| Message ID | 20181216070109.6758-1-shamir.rabinovitch@oracle.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | WARNING in rds_message_alloc_sgs | expand |
From: Shamir Rabinovitch <shamir.rabinovitch@oracle.com> Date: Sun, 16 Dec 2018 09:01:07 +0200 > From: shamir rabinovitch <shamir.rabinovitch@oracle.com> > > This patch set fix google syzbot rds bug found in linux-next. > The first patch solve the syzbot issue. > The second patch fix issue mentioned by Leon Romanovsky that > drivers should not call WARN_ON as result from user input. > > syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28 > > v1->v2: > - patch 1: make rds_iov_vector fields name more descriptive (Hakon) > - patch 1: fix potential mem leak in rds_rm_size if krealloc fail > (Hakon) > v2->v3: > - patch 2: harden rds_sendmsg for invalid number of sgs (Gerd) > v3->v4 > - Santosh a.b. on both patches + repost to net-dev Does this bug exist in 'net' too? It really should target the 'net' tree if so, and then we can queue these fixes up for -stable too. Thank you.
On 12/18/2018 2:57 PM, David Miller wrote: > From: Shamir Rabinovitch <shamir.rabinovitch@oracle.com> > Date: Sun, 16 Dec 2018 09:01:07 +0200 > >> From: shamir rabinovitch <shamir.rabinovitch@oracle.com> >> >> This patch set fix google syzbot rds bug found in linux-next. >> The first patch solve the syzbot issue. >> The second patch fix issue mentioned by Leon Romanovsky that >> drivers should not call WARN_ON as result from user input. >> >> syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28 >> >> v1->v2: >> - patch 1: make rds_iov_vector fields name more descriptive (Hakon) >> - patch 1: fix potential mem leak in rds_rm_size if krealloc fail >> (Hakon) >> v2->v3: >> - patch 2: harden rds_sendmsg for invalid number of sgs (Gerd) >> v3->v4 >> - Santosh a.b. on both patches + repost to net-dev > > Does this bug exist in 'net' too? It really should target the 'net' > tree if so, and then we can queue these fixes up for -stable too. > yes, the bug exist in net too. Shamir, please check if these apply cleanly to Dave's 'net' tree. Regards, Santosh
On Tue, Dec 18, 2018 at 03:02:24PM -0800, Santosh Shilimkar wrote: > On 12/18/2018 2:57 PM, David Miller wrote: > > From: Shamir Rabinovitch <shamir.rabinovitch@oracle.com> > > Date: Sun, 16 Dec 2018 09:01:07 +0200 > > > > > From: shamir rabinovitch <shamir.rabinovitch@oracle.com> > > > > > > This patch set fix google syzbot rds bug found in linux-next. > > > The first patch solve the syzbot issue. > > > The second patch fix issue mentioned by Leon Romanovsky that > > > drivers should not call WARN_ON as result from user input. > > > > > > syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28 > > > > > > v1->v2: > > > - patch 1: make rds_iov_vector fields name more descriptive (Hakon) > > > - patch 1: fix potential mem leak in rds_rm_size if krealloc fail > > > (Hakon) > > > v2->v3: > > > - patch 2: harden rds_sendmsg for invalid number of sgs (Gerd) > > > v3->v4 > > > - Santosh a.b. on both patches + repost to net-dev > > > > Does this bug exist in 'net' too? It really should target the 'net' > > tree if so, and then we can queue these fixes up for -stable too. > > > yes, the bug exist in net too. > > Shamir, please check if these apply cleanly to Dave's 'net' tree. > > Regards, > Santosh Santosh, The patches apply cleanly on the master branch of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git . See below the snippet of the log with the patches applied. 8472aa4edfcb (HEAD -> net/master#rds-syzbot-bug) net/rds: remove user triggered WARN_ON in rds_sendmsg 3f8d6b898c5e net/rds: fix warn in rds_message_alloc_sgs 3061169a47ee (net/master) Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 78abe3d0dfad net/smc: fix TCP fallback socket release f7db2beb4c2c vxge: ensure data0 is initialized in when fetching firmware version information Thanks, Shamir
