xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
575b65bc5bff37ec502d5eab9fc91d0a8d5ec40e
android_kernel_xiaomi_sm8450/net/ipv4
History
Eric Dumazet 575b65bc5b udp: avoid refcount_t saturation in __udp_gso_segment() 
For some reason, Willem thought that the issue we fixed for TCP
in commit 7ec318feee ("tcp: gso: avoid refcount_t warning from
tcp_gso_segment()") was not relevant for UDP GSO.

But syzbot found its way.

refcount_t: saturated; leaking memory.
WARNING: CPU: 0 PID: 10261 at lib/refcount.c:78 refcount_add_not_zero+0x2d4/0x320 lib/refcount.c:78
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 10261 Comm: syz-executor5 Not tainted 4.17.0-rc3+ #38
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b9/0x294 lib/dump_stack.c:113
 panic+0x22f/0x4de kernel/panic.c:184
 __warn.cold.8+0x163/0x1b3 kernel/panic.c:536
 report_bug+0x252/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:refcount_add_not_zero+0x2d4/0x320 lib/refcount.c:78
RSP: 0018:ffff880196db6b90 EFLAGS: 00010282
RAX: 0000000000000026 RBX: 00000000ffffff01 RCX: ffffc900040d9000
RDX: 0000000000004a29 RSI: ffffffff8160f6f1 RDI: ffff880196db66f0
RBP: ffff880196db6c78 R08: ffff8801b33d6740 R09: 0000000000000002
R10: ffff8801b33d6740 R11: 0000000000000000 R12: 0000000000000000
R13: 00000000ffffffff R14: ffff880196db6c50 R15: 0000000000020101
 refcount_add+0x1b/0x70 lib/refcount.c:102
 __udp_gso_segment+0xaa5/0xee0 net/ipv4/udp_offload.c:272
 udp4_ufo_fragment+0x592/0x7a0 net/ipv4/udp_offload.c:301
 inet_gso_segment+0x639/0x12b0 net/ipv4/af_inet.c:1342
 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792
 __skb_gso_segment+0x3bb/0x870 net/core/dev.c:2865
 skb_gso_segment include/linux/netdevice.h:4050 [inline]
 validate_xmit_skb+0x54d/0xd90 net/core/dev.c:3122
 __dev_queue_xmit+0xbf8/0x34c0 net/core/dev.c:3579
 dev_queue_xmit+0x17/0x20 net/core/dev.c:3620
 neigh_direct_output+0x15/0x20 net/core/neighbour.c:1401
 neigh_output include/net/neighbour.h:483 [inline]
 ip_finish_output2+0xa5f/0x1840 net/ipv4/ip_output.c:229
 ip_finish_output+0x828/0xf80 net/ipv4/ip_output.c:317
 NF_HOOK_COND include/linux/netfilter.h:277 [inline]
 ip_output+0x21b/0x850 net/ipv4/ip_output.c:405
 dst_output include/net/dst.h:444 [inline]
 ip_local_out+0xc5/0x1b0 net/ipv4/ip_output.c:124
 ip_send_skb+0x40/0xe0 net/ipv4/ip_output.c:1434
 udp_send_skb.isra.37+0x5eb/0x1000 net/ipv4/udp.c:825
 udp_push_pending_frames+0x5c/0xf0 net/ipv4/udp.c:853
 udp_v6_push_pending_frames+0x380/0x3e0 net/ipv6/udp.c:1105
 udp_lib_setsockopt+0x59a/0x600 net/ipv4/udp.c:2403
 udpv6_setsockopt+0x95/0xa0 net/ipv6/udp.c:1447
 sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3046
 __sys_setsockopt+0x1bd/0x390 net/socket.c:1903
 __do_sys_setsockopt net/socket.c:1914 [inline]
 __se_sys_setsockopt net/socket.c:1911 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1911
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: ad405857b1 ("udp: better wmem accounting on gso")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Cc: Alexander Duyck <alexander.h.duyck@intel.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-11 12:29:42 -04:00
..
