iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
David Howells db099c625b rxrpc: Fix timeout of a call that hasn't yet been granted a channel 
afs_make_call() calls rxrpc_kernel_begin_call() to begin a call (which may
get stalled in the background waiting for a connection to become
available); it then calls rxrpc_kernel_set_max_life() to set the timeouts -
but that starts the call timer so the call timer might then expire before
we get a connection assigned - leading to the following oops if the call
stalled:

	BUG: kernel NULL pointer dereference, address: 0000000000000000
	...
	CPU: 1 PID: 5111 Comm: krxrpcio/0 Not tainted 6.3.0-rc7-build3+ #701
	RIP: 0010:rxrpc_alloc_txbuf+0xc0/0x157
	...
	Call Trace:
	 <TASK>
	 rxrpc_send_ACK+0x50/0x13b
	 rxrpc_input_call_event+0x16a/0x67d
	 rxrpc_io_thread+0x1b6/0x45f
	 ? _raw_spin_unlock_irqrestore+0x1f/0x35
	 ? rxrpc_input_packet+0x519/0x519
	 kthread+0xe7/0xef
	 ? kthread_complete_and_exit+0x1b/0x1b
	 ret_from_fork+0x22/0x30

Fix this by noting the timeouts in struct rxrpc_call when the call is
created.  The timer will be started when the first packet is transmitted.

It shouldn't be possible to trigger this directly from userspace through
AF_RXRPC as sendmsg() will return EBUSY if the call is in the
waiting-for-conn state if it dropped out of the wait due to a signal.

Fixes: 9d35d880e0e4 ("rxrpc: Move client call connection to the I/O thread")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Eric Dumazet <edumazet@google.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Paolo Abeni <pabeni@redhat.com>
cc: linux-afs@lists.infradead.org
cc: netdev@vger.kernel.org
cc: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-05-01 07:43:19 +01:00
..
9p
v6.4/vfs.acl
2023-04-24 13:35:23 -07:00
adfs
fs: port ->setattr() to pass mnt_idmap
2023-01-19 09:24:02 +01:00
affs
for-6.3/dio-2023-02-16
2023-02-20 14:10:36 -08:00
afs
rxrpc: Fix timeout of a call that hasn't yet been granted a channel
2023-05-01 07:43:19 +01:00
autofs
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
befs
bfs
fs: port inode_init_owner() to mnt_idmap
2023-01-19 09:24:28 +01:00
btrfs
for-6.4-tag
2023-04-26 09:13:44 -07:00
cachefiles
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
ceph
fs: drop unused posix acl handlers
2023-03-06 09:57:12 +01:00
cifs
v6.4/vfs.acl
2023-04-24 13:35:23 -07:00
coda
hardening updates for v6.3-rc1
2023-02-21 11:07:23 -08:00
configfs
fs: consolidate duplicate dt_type helpers
2023-04-03 09:23:54 +02:00
cramfs
fs/cramfs/inode.c: initialize file_ra_state
2023-03-02 21:54:23 -08:00
crypto
fscrypt: optimize fscrypt_initialize()
2023-04-06 11:16:39 -07:00
debugfs
ARM: SoC drivers for 6.3
2023-02-27 10:04:49 -08:00
devpts
devpts: simplify two-level sysctl registration for pty_kern_table
2023-03-13 12:36:34 +01:00
dlm
Networking changes for 6.4.
2023-04-26 16:07:23 -07:00
ecryptfs
fs: drop unused posix acl handlers
2023-03-06 09:57:12 +01:00
efivarfs
A healthy mix of EFI contributions this time:
2023-02-23 14:41:48 -08:00
efs
erofs
Changes since last update:
2023-04-24 14:25:39 -07:00
exfat
Description for this pull request:
2023-03-01 08:42:27 -08:00
exportfs
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
ext2
\n
2023-04-26 09:07:46 -07:00
ext4
for-6.4/io_uring-2023-04-21
2023-04-26 12:40:31 -07:00
f2fs
f2fs update for 6.4-rc1
2023-04-26 09:42:10 -07:00
fat
There is no particular theme here - mainly quick hits all over the tree.
2023-02-23 17:55:40 -08:00
freevxfs
There is no particular theme here - mainly quick hits all over the tree.
2023-02-23 17:55:40 -08:00
fscache
fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work()
2023-01-30 12:51:54 +00:00
fuse
fget() to fdget() conversions
2023-04-24 19:14:20 -07:00
gfs2
gfs2 fixes
2023-04-26 09:28:15 -07:00
hfs
There is no particular theme here - mainly quick hits all over the tree.
