code set above. */
 			goto out_wait;
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -1099,8 +1099,7 @@ static int vmci_transport_recv_listen(st
 	vpending->listener = sk;
 	sock_hold(sk);
 	sock_hold(pending);
-	INIT_DELAYED_WORK(&vpending->dwork, vsock_pending_work);
-	schedule_delayed_work(&vpending->dwork, HZ);
+	schedule_delayed_work(&vpending->pending_work, HZ);
 
 out:
 	return err;

next prev parent reply	other threads:[~2018-08-21  6:21 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-21  6:21 [PATCH 4.4 00/22] 4.4.151-stable review Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 01/22] dccp: fix undefined behavior with cwnd shift in ccid2_cwnd_restart() Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 02/22] l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 03/22] llc: use refcount_inc_not_zero() for llc_sap_find() Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 04/22] net_sched: Fix missing res info when create new tc_index filter Greg Kroah-Hartman
2018-08-21  6:21 ` Greg Kroah-Hartman [this message]
2018-08-21  6:21 ` [PATCH 4.4 06/22] net_sched: fix NULL pointer dereference when delete tcindex filter Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 07/22] ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 08/22] ALSA: hda - Turn CX8200 into D3 as well upon reboot Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 09/22] ALSA: vx222: Fix invalid endian conversions Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 10/22] ALSA: virmidi: Fix too long output trigger loop Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 11/22] ALSA: cs5535audio: Fix invalid endian conversion Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 12/22] ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 13/22] ALSA: memalloc: Dont exceed over the requested size Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 14/22] ALSA: vxpocket: Fix invalid endian conversions Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 15/22] USB: serial: sierra: fix potential deadlock at close Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 16/22] USB: option: add support for DW5821e Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 17/22] ACPI: save NVS memory for Lenovo G50-45 Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 18/22] ACPI / PM: save NVS memory for ASUS 1025C laptop Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 19/22] serial: 8250_dw: always set baud rate in dw8250_set_termios Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 20/22] x86/mm: Simplify p[g4um]d_page() macros Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 21/22] Bluetooth: avoid killing an already killed socket Greg Kroah-Hartman
2018-08-21  6:21 ` [PATCH 4.4 22/22] isdn: Disable IIOCDBGVAR Greg Kroah-Hartman
2018-08-21 14:55 ` [PATCH 4.4 00/22] 4.4.151-stable review Guenter Roeck
2018-08-21 16:58 ` Naresh Kamboju
2018-08-21 22:01 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180821055139.754978865@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=acking@vmware.com \
    --cc=davem@davemloft.net \
    --cc=jhansen@vmware.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=stefanha@redhat.com \
    --cc=syzbot+8a9b1bd330476a4f3db6@syzkaller.appspotmail.com \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).