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2018-05-06 21:51:37 -04:00
af_inet.c
tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
2018-04-29 21:29:55 -04:00
ah4.c
net: use -ENOSPC for transient busy indication
2017-11-03 22:11:17 +08:00
arp.c
arp: fix arp_filter on l3slave devices
2018-04-05 22:05:03 -04:00
cipso_ipv4.c
tcp/dccp: fix ireq->opt races
2017-10-21 01:33:19 +01:00
datagram.c
net: Set sk_txhash from a random number
2015-07-29 22:44:04 -07:00
devinet.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
esp4_offload.c
esp: check the NETIF_F_HW_ESP_TX_CSUM bit before segmenting
2018-02-27 10:46:01 +01:00
esp4.c
esp4: remove redundant initialization of pointer esph
2018-02-13 13:59:03 +01:00
fib_frontend.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
fib_lookup.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fib_notifier.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
fib_rules.c
net: fib_rules: add extack support
2018-04-23 10:21:24 -04:00
fib_semantics.c
net: Move fib_convert_metrics to metrics file
2018-04-17 23:41:15 -04:00
fib_trie.c
net/ipv4: Allow notifier to fail route replace
2018-03-29 14:10:30 -04:00
fou.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
gre_demux.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-06-30 05:03:36 -04:00
gre_offload.c
gso: fix payload length when gso_size is zero
2017-10-08 10:12:15 -07:00
icmp.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
igmp.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
inet_connection_sock.c
net: ipv4: remove define INET_CSK_DEBUG and unnecessary EXPORT_SYMBOL
2018-05-10 17:43:55 -04:00
inet_diag.c
sock_diag: request _diag module only when the family or proto has been registered
2018-03-12 11:03:42 -04:00
inet_fragment.c
inet: frags: remove inet_frag_maybe_warn_overflow()
2018-03-31 23:25:39 -04:00
inet_hashtables.c
inet: Avoid unitialized variable warning in inet_unhash()
2018-02-01 09:48:42 -05:00
inet_timewait_sock.c
soreuseport: initialise timewait reuseport field
2018-04-07 22:32:32 -04:00
inetpeer.c
inetpeer: fix uninit-value in inet_getpeer
2018-04-09 10:57:35 -04:00
ip_forward.c
net: rename skb_gso_validate_mtu -> skb_gso_validate_network_len
2018-03-04 17:49:17 -05:00
ip_fragment.c
inet: frags: fix ip6frag_low_thresh boundary
2018-04-04 12:04:59 -04:00
ip_gre.c
erspan: auto detect truncated packets.
2018-04-30 11:43:45 -04:00
ip_input.c
net: Make ip_ra_chain per struct net
2018-03-22 15:12:56 -04:00
ip_options.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ip_output.c
tcp: Add mark for TIMEWAIT sockets
2018-05-10 17:44:52 -04:00
ip_sockglue.c
net: Replace ip_ra_lock with per-net mutex
2018-03-22 15:12:56 -04:00
ip_tunnel_core.c
net/ipv4: Update ip_tunnel_metadata_cnt static key to modern api
2018-05-10 15:13:33 -04:00
ip_tunnel.c
ip_tunnel: better validate user provided tunnel names
2018-04-05 15:16:15 -04:00
ip_vti.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
ipcomp.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
ipconfig.c
ipconfig: Write NTP server IPs to /proc/net/ipconfig/ntp_servers
2018-04-24 13:40:42 -04:00
ipip.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
ipmr_base.c
ipmr: Make ipmr_dump() common
2018-03-26 13:14:43 -04:00
ipmr.c
net: fib_rules: add extack support
2018-04-23 10:21:24 -04:00
Kconfig
ipmr,ipmr6: Define a uniform vif_device
2018-03-01 13:13:23 -05:00
Makefile
net: Move fib_convert_metrics to metrics file
2018-04-17 23:41:15 -04:00
metrics.c
net: Move fib_convert_metrics to metrics file
2018-04-17 23:41:15 -04:00
netfilter.c
netfilter: remove struct nf_afinfo and its helper functions
2018-01-08 18:11:02 +01:00
ping.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
proc.c
tcp: export packets delivery info
2018-04-19 13:05:16 -04:00
protocol.c
net: Add sysctl to toggle early demux for tcp and udp
2017-03-24 13:17:07 -07:00
raw_diag.c
net: ipv6: add second dif to raw socket lookups
2017-08-07 11:39:22 -07:00
raw.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
route.c
ipv4: fix fnhe usage by non-cached routes
2018-05-02 22:52:35 -04:00
syncookies.c
