Skip to main content

Browse the archive

Revision 98e3862ca2b1ae595a13805dcab4c3a6d7718f4d authored by WANG Cong on 07 February 2017, 20:59:47 UTC, committed by David S. Miller on 09 February 2017, 21:38:48 UTC 
kcm: fix 0-length case for kcm_sendmsg()
 
Dmitry reported a kernel warning:

 WARNING: CPU: 3 PID: 2936 at net/kcm/kcmsock.c:627
 kcm_write_msgs+0x12e3/0x1b90 net/kcm/kcmsock.c:627
 CPU: 3 PID: 2936 Comm: a.out Not tainted 4.10.0-rc6+ #209
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
 Call Trace:
  __dump_stack lib/dump_stack.c:15 [inline]
  dump_stack+0x2ee/0x3ef lib/dump_stack.c:51
  panic+0x1fb/0x412 kernel/panic.c:179
  __warn+0x1c4/0x1e0 kernel/panic.c:539
  warn_slowpath_null+0x2c/0x40 kernel/panic.c:582
  kcm_write_msgs+0x12e3/0x1b90 net/kcm/kcmsock.c:627
  kcm_sendmsg+0x163a/0x2200 net/kcm/kcmsock.c:1029
  sock_sendmsg_nosec net/socket.c:635 [inline]
  sock_sendmsg+0xca/0x110 net/socket.c:645
  sock_write_iter+0x326/0x600 net/socket.c:848
  new_sync_write fs/read_write.c:499 [inline]
  __vfs_write+0x483/0x740 fs/read_write.c:512
  vfs_write+0x187/0x530 fs/read_write.c:560
  SYSC_write fs/read_write.c:607 [inline]
  SyS_write+0xfb/0x230 fs/read_write.c:599
  entry_SYSCALL_64_fastpath+0x1f/0xc2

when calling syscall(__NR_write, sock2, 0x208aaf27ul, 0x0ul) on a KCM
seqpacket socket. It appears that kcm_sendmsg() does not handle len==0
case correctly, which causes an empty skb is allocated and queued.
Fix this by skipping the skb allocation for len==0 case.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Tom Herbert <tom@herbertland.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 538d929
History
File Mode Size
partitions
Kconfig -rw-r--r-- 4.9 KB
Kconfig.iosched -rw-r--r-- 1.6 KB
Makefile -rw-r--r-- 1.0 KB
badblocks.c -rw-r--r-- 14.5 KB
bio-integrity.c -rw-r--r-- 14.3 KB
bio.c -rw-r--r-- 49.9 KB
blk-cgroup.c -rw-r--r-- 35.8 KB
blk-core.c -rw-r--r-- 92.3 KB
blk-exec.c -rw-r--r-- 3.2 KB
blk-flush.c -rw-r--r-- 16.4 KB
blk-integrity.c -rw-r--r-- 12.3 KB
blk-ioc.c -rw-r--r-- 10.2 KB
blk-lib.c -rw-r--r-- 9.9 KB
blk-map.c -rw-r--r-- 5.9 KB
blk-merge.c -rw-r--r-- 19.4 KB
blk-mq-cpumap.c -rw-r--r-- 2.3 KB
blk-mq-pci.c -rw-r--r-- 1.5 KB
blk-mq-sysfs.c -rw-r--r-- 12.9 KB
blk-mq-tag.c -rw-r--r-- 11.1 KB
blk-mq-tag.h -rw-r--r-- 2.2 KB
blk-mq.c -rw-r--r-- 63.7 KB
blk-mq.h -rw-r--r-- 2.9 KB
blk-settings.c -rw-r--r-- 28.2 KB
blk-softirq.c -rw-r--r-- 4.3 KB
blk-stat.c -rw-r--r-- 5.9 KB
blk-stat.h -rw-r--r-- 1.1 KB
blk-sysfs.c -rw-r--r-- 22.6 KB
blk-tag.c -rw-r--r-- 10.0 KB
blk-throttle.c -rw-r--r-- 42.7 KB
blk-timeout.c -rw-r--r-- 5.9 KB
blk-wbt.c -rw-r--r-- 17.6 KB
blk-wbt.h -rw-r--r-- 3.9 KB
blk-zoned.c -rw-r--r-- 7.6 KB
blk.h -rw-r--r-- 9.0 KB
bounce.c -rw-r--r-- 5.8 KB
bsg-lib.c -rw-r--r-- 6.4 KB
bsg.c -rw-r--r-- 22.9 KB
cfq-iosched.c -rw-r--r-- 127.1 KB
cmdline-parser.c -rw-r--r-- 4.9 KB
compat_ioctl.c -rw-r--r-- 20.8 KB
deadline-iosched.c -rw-r--r-- 11.3 KB
elevator.c -rw-r--r-- 23.7 KB
genhd.c -rw-r--r-- 45.0 KB
ioctl.c -rw-r--r-- 15.1 KB
ioprio.c -rw-r--r-- 5.1 KB
noop-iosched.c -rw-r--r-- 2.6 KB
partition-generic.c -rw-r--r-- 16.6 KB
scsi_ioctl.c -rw-r--r-- 19.5 KB
t10-pi.c -rw-r--r-- 4.8 KB
back to top