linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-01 02:36:02 +00:00

Linux kernel stable tree

Go to file

Wen Gu 2c7f14ed9c net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe. refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140 Workqueue: events smc_lgr_terminate_work [smc] Call trace: refcount_warn_saturate+0x9c/0x140 __smc_lgr_terminate.part.45+0x2a8/0x370 [smc] smc_lgr_terminate_work+0x28/0x30 [smc] process_one_work+0x1b8/0x420 worker_thread+0x158/0x510 kthread+0x114/0x118 or refcount_t: underflow; use-after-free. WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140 Workqueue: smc_hs_wq smc_listen_work [smc] Call trace: refcount_warn_saturate+0xf0/0x140 smcr_link_put+0x1cc/0x1d8 [smc] smc_conn_free+0x110/0x1b0 [smc] smc_conn_abort+0x50/0x60 [smc] smc_listen_find_device+0x75c/0x790 [smc] smc_listen_work+0x368/0x8a0 [smc] process_one_work+0x1b8/0x420 worker_thread+0x158/0x510 kthread+0x114/0x118 It is caused by repeated release of LGR/link refcnt. One suspect is that smc_conn_free() is called repeatedly because some smc_conn_free() from server listening path are not protected by sock lock. e.g. Calls under socklock \| smc_listen_work ------------------------------------------------------- lock_sock(sk) \| smc_conn_abort smc_conn_free \| \- smc_conn_free \- smcr_link_put \| \- smcr_link_put (duplicated) release_sock(sk) So here add sock lock protection in smc_listen_work() path, making it exclusive with other connection operations. Fixes: `3b2dec2603` ("net/smc: restructure client and server code in af_smc") Co-developed-by: Guangguan Wang <guangguan.wang@linux.alibaba.com> Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com> Co-developed-by: Kai <KaiShen@linux.alibaba.com> Signed-off-by: Kai <KaiShen@linux.alibaba.com> Signed-off-by: Wen Gu <guwen@linux.alibaba.com> Reviewed-by: Wenjia Zhang <wenjia@linux.ibm.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>		2024-12-03 10:42:29 +01:00
arch	dmaengine updates for v6.13	2024-11-27 13:25:47 -08:00
block	for-6.13/block-20241118	2024-11-18 16:50:08 -08:00
certs	sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3	2024-09-20 19:52:48 +03:00
crypto	Random number generator updates for Linux 6.13-rc1.	2024-11-19 10:43:44 -08:00
Documentation	docs: net: bareudp: fix spelling and grammar mistakes	2024-11-30 13:54:28 -08:00
drivers	net: phy: microchip: Reset LAN88xx PHY to ensure clean link state on LAN7800/7850	2024-12-02 18:56:41 -08:00
fs	Changes for 6.13-rc1	2024-11-28 09:22:00 -08:00
include	tcp: populate XPS related fields of timewait sockets	2024-11-30 13:00:52 -08:00
init	- The series "resource: A couple of cleanups" from Andy Shevchenko	2024-11-25 16:09:48 -08:00
io_uring	A rather large update for timekeeping and timers:	2024-11-19 16:35:06 -08:00
ipc	- The series "resource: A couple of cleanups" from Andy Shevchenko	2024-11-25 16:09:48 -08:00
kernel	Modules changes for v6.13-rc1	2024-11-27 10:20:50 -08:00
lib	Modules changes for v6.13-rc1	2024-11-27 10:20:50 -08:00
LICENSES	LICENSES: add 0BSD license text	2024-09-01 20:43:24 -07:00
mm	memblock: updates for 6.13-rc1	2024-11-27 11:13:25 -08:00
net	net/smc: fix LGR and link use-after-free issue	2024-12-03 10:42:29 +01:00
rust	rust: fix up formatting after merge	2024-11-26 17:54:58 -08:00
samples	Rust changes for v6.13	2024-11-26 14:00:26 -08:00
scripts	Modules changes for v6.13-rc1	2024-11-27 10:20:50 -08:00
security	selinux: use sk_to_full_sk() in selinux_ip_output()	2024-11-30 13:24:33 -08:00
sound	soundwire updates for 6.13	2024-11-27 13:38:09 -08:00
tools	selftests: drv-net: rss_ctx: Add test for ntuple rule	2024-11-30 14:16:12 -08:00
usr	initramfs: shorten cmd_initfs in usr/Makefile	2024-07-16 01:07:52 +09:00
virt	VFIO updates for v6.13	2024-11-27 12:57:03 -08:00
.clang-format	clang-format: Update with v6.11-rc1's `for_each` macro list	2024-08-02 13:20:31 +02:00
.clippy.toml	rust: enable Clippy's `check-private-items`	2024-10-07 21:39:57 +02:00
.cocciconfig	scripts: add Linux .cocciconfig for coccinelle	2016-07-22 12:13:39 +02:00
.editorconfig	.editorconfig: remove trim_trailing_whitespace option	2024-06-13 16:47:52 +02:00
.get_maintainer.ignore	MAINTAINERS: Retire Ralf Baechle	2024-11-12 15:48:59 +01:00
.gitattributes	.gitattributes: set diff driver for Rust source code files	2023-05-31 17:48:25 +02:00
.gitignore	rust: introduce `.clippy.toml`	2024-10-07 21:39:05 +02:00
.mailmap	media updates for v6.13-rc1	2024-11-20 14:01:15 -08:00
.rustfmt.toml	rust: add `.rustfmt.toml`	2022-09-28 09:02:20 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	cgroup: Changes for v6.13	2024-11-20 09:54:49 -08:00
Kbuild	Kbuild updates for v6.1	2022-10-10 12:00:45 -07:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	MAINTAINERS: list PTP drivers under networking	2024-12-02 15:42:40 -08:00
Makefile	Modules changes for v6.13-rc1	2024-11-27 10:20:50 -08:00
README	README: Fix spelling	2024-03-18 03:36:32 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.