net/smc: do not schedule tx_work in SMC_CLOSED state [Linux 4.19.66]

This Linux kernel change "net/smc: do not schedule tx_work in SMC_CLOSED state" is included in the Linux 4.19.66 release. This change is authored by Ursula Braun <ubraun [at] linux.ibm.com> on Fri Aug 2 10:16:38 2019 +0200. The commit for this change in Linux stable tree is ce58a36 (patch) which is from upstream commit f9cedf1. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream f9cedf1.

net/smc: do not schedule tx_work in SMC_CLOSED state

[ Upstream commit f9cedf1a9b1cdcfb0c52edb391d01771e43994a4 ]

The setsockopts options TCP_NODELAY and TCP_CORK may schedule the
tx worker. Make sure the socket is not yet moved into SMC_CLOSED
state (for instance by a shutdown SHUT_RDWR call).

Reported-by: syzbot+92209502e7aab127c75f@syzkaller.appspotmail.com
Reported-by: syzbot+b972214bb803a343f4fe@syzkaller.appspotmail.com
Fixes: 01d2f7e2cdd31 ("net/smc: sockopts TCP_NODELAY and TCP_CORK")
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

There are 8 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/smc/af_smc.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 9bbab6b..26dcd02 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -1680,14 +1680,18 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
        }
        break;
    case TCP_NODELAY:
-       if (sk->sk_state != SMC_INIT && sk->sk_state != SMC_LISTEN) {
+       if (sk->sk_state != SMC_INIT &&
+           sk->sk_state != SMC_LISTEN &&
+           sk->sk_state != SMC_CLOSED) {
            if (val && !smc->use_fallback)
                mod_delayed_work(system_wq, &smc->conn.tx_work,
                         0);
        }
        break;
    case TCP_CORK:
-       if (sk->sk_state != SMC_INIT && sk->sk_state != SMC_LISTEN) {
+       if (sk->sk_state != SMC_INIT &&
+           sk->sk_state != SMC_LISTEN &&
+           sk->sk_state != SMC_CLOSED) {
            if (!val && !smc->use_fallback)
                mod_delayed_work(system_wq, &smc->conn.tx_work,
                         0);

Leave a Reply

Your email address will not be published. Required fields are marked *