On Tue, 2017-11-28 at 09:48 -0500, David Miller wrote:
> From: Eric Dumazet
> Date: Mon, 27 Nov 2017 20:00:52 -0800
>
> > @@ -368,9 +368,11 @@ static void __unregister_prot_hook(struct sock
> *sk, bool sync)
> > __sock_put(sk);
> >
> > if (sync) {
> > + po->frozen = 1;
>
On Tue, 2017-11-28 at 02:23 -0800, Francesco Ruggeri wrote:
> On Mon, Nov 27, 2017 at 8:00 PM, Eric Dumazet > wrote:
> > From: Eric Dumazet
> >
> >
...
> > +++ b/net/packet/af_packet.c
> > @@ -336,7 +336,7 @@ static void register_prot_hook(struct sock *sk)
> > {
> > struct packet_sock
From: Eric Dumazet
Date: Mon, 27 Nov 2017 20:00:52 -0800
> @@ -368,9 +368,11 @@ static void __unregister_prot_hook(struct sock *sk, bool
> sync)
> __sock_put(sk);
>
> if (sync) {
> + po->frozen = 1;
> spin_unlock(&po->bind_lock);
> synchroniz
On Mon, Nov 27, 2017 at 8:00 PM, Eric Dumazet wrote:
> From: Eric Dumazet
>
> syzbot reported crashes [1] and provided a C repro easing bug hunting.
>
> When/if packet_do_bind() calls __unregister_prot_hook() and releases
> po->bind_lock, another thread can run packet_notifier() and process an
>
From: Eric Dumazet
syzbot reported crashes [1] and provided a C repro easing bug hunting.
When/if packet_do_bind() calls __unregister_prot_hook() and releases
po->bind_lock, another thread can run packet_notifier() and process an
NETDEV_UP event.
This calls register_prot_hook() and hook again t