On 12/19/2018 2:54 AM, Shamir Rabinovitch wrote: > On Tue, Dec 18, 2018 at 03:02:24PM -0800, Santosh Shilimkar wrote: [...] >> >> Shamir, please check if these apply cleanly to Dave's 'net' tree. >> > > Santosh, > > The patches apply cleanly on the master branch of > git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git . > > See below the snippet of the log with the patches applied. > > 8472aa4edfcb (HEAD -> net/master#rds-syzbot-bug) net/rds: remove user triggered WARN_ON in rds_sendmsg > 3f8d6b898c5e net/rds: fix warn in rds_message_alloc_sgs > 3061169a47ee (net/master) Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf > 78abe3d0dfad net/smc: fix TCP fallback socket release > f7db2beb4c2c vxge: ensure data0 is initialized in when fetching firmware version information > Great. On patchwork I see the patches marked under review by Dave so lets wait for his instruction(s). Regards, Santosh
From: Santosh Shilimkar <santosh.shilimkar@oracle.com> Date: Wed, 19 Dec 2018 10:00:20 -0800 > On 12/19/2018 2:54 AM, Shamir Rabinovitch wrote: >> On Tue, Dec 18, 2018 at 03:02:24PM -0800, Santosh Shilimkar wrote: > [...] > >>> >>> Shamir, please check if these apply cleanly to Dave's 'net' tree. >>> > >> Santosh, >> The patches apply cleanly on the master branch of >> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git . >> See below the snippet of the log with the patches applied. >> >> 8472aa4edfcb (HEAD -> net/master#rds-syzbot-bug) net/rds: remove user >> triggered WARN_ON in rds_sendmsg >> 3f8d6b898c5e net/rds: fix warn in rds_message_alloc_sgs >> 3061169a47ee (net/master) Merge >> git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf >> 78abe3d0dfad net/smc: fix TCP fallback socket release >> f7db2beb4c2c vxge: ensure data0 is initialized in when fetching >> firmware version information >> > Great. On patchwork I see the patches marked under review by Dave so > lets wait for his instruction(s). Since they apply cleanly to 'net' I'll apply them directly and queue up for -stable. Thanks for checking.
On 12/19/2018 10:22 AM, David Miller wrote: > From: Santosh Shilimkar <santosh.shilimkar@oracle.com> > Date: Wed, 19 Dec 2018 10:00:20 -0800 > >> On 12/19/2018 2:54 AM, Shamir Rabinovitch wrote: [...] >> Great. On patchwork I see the patches marked under review by Dave so >> lets wait for his instruction(s). > > Since they apply cleanly to 'net' I'll apply them directly and queue up > for -stable. > > Thanks for checking. > Thanks Dave !! Regards, Santosh
From: Shamir Rabinovitch <shamir.rabinovitch@oracle.com> Date: Sun, 16 Dec 2018 09:01:07 +0200 > From: shamir rabinovitch <shamir.rabinovitch@oracle.com> > > This patch set fix google syzbot rds bug found in linux-next. > The first patch solve the syzbot issue. > The second patch fix issue mentioned by Leon Romanovsky that > drivers should not call WARN_ON as result from user input. > > syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28 > > v1->v2: > - patch 1: make rds_iov_vector fields name more descriptive (Hakon) > - patch 1: fix potential mem leak in rds_rm_size if krealloc fail > (Hakon) > v2->v3: > - patch 2: harden rds_sendmsg for invalid number of sgs (Gerd) > v3->v4 > - Santosh a.b. on both patches + repost to net-dev Series applied to 'net' and queued up for -stable. Thanks.
From: shamir rabinovitch <shamir.rabinovitch@oracle.com> This patch set fix google syzbot rds bug found in linux-next. The first patch solve the syzbot issue. The second patch fix issue mentioned by Leon Romanovsky that drivers should not call WARN_ON as result from user input. syzbot bug report can be foud here: https://lkml.org/lkml/2018/10/31/28 v1->v2: - patch 1: make rds_iov_vector fields name more descriptive (Hakon) - patch 1: fix potential mem leak in rds_rm_size if krealloc fail (Hakon) v2->v3: - patch 2: harden rds_sendmsg for invalid number of sgs (Gerd) v3->v4 - Santosh a.b. on both patches + repost to net-dev shamir rabinovitch (2): net/rds: fix warn in rds_message_alloc_sgs net/rds: remove user triggered WARN_ON in rds_sendmsg net/rds/message.c | 24 +++++++++++---- net/rds/rdma.c | 75 +++++++++++++++++++++++------------------------ net/rds/rds.h | 23 +++++++++++---- net/rds/send.c | 59 ++++++++++++++++++++++++++++++------- 4 files changed, 120 insertions(+), 61 deletions(-)