2023-02-23 17:55:40 -08:00
hfsplus
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
2023-04-12 11:29:32 +02:00
hostfs
This pull request contains the following changes for UML:
2023-03-01 09:13:00 -08:00
hpfs
fs: port ->rename() to pass mnt_idmap
2023-01-19 09:24:26 +01:00
hugetlbfs
- Daniel Verkamp has contributed a memfd series ("mm/memfd: add
2023-02-23 17:09:35 -08:00
iomap
fs: Add FGP_WRITEBEGIN
2023-04-06 13:39:50 -04:00
isofs
- hfs and hfsplus kmap API modernization from Fabio Francesco
2022-10-12 11:00:22 -07:00
jbd2
jdb2: Don't refuse invalidation of already invalidated buffers
2023-04-14 19:38:50 -04:00
jffs2
fs: rename generic posix acl handlers
2023-03-06 09:57:13 +01:00
jfs
write_one_page series
2023-04-24 19:20:27 -07:00
kernfs
fs: consolidate duplicate dt_type helpers
2023-04-03 09:23:54 +02:00
ksmbd
ksmbd: avoid out of bounds access in decode_preauth_ctxt()
2023-04-13 14:17:32 -05:00
lockd
lockd: set file_lock start and end when decoding nlm4 testargs
2023-03-14 14:00:55 -04:00
minix
Merge branch 'work.minix' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2023-02-24 19:01:15 -08:00
netfs
There are a number of major cleanups in ext4 this cycle:
2023-04-26 08:57:41 -07:00
nfs
There are a number of major cleanups in ext4 this cycle:
2023-04-26 08:57:41 -07:00
nfs_common
filelock: move file locking definitions to separate header file
2023-01-11 06:52:32 -05:00
nfsd
v6.4/vfs.acl
2023-04-24 13:35:23 -07:00
nilfs2
nilfs2: initialize unused bytes in segment summary blocks
2023-04-18 14:22:14 -07:00
nls
notify
fanotify: use pidfd_prepare()
2023-04-03 11:16:57 +02:00
ntfs
There is no particular theme here - mainly quick hits all over the tree.
2023-02-23 17:55:40 -08:00
ntfs3
fs: drop unused posix acl handlers
2023-03-06 09:57:12 +01:00
ocfs2
legacy direct-io cleanup
2023-04-24 19:28:49 -07:00
omfs
fs: port inode_init_owner() to mnt_idmap
2023-01-19 09:24:28 +01:00
openpromfs
orangefs
fs: drop unused posix acl handlers
2023-03-06 09:57:12 +01:00
overlayfs
ovl: check for ->listxattr() support
2023-03-06 09:57:13 +01:00
proc
mm, pagemap: remove SLOB and SLQB from comments and documentation
2023-03-29 10:32:11 +02:00
pstore
pstore updates for v6.2-rc1-fixes
2022-12-23 11:55:54 -08:00
qnx4
qnx4: credit contributors in CREDITS
2023-03-14 12:56:30 -06:00
qnx6
qnx6: credit contributor and mark filesystem orphan
2023-03-14 12:56:30 -06:00
quota
quota: mark PRINT_QUOTA_WARNING as BROKEN
2023-04-14 13:06:50 +02:00
ramfs
- Daniel Verkamp has contributed a memfd series ("mm/memfd: add
2023-02-23 17:09:35 -08:00
reiserfs
\n
2023-04-26 09:07:46 -07:00
romfs
mm/nommu: factor out check for NOMMU shared mappings into is_nommu_shared_mapping()
2023-01-18 17:12:56 -08:00
smbfs_common
smb3: Replace smb2pdu 1-element arrays with flex-arrays
2023-02-20 17:25:43 -06:00
squashfs
revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
2023-02-03 17:52:25 -08:00
sysfs
sysv
sysv: switch to put_and_unmap_page()
2023-03-12 20:03:41 -04:00
tracefs
fs: port ->mkdir() to pass mnt_idmap
2023-01-19 09:24:26 +01:00
ubifs
This pull request contains updates for JFFS2, UBI and UBIFS
2023-03-01 09:06:51 -08:00
udf
udf: use wrapper i_blocksize() in udf_discard_prealloc()
2023-03-13 11:16:16 +01:00
ufs
ufs: don't flush page immediately for DIRSYNC directories
2023-03-12 20:00:41 -04:00
unicode
vboxsf
fs: port ->rename() to pass mnt_idmap
2023-01-19 09:24:26 +01:00
verity
fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds
2023-04-11 19:23:23 -07:00
xfs
for-6.4/io_uring-2023-04-21
2023-04-26 12:40:31 -07:00
zonefs
zonefs: Do not propagate iomap_dio_rw() ENOTBLK error to user space
2023-03-30 20:56:02 +09:00
aio.c
Merge branch 'mm-hotfixes-stable' into mm-stable
2023-02-10 15:34:48 -08:00
anon_inodes.c
attr.c
nfs: use vfs setgid helper
2023-03-30 08:51:48 +02:00
bad_inode.c
