Re: kernel BUG at net/rxrpc/local_object.c:LINE!

From: David Howells
Date: Mon Aug 19 2019 - 04:23:06 EST

Next message: Ran Wang: "RE: [PATCH v5 1/3] PM: wakeup: Add routine to help fetch wakeup source object."
Previous message: Jiri Olsa: "Re: [PATCH 28/79] libperf: Add perf_cpu_map struct"
In reply to: syzbot: "Re: kernel BUG at net/rxrpc/local_object.c:LINE!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Hillf,

There are some commits in net/master that ought to fix this and conflict with
your longer patch:

730c5fd42c1e3652a065448fd235cb9fafb2bd10
rxrpc: Fix local endpoint refcounting

68553f1a6f746bf860bce3eb42d78c26a717d9c0
rxrpc: Fix local refcounting

b00df840fb4004b7087940ac5f68801562d0d2de
rxrpc: Fix local endpoint replacement

06d9532fa6b34f12a6d75711162d47c17c1add72
rxrpc: Fix read-after-free in rxrpc_queue_local()

After the first one, you should never see local->usage == 0 in
rxrpc_input_packet() as the UDP socket gets closed before the refcount is
reduced to 0 (there's now a second "usage" count that counts how many times
the local endpoint is in use and local->usage is the refcount for the struct
itself).

Thanks,
David

Next message: Ran Wang: "RE: [PATCH v5 1/3] PM: wakeup: Add routine to help fetch wakeup source object."
Previous message: Jiri Olsa: "Re: [PATCH 28/79] libperf: Add perf_cpu_map struct"
In reply to: syzbot: "Re: kernel BUG at net/rxrpc/local_object.c:LINE!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]