github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4af8a327ae
linux/net/tipc
History
Junwei Hu 2f7025b0a3 tipc: switch order of device registration to fix a crash 
[ Upstream commit 7e27e8d613 ]

When tipc is loaded while many processes try to create a TIPC socket,
a crash occurs:
 PANIC: Unable to handle kernel paging request at virtual
 address "dfff20000000021d"
 pc : tipc_sk_create+0x374/0x1180 [tipc]
 lr : tipc_sk_create+0x374/0x1180 [tipc]
   Exception class = DABT (current EL), IL = 32 bits
 Call trace:
  tipc_sk_create+0x374/0x1180 [tipc]
  __sock_create+0x1cc/0x408
  __sys_socket+0xec/0x1f0
  __arm64_sys_socket+0x74/0xa8
 ...

This is due to race between sock_create and unfinished
register_pernet_device. tipc_sk_insert tries to do
"net_generic(net, tipc_net_id)".
but tipc_net_id is not initialized yet.

So switch the order of the two to close the race.

This can be reproduced with multiple processes doing socket(AF_TIPC, ...)
and one process doing module removal.

Fixes: a62fbccecd ("tipc: make subscriber server support net namespace")
Signed-off-by: Junwei Hu <hujunwei4@huawei.com>
Reported-by: Wang Wang <wangwang2@huawei.com>
Reviewed-by: Xiaogang Wang <wangxiaogang3@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-25 18:23:21 +02:00
..
addr.c
addr.h
bcast.c
bcast.h
bearer.c tipc: fix a double free in tipc_enable_bearer() 2019-01-09 17:38:34 +01:00
bearer.h
core.c tipc: switch order of device registration to fix a crash 2019-05-25 18:23:21 +02:00
core.h
diag.c
discover.c tipc: fix lockdep warning when reinitilaizing sockets 2018-11-23 08:17:03 +01:00
discover.h
eth_media.c
group.c tipc: fix info leak from kernel tipc_event 2018-10-18 16:49:53 -07:00
group.h
ib_media.c
Kconfig
link.c tipc: fix link re-establish failure 2018-11-23 08:17:04 +01:00
link.h
Makefile
monitor.c
monitor.h
msg.c
msg.h
name_distr.c tipc: fix unsafe rcu locking when accessing publication list 2018-10-15 22:33:27 -07:00
name_distr.h
name_table.c tipc: missing entries in name table of publications 2019-04-27 09:36:31 +02:00
name_table.h
net.c tipc: change to check tipc_own_id to return in tipc_net_stop 2019-04-03 06:26:18 +02:00
net.h tipc: fix lockdep warning when reinitilaizing sockets 2018-11-23 08:17:03 +01:00
netlink_compat.c tipc: check link name with right length in tipc_nl_compat_link_set 2019-05-02 09:58:57 +02:00
netlink.c
netlink.h
node.c tipc: fix node keep alive interval calculation 2019-02-12 19:47:06 +01:00
node.h
socket.c tipc: fix hanging clients using poll with EPOLLOUT flag 2019-05-16 19:41:31 +02:00
socket.h
subscr.c
subscr.h
sysctl.c
topsrv.c tipc: fix cancellation of topology subscriptions 2019-04-03 06:26:18 +02:00
topsrv.h
udp_media.c tipc: fix a double kfree_skb() 2019-01-09 17:38:34 +01:00
udp_media.h