From patchwork Sat Jan 16 00:08:33 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Weinberger X-Patchwork-Id: 568740 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id EA5EE140144 for ; Sat, 16 Jan 2016 11:08:53 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=BJAXUzgB; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1161099AbcAPAIg (ORCPT ); Fri, 15 Jan 2016 19:08:36 -0500 Received: from mail-ob0-f176.google.com ([209.85.214.176]:34684 "EHLO mail-ob0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757196AbcAPAIe (ORCPT ); Fri, 15 Jan 2016 19:08:34 -0500 Received: by mail-ob0-f176.google.com with SMTP id vt7so123510163obb.1; Fri, 15 Jan 2016 16:08:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=TuOp/QdkQ5Ny6hFnU9BA/RjqEXQpaRIQZ9mMMSGS0/U=; b=BJAXUzgB8YHPlJHVAhJRwHOXWaS79Pz4EOCZNKOVxuuUar/rHdrzGQUjTt4QzVrDs5 SmH1dG8lhHZG0spO9TGadIQakl4vCw2xdJbW7/pp8wiz5vUPrsi1BHc0Z0qxu8pMLZsk k3eNhuvSLhZrE+gG51MrARGnQDm79gK0TuX2ngxkXVff+2iS2pRspEPS0lKvRDU0D5OD Lsb6IooW+QwXDgg87SEWHQ4P5apckAu7EI777fwAuj/RoNfossznNZZXhejuoj/buQgG kVIR9vhT9MI9/UgE07nDUZykAd9p3sv80HpOlsWD73J3VgwS3Jy4vsqBubjDqueKxJxA oFtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=TuOp/QdkQ5Ny6hFnU9BA/RjqEXQpaRIQZ9mMMSGS0/U=; b=aT/t8URvKZ13p3OOlC72GadlbKggfMmpcbzPHr/GSb6mI7JDTvHuDds0SPnVKLhFcN 5FxQtmQ3I8W/S55gfSV6A/RnTyXhmRYRLitFWAqhp60nwgqIdS8KtDl5HC+dsWxI+Bt3 6yAIJijl7kQQ4pqi1k6K1B1GO1nGhFkBKftHdOyY6wMU3Afdl65wYTl8jId9CF8nARJL x/StviWjGKnHHm1kJdH21joH0Jung8yXvBJF2L4PQP9B+bDVVQwF904dxt/iHrVZLali c4L1BeLPghBO7tp5Q59UZrSb4DN+Et+Ev7RjGr1znnf/UH1AqyRLLzk1nlu5DpZ2buDz 2y0g== X-Gm-Message-State: ALoCoQkD7/HX8HZxoVlCx9qsEJFdMu5sKxH0cWaVNkO2T4ndT6XnMgzvQpUt8yw08RQlv858lI4ANnNQK909YSzI/9AMPDHR8A== MIME-Version: 1.0 X-Received: by 10.60.128.195 with SMTP id nq3mr10943746oeb.52.1452902913634; Fri, 15 Jan 2016 16:08:33 -0800 (PST) Received: by 10.76.178.229 with HTTP; Fri, 15 Jan 2016 16:08:33 -0800 (PST) In-Reply-To: References: Date: Sat, 16 Jan 2016 01:08:33 +0100 Message-ID: Subject: Re: net: GPF in __netlink_ns_capable From: Richard Weinberger To