diff mbox series

[net] inet: control sockets should not use current thread task_frag

Message ID 20230103192736.454149-1-edumazet@google.com (mailing list archive)
State Accepted
Commit 1ac88557447088ccd15eb2f2520ce46d463c8e0b
Delegated to: Netdev Maintainers
Headers show
Series [net] inet: control sockets should not use current thread task_frag | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net
netdev/fixes_present success Fixes tag present in non-next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 3 this patch: 3
netdev/cc_maintainers warning 2 maintainers not CCed: yoshfuji@linux-ipv6.org dsahern@kernel.org
netdev/build_clang success Errors and warnings before: 1 this patch: 1
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 3 this patch: 3
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 7 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Eric Dumazet Jan. 3, 2023, 7:27 p.m. UTC 
Because ICMP handlers run from softirq contexts,
they must not use current thread task_frag.

Previously, all sockets allocated by inet_ctl_sock_create()
would use the per-socket page fragment, with no chance of
recursion.

Fixes: 98123866fcf3 ("Treewide: Stop corrupting socket's task_frag")
Reported-by: syzbot+bebc6f1acdf4cbb79b03@syzkaller.appspotmail.com
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Guillaume Nault <gnault@redhat.com>
Cc: Benjamin Coddington <bcodding@redhat.com>
---
 net/ipv4/af_inet.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Guillaume Nault Jan. 3, 2023, 10:38 p.m. UTC | #1 
On Tue, Jan 03, 2023 at 07:27:36PM +0000, Eric Dumazet wrote:
> Because ICMP handlers run from softirq contexts,
> they must not use current thread task_frag.
> 
> Previously, all sockets allocated by inet_ctl_sock_create()
> would use the per-socket page fragment, with no chance of
> recursion.

Acked-by: Guillaume Nault <gnault@redhat.com>

Thanks for the fix!
patchwork-bot+netdevbpf@kernel.org Jan. 5, 2023, 4:44 a.m. UTC | #2 
Hello:

This patch was applied to netdev/net.git (master)
by Jakub Kicinski <kuba@kernel.org>:

On Tue,  3 Jan 2023 19:27:36 +0000 you wrote:
> Because ICMP handlers run from softirq contexts,
> they must not use current thread task_frag.
> 
> Previously, all sockets allocated by inet_ctl_sock_create()
> would use the per-socket page fragment, with no chance of
> recursion.
> 
> [...]

Here is the summary with links:
  - [net] inet: control sockets should not use current thread task_frag
    https://git.kernel.org/netdev/net/c/1ac885574470

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index ab4a06be489b5d410cec603bf56248d31dbc90dd..6c0ec27899431eb56e2f9d0c3a936b77f44ccaca 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1665,6 +1665,7 @@  int inet_ctl_sock_create(struct sock **sk, unsigned short family,
 	if (rc == 0) {
 		*sk = sock->sk;
 		(*sk)->sk_allocation = GFP_ATOMIC;
+		(*sk)->sk_use_task_frag = false;
 		/*
 		 * Unhash it so that IP input processing does not even see it,
 		 * we do not wish this socket to see incoming packets.