On Thu, May 24, 2018 at 10:18 PM, David Miller wrote:
> From: Willem de Bruijn
> Date: Wed, 23 May 2018 14:29:52 -0400
>
>> From: Willem de Bruijn
>>
>> A precondition check in ip_recv_error triggered on an otherwise benign
>> race. Remove the warning.
>>
>> The warning triggers when passing an
From: Willem de Bruijn
Date: Wed, 23 May 2018 14:29:52 -0400
> From: Willem de Bruijn
>
> A precondition check in ip_recv_error triggered on an otherwise benign
> race. Remove the warning.
>
> The warning triggers when passing an ipv6 socket to this ipv4 error
> handling function. RaceFuzzer w
nected to a v4 address is
> > > sufficient to ensure that no ipv6 packets are queued for reception.
> > >
> > > diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
> > > index 4d780c7f0130..a975d6311341 100644
> > > --- a/net/ipv6/ipv6_sockg
est that the
>>>> error queue is empty, and then take its lock for the duration of the
>>>> operation.
>>>
>>> Actually, no reason to hold the lock. This setsockopt holds the socket
>>> lock, which connect would need, too. So testing that the queue
>>> is empty after testi
From: Willem de Bruijn
A precondition check in ip_recv_error triggered on an otherwise benign
race. Remove the warning.
The warning triggers when passing an ipv6 socket to this ipv4 error
handling function. RaceFuzzer was able to trigger it due to a race
in setsockopt IPV6_ADDRFORM.
---
CPU
ddress is
>> sufficient to ensure that no ipv6 packets are queued for reception.
>>
>> diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
>> index 4d780c7f0130..a975d6311341 100644
>> --- a/net/ipv6/ipv6_sockglue.c
>> +++ b/net/ipv6/ipv6_sockglue.c
>>
ufficient to ensure that no ipv6 packets are queued for reception.
>
> diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
> index 4d780c7f0130..a975d6311341 100644
> --- a/net/ipv6/ipv6_sockglue.c
> +++ b/net/ipv6/ipv6_sockglue.c
> @@ -199,6 +199,11 @@ static int do_ipv6_setsockopt(struct sock *sk,
>
if (ipv6_only_sock(sk) ||
!ipv6_addr_v4mapped(&sk->sk_v6_daddr)) {
retv = -EADDRNOTAVAIL;
break;
}
+ if (!skb_queue_empty(&sk->sk_error_queue)) {
+ retv = -EBUSY;
+ break;
+ }
+
fl6_free_socklist(sk);
__ipv6_sock_mc_close(sk);
After this it should be safe to remove the warning in ip_recv_error.
On Fri, May 18, 2018 at 2:44 PM, Willem de Bruijn
wrote:
> On Fri, May 18, 2018 at 1:09 PM, Willem de Bruijn
> wrote:
>> On Fri, May 18, 2018 at 11:44 AM, David Miller wrote:
>>> From: Eric Dumazet
>>> Date: Fri, 18 May 2018 08:30:43 -0700
>>>
We probably need to revert Willem patch
On Fri, May 18, 2018 at 1:09 PM, Willem de Bruijn
wrote:
> On Fri, May 18, 2018 at 11:44 AM, David Miller wrote:
>> From: Eric Dumazet
>> Date: Fri, 18 May 2018 08:30:43 -0700
>>
>>> We probably need to revert Willem patch
>>> (7ce875e5ecb8562fd44040f69bda96c999e38bbc)
>>
>> Is it really valid
On Fri, May 18, 2018 at 11:44 AM, David Miller wrote:
> From: Eric Dumazet
> Date: Fri, 18 May 2018 08:30:43 -0700
>
>> We probably need to revert Willem patch
>> (7ce875e5ecb8562fd44040f69bda96c999e38bbc)
>
> Is it really valid to reach ip_recv_err with an ipv6 socket?
I guess the issue is tha
From: Eric Dumazet
Date: Fri, 18 May 2018 08:30:43 -0700
> We probably need to revert Willem patch
> (7ce875e5ecb8562fd44040f69bda96c999e38bbc)
Is it really valid to reach ip_recv_err with an ipv6 socket?
On 05/18/2018 05:08 AM, DaeRyong Jeong wrote:
> We report the crash: WARNING in ip_recv_error
> (I resend the email since I mistakenly missed the subject in my previous
> email. I'm sorry.)
>
>
> This crash has been found in v4.17-rc1 using RaceFuzzer (a modified
> ve
We report the crash: WARNING in ip_recv_error
(I resend the email since I mistakenly missed the subject in my previous
email. I'm sorry.)
This crash has been found in v4.17-rc1 using RaceFuzzer (a modified
version of Syzkaller), which we describe more at the end of this
report. Our ana
14 matches
Mail list logo