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
binfmt_elf_fdpic.c
elfcore: Add a cprm parameter to elf_core_extra_{phdrs,data_size}
2023-01-05 15:12:12 +00:00
binfmt_elf_test.c
binfmt_elf.c
Linux 6.2-rc6
2023-01-31 15:01:20 +01:00
binfmt_flat.c
binfmt_misc.c
binfmt_misc: fix shift-out-of-bounds in check_special_flags
2022-12-02 13:57:04 -08:00
binfmt_script.c
buffer.c
fsverity updates for 6.4
2023-04-26 08:51:51 -07:00
char_dev.c
chardev: fix error handling in cdev_device_add()
2022-12-02 17:48:59 +01:00
compat_binfmt_elf.c
coredump.c
- Daniel Verkamp has contributed a memfd series ("mm/memfd: add
2023-02-23 17:09:35 -08:00
d_path.c
dax.c
fsdax: force clear dirty mark if CoW
2023-04-05 18:06:23 -07:00
dcache.c
tmpfile API change
2022-10-10 19:45:17 -07:00
direct-io.c
__blockdev_direct_IO(): get rid of submit_io callback
2023-03-05 20:27:41 -05:00
drop_caches.c
eventfd.c
eventfd: use wait_event_interruptible_locked_irq() helper
2023-04-06 10:01:50 +02:00
eventpoll.c
asm-generic updates for 6.4
2023-04-25 12:22:11 -07:00
exec.c
- Daniel Verkamp has contributed a memfd series ("mm/memfd: add
2023-02-23 17:09:35 -08:00
fcntl.c
fs.idmapped.v6.3
2023-02-20 11:53:11 -08:00
fhandle.c
file_table.c
filelock: move file locking definitions to separate header file
2023-01-11 06:52:32 -05:00
file.c
fs: prevent out-of-bounds array speculation when closing a file descriptor
2023-03-09 22:46:21 -05:00
filesystems.c
fs_context.c
fs_parser.c
ext4: journal_path mount options should follow links
2022-12-01 10:46:54 -05:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs
2023-04-16 10:41:26 -07:00
fsopen.c
init.c
fs: port ->permission() to pass mnt_idmap
2023-01-19 09:24:28 +01:00
inode.c
Update relatime comments to include equality
2023-03-27 13:51:32 +02:00
internal.h
nfs: use vfs setgid helper
2023-03-30 08:51:48 +02:00
ioctl.c
fs: port inode_owner_or_capable() to mnt_idmap
2023-01-19 09:24:29 +01:00
Kconfig
fs: build the legacy direct I/O code conditionally
2023-01-26 10:30:56 -07:00
Kconfig.binfmt
Xtensa updates for v6.1
2022-10-10 14:21:11 -07:00
kernel_read_file.c
libfs.c
fs: consolidate duplicate dt_type helpers
2023-04-03 09:23:54 +02:00
locks.c
filelocks: use mount idmapping for setlease permission check
2023-03-09 22:36:12 +01:00
Makefile
for-6.3/dio-2023-02-16
2023-02-20 14:10:36 -08:00
mbcache.c
ext4: fix deadlock due to mbcache entry corruption
2022-12-08 21:49:25 -05:00
mnt_idmapping.c
fs: move mnt_idmap
2023-01-19 09:24:30 +01:00
mount.h
mpage.c
- Daniel Verkamp has contributed a memfd series ("mm/memfd: add
2023-02-23 17:09:35 -08:00
namei.c
fs: Fix description of vfs_tmpfile()
2023-03-12 20:03:48 -04:00
namespace.c
fget() to fdget() conversions
2023-04-24 19:14:20 -07:00
no-block.c
nsfs.c
kill the last remaining user of proc_ns_fget()
2023-04-20 22:55:35 -04:00
open.c
open: return EINVAL for O_DIRECTORY | O_CREAT
2023-03-22 11:06:55 +01:00
pipe.c
pnode.c
pnode: pass mountpoint directly
2023-04-06 14:53:38 +02:00
pnode.h
posix_acl.c
acl: don't depend on IOP_XATTR
2023-03-06 09:59:20 +01:00
proc_namespace.c
read_write.c
iov_iter: add iter_iov_addr() and iter_iov_len() helpers
2023-03-30 08:12:29 -06:00
readdir.c
remap_range.c
fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap
2023-01-19 09:24:29 +01:00
select.c
seq_file.c
use less confusing names for iov_iter direction initializers
2022-11-25 13:01:55 -05:00
signalfd.c
splice.c
splice: report related fsnotify events
2023-04-04 15:57:24 +02:00
stack.c
stat.c
fs.idmapped.v6.3
2023-02-20 11:53:11 -08:00
statfs.c
super.c
fscrypt: destroy keyring after security_sb_delete()
2023-03-14 10:30:30 -07:00
sync.c
sysctls.c
timerfd.c
userfaultfd.c
Revert "userfaultfd: don't fail on unrecognized features"
2023-04-16 10:41:26 -07:00
utimes.c
fs.idmapped.v6.3
2023-02-20 11:53:11 -08:00
xattr.c
acl: don't depend on IOP_XATTR
2023-03-06 09:59:20 +01:00