1. 07 Jul, 2018 1 commit
    • Ursula Braun's avatar
      net/smc: reduce sock_put() for fallback sockets · e1bbdd57
      Ursula Braun authored
      smc_release() calls a sock_put() for smc fallback sockets to cover
      the passive closing sock_hold() in __smc_connect() and
      smc_tcp_listen_work(). This does not make sense for sockets in state
      An SMC socket stays in state SMC_INIT if connect fails. The sock_put
      in smc_connect_abort() does not cover all failures. Move it into
      Fixes: ee9dfbef
       ("net/smc: handle sockopts forcing fallback")
      Reported-by: syzbot+3a0748c8f2f210c0ef9b@syzkaller.appspotmail.com
      Reported-by: syzbot+9e60d2428a42049a592a@syzkaller.appspotmail.com
      Signed-off-by: default avatarUrsula Braun <ubraun@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  2. 28 Jun, 2018 2 commits
    • Linus Torvalds's avatar
      Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL · a11e1d43
      Linus Torvalds authored
      The poll() changes were not well thought out, and completely
      unexplained.  They also caused a huge performance regression, because
      "->poll()" was no longer a trivial file operation that just called down
      to the underlying file operations, but instead did at least two indirect
      Indirect calls are sadly slow now with the Spectre mitigation, but the
      performance problem could at least be largely mitigated by changing the
      "->get_poll_head()" operation to just have a per-file-descriptor pointer
      to the poll head instead.  That gets rid of one of the new indirections.
      But that doesn't fix the new complexity that is completely unwarranted
      for the regular case.  The (undocumented) reason for the poll() changes
      was some alleged AIO poll race fixing, but we don't make the common case
      slower and more complex for some uncommon special case, so this all
      really needs way more explanations and most likely a fundamental
      [ This revert is a re...
    • Ursula Braun's avatar
      net/smc: rebuild nonblocking connect · 24ac3a08
      Ursula Braun authored
      The recent poll change may lead to stalls for non-blocking connecting
      SMC sockets, since sock_poll_wait is no longer performed on the
      internal CLC socket, but on the outer SMC socket.  kernel_connect() on
      the internal CLC socket returns with -EINPROGRESS, but the wake up
      logic does not work in all cases. If the internal CLC socket is still
      in state TCP_SYN_SENT when polled, sock_poll_wait() from sock_poll()
      does not sleep. It is supposed to sleep till the state of the internal
      CLC socket switches to TCP_ESTABLISHED.
      This problem triggered a redesign of the SMC nonblocking connect logic.
      This patch introduces a connect worker covering all connect steps
      followed by a wake up of socket waiters. It allows to get rid of all
      delays and locks in smc_poll().
      Fixes: c0129a06
       ("smc: convert to ->poll_mask")
      Signed-off-by: default avatarUrsula Braun <ubraun@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  3. 12 Jun, 2018 1 commit
  4. 03 Jun, 2018 1 commit
  5. 23 May, 2018 2 commits
  6. 18 May, 2018 5 commits
  7. 17 May, 2018 1 commit
    • Eric Dumazet's avatar
      net/smc: init conn.tx_work & conn.send_lock sooner · be7f3e59
      Eric Dumazet authored
      syzkaller found that following program crashes the host :
        int fd = socket(AF_SMC, SOCK_STREAM, 0);
        int val = 1;
        listen(fd, 0);
        shutdown(fd, SHUT_RDWR);
        setsockopt(fd, 6, TCP_NODELAY, &val, 4);
      Simply initialize conn.tx_work & conn.send_lock at socket creation,
      rather than deeper in the stack.
      ODEBUG: assert_init not available (active state 0) object type: timer_list hint:           (null)
      WARNING: CPU: 1 PID: 13988 at lib/debugobjects.c:329 debug_print_object+0x16a/0x210 lib/debugobjects.c:326
      Kernel panic - not syncing: panic_on_warn set ...
