[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2186aa41-ec5d-364d-b251-76fe5839f4a0@huawei.com>
Date: Sun, 16 Oct 2022 10:22:24 +0800
From: shaozhengchao <shaozhengchao@...wei.com>
To: Cong Wang <xiyou.wangcong@...il.com>
CC: netdev <netdev@...r.kernel.org>, Paolo Abeni <pabeni@...hat.com>,
Jakub Kicinski <kuba@...nel.org>,
David Miller <davem@...emloft.net>, <edumazet@...gle.com>,
<sgarzare@...hat.com>, <ast@...nel.org>, <nikolay@...dia.com>,
<mkl@...gutronix.de>, <cong.wang@...edance.com>
Subject: Re: net/kcm: syz issue about general protection fault in skb_unlink
On 2022/10/16 6:42, Cong Wang wrote:
> On Thu, Oct 13, 2022 at 06:51:29PM +0800, shaozhengchao wrote:
>> I found that the syz issue("general protection fault in skb_unlink")
>> still happen in Linux -next branch.
>> commit: 082fce125e57cff60687181c97f3a8ee620c38f5
>> Link:
>> https://groups.google.com/g/syzkaller-bugs/c/ZfR2B5KaQrA/m/QfnGHCYSBwAJ
>> Please ask:
>> Is there any problem with this patch? Why is this patch not merged into
>> the Linux -next branch or mainline?
>>
>
> Does the following patch also fix this bug? It is much smaller than the
> one you refer above.
>
> Thanks.
>
Hi Wang:
Thank you for your patch. I've tested this patch and it solves
my problem as well. Maybe it is better?
Zhengchao Shao
> ---------------->
>
> diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
> index 1215c863e1c4..67c4b25d351d 100644
> --- a/net/kcm/kcmsock.c
> +++ b/net/kcm/kcmsock.c
> @@ -1116,6 +1116,7 @@ static int kcm_recvmsg(struct socket *sock, struct msghdr *msg,
> {
> struct sock *sk = sock->sk;
> struct kcm_sock *kcm = kcm_sk(sk);
> + struct kcm_mux *mux = kcm->mux;
> int err = 0;
> long timeo;
> struct strp_msg *stm;
> @@ -1156,8 +1157,10 @@ static int kcm_recvmsg(struct socket *sock, struct msghdr *msg,
> msg_finished:
> /* Finished with message */
> msg->msg_flags |= MSG_EOR;
> + spin_lock_bh(&mux->rx_lock);
> KCM_STATS_INCR(kcm->stats.rx_msgs);
> skb_unlink(skb, &sk->sk_receive_queue);
> + spin_unlock_bh(&mux->rx_lock);
> kfree_skb(skb);
> }
> }
Powered by blists - more mailing lists