net/ipv4: disable SMC TCP option with SYN Cookies
2018-03-25 20:53:54 -04:00
sysctl_net_ipv4.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
tcp_bbr.c
tcp_bbr: fix to zero idle_restart only upon S/ACKed data
2018-05-02 11:12:32 -04:00
tcp_bic.c
tcp: consolidate congestion control undo functions
2017-08-06 21:25:10 -07:00
tcp_cdg.c
tcp: cdg: make struct tcp_cdg static
2017-10-16 21:24:25 +01:00
tcp_cong.c
tcp: Namespace-ify sysctl_tcp_default_congestion_control
2017-11-15 14:09:52 +09:00
tcp_cubic.c
tcp: consolidate congestion control undo functions
2017-08-06 21:25:10 -07:00
tcp_dctcp.c
Revert "dctcp: update cwnd on congestion event"
2016-12-06 11:34:24 -05:00
tcp_diag.c
net: sock: replace sk_state_load with inet_sk_state_load and remove sk_state_store
2017-12-20 14:00:25 -05:00
tcp_fastopen.c
tcp: pause Fast Open globally after third consecutive timeout
2017-12-13 15:51:12 -05:00
tcp_highspeed.c
tcp: consolidate congestion control undo functions
2017-08-06 21:25:10 -07:00
tcp_htcp.c
tcp: fix cwnd undo in Reno and HTCP congestion controls
2017-08-06 21:25:10 -07:00
tcp_hybla.c
tcp: make undo_cwnd mandatory for congestion modules
2016-11-21 13:20:17 -05:00
tcp_illinois.c
net/tcp/illinois: replace broken algorithm reference link
2018-02-28 12:03:47 -05:00
tcp_input.c
tcp: Add clean acked data hook
2018-05-01 09:42:46 -04:00
tcp_ipv4.c
tcp: Add mark for TIMEWAIT sockets
2018-05-10 17:44:52 -04:00
tcp_lp.c
tcp: switch TCP TS option (RFC 7323) to 1ms clock
2017-05-17 16:06:01 -04:00
tcp_metrics.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
tcp_minisocks.c
tcp: Add mark for TIMEWAIT sockets
2018-05-10 17:44:52 -04:00
tcp_nv.c
tcp_nv: fix potential integer overflow in tcpnv_acked
2018-01-31 10:26:30 -05:00
tcp_offload.c
gso: validate gso_type in GSO handlers
2018-01-22 16:01:30 -05:00
tcp_output.c
tcp: switch pacing timer to softirq based hrtimer
2018-05-11 12:24:37 -04:00
tcp_rate.c
tcp: invalidate rate samples during SACK reneging
2017-12-08 10:07:02 -05:00
tcp_recovery.c
tcp: evaluate packet losses upon RTT change
2017-12-08 14:14:11 -05:00
tcp_scalable.c
tcp: consolidate congestion control undo functions
2017-08-06 21:25:10 -07:00
tcp_timer.c
tcp: switch pacing timer to softirq based hrtimer
2018-05-11 12:24:37 -04:00
tcp_ulp.c
net: add a UID to use for ULP socket assignment
2018-02-06 11:39:31 +01:00
tcp_vegas.c
tcp: fix under-evaluated ssthresh in TCP Vegas
2017-09-29 06:07:00 +01:00
tcp_vegas.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
tcp_veno.c
tcp: consolidate congestion control undo functions
2017-08-06 21:25:10 -07:00
tcp_westwood.c
tcp: Revert "tcp: remove CA_ACK_SLOWPATH"
2017-08-30 11:20:08 -07:00
tcp_yeah.c
tcp: consolidate congestion control undo functions
2017-08-06 21:25:10 -07:00
tcp.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-05-04 09:58:56 -04:00
tunnel4.c
inet: whitespace cleanup
2018-02-28 11:43:28 -05:00
udp_diag.c
net: ipv6: add second dif to udp socket lookups
2017-08-07 11:39:22 -07:00
udp_impl.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
udp_offload.c
udp: avoid refcount_t saturation in __udp_gso_segment()
2018-05-11 12:29:42 -04:00
udp_tunnel.c
net: add infrastructure to un-offload UDP tunnel port
2017-07-24 13:52:59 -07:00
udp.c
net/udp: Update udp_encap_needed static key to modern api
2018-05-10 15:13:34 -04:00
udplite.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
xfrm4_input.c
xfrm: Reinject transport-mode packets through tasklet
2017-12-19 08:23:21 +01:00
xfrm4_mode_beet.c
networking: make skb_pull & friends return void pointers
2017-06-16 11:48:39 -04:00
xfrm4_mode_transport.c
xfrm: Add encapsulation header offsets while SKB is not encrypted
2017-04-14 10:07:39 +02:00
xfrm4_mode_tunnel.c
xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto
2018-03-07 10:54:29 +01:00
xfrm4_output.c
net: xfrm: use skb_gso_validate_network_len() to check gso sizes
2018-03-04 17:49:17 -05:00
xfrm4_policy.c
net: Drop pernet_operations::async
2018-03-27 13:18:09 -04:00
xfrm4_protocol.c
xfrm: input: constify xfrm_input_afinfo
2017-02-09 10:22:17 +01:00
xfrm4_state.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xfrm4_tunnel.c