      CPU: 1 PID: 13988 Comm: syz-executor0 Not tainted 4.17.0-rc4+ #46
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x1b9/0x294 lib/dump_stack.c:113
       panic+0x22f/0x4de kernel/panic.c:184
       __warn.cold.8+0x163/0x1b3 kernel/panic.c:536
       report_bug+0x252/0x2d0 lib/bug.c:186
       fixup_bug arch/x86/kernel/traps.c:178 [inline]
       do_error_trap+0x1de/0x490 arch/x86/kernel/traps.c:296
       do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
       invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
      RIP: 0010:debug_print_object+0x16a/0x210 lib/debugobjects.c:326
      RSP: 0018:ffff880197a37880 EFLAGS: 00010086
      RAX: 0000000000000061 RBX: 0000000000000005 RCX: ffffc90001ed0000
      RDX: 0000000000004aaf RSI: ffffffff8160f6f1 RDI: 0000000000000001
      RBP: ffff880197a378c0 R08: ffff8801aa7a0080 R09: ffffed003b5e3eb2
      R10: ffffed003b5e3eb2 R11: ffff8801daf1f597 R12: 0000000000000001
      R13: ffffffff88d96980 R14: ffffffff87fa19a0 R15: ffffffff81666ec0
       debug_object_assert_init+0x309/0x500 lib/debugobjects.c:692
       debug_timer_assert_init kernel/time/timer.c:724 [inline]
       debug_assert_init kernel/time/timer.c:776 [inline]
       del_timer+0x74/0x140 kernel/time/timer.c:1198
       try_to_grab_pending+0x439/0x9a0 kernel/workqueue.c:1223
       mod_delayed_work_on+0x91/0x250 kernel/workqueue.c:1592
       mod_delayed_work include/linux/workqueue.h:541 [inline]
       smc_setsockopt+0x387/0x6d0 net/smc/af_smc.c:1367
       __sys_setsockopt+0x1bd/0x390 net/socket.c:1903
       __do_sys_setsockopt net/socket.c:1914 [inline]
       __se_sys_setsockopt net/socket.c:1911 [inline]
       __x64_sys_setsockopt+0xbe/0x150 net/socket.c:1911
       do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
      Fixes: 01d2f7e2
       ("net/smc: sockopts TCP_NODELAY and TCP_CORK")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Ursula Braun <ubraun@linux.ibm.com>
      Cc: linux-s390@vger.kernel.org
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  8. 16 May, 2018 4 commits
  9. 04 May, 2018 2 commits
  10. 03 May, 2018 3 commits
  11. 02 May, 2018 3 commits
  12. 27 Apr, 2018 3 commits
  13. 25 Apr, 2018 1 commit
    • Ursula Braun's avatar
      net/smc: keep clcsock reference in smc_tcp_listen_work() · 070204a3
      Ursula Braun authored
      The internal CLC socket should exist till the SMC-socket is released.
      Function tcp_listen_worker() releases the internal CLC socket of a
      listen socket, if an smc_close_active() is called. This function
      is called for the final release(), but it is called for shutdown
      SHUT_RDWR as well. This opens a door for protection faults, if
      socket calls using the internal CLC socket are called for a
      shutdown listen socket.
      With the changes of
      commit 3d502067 ("net/smc: simplify wait when closing listen socket")
      there is no need anymore to release the internal CLC socket in
      function tcp_listen_worker((). It is sufficient to release it in
      Fixes: 127f4970
       ("net/smc: release clcsock from tcp_listen_worker")
      Signed-off-by: default avatarUrsula Braun <ubraun@linux.ibm.com>
      Reported-by: syzbot+9045fc589fcd196ef522@syzkaller.appspotmail.com
      Reported-by: syzbot+28a2c86cf19c81d871fa@syzkaller.appspotmail.com
      Reported-by: syzbot+9605e6cace1b5efd4a0a@syzkaller.appspotmail.com
      Reported-by: syzbot+cf9012c597c8379d535c@syzkaller.appspotmail.com
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  14. 19 Apr, 2018 1 commit
  15. 16 Mar, 2018 2 commits
  16. 15 Mar, 2018 1 commit
  17. 14 Mar, 2018 1 commit
  18. 01 Mar, 2018 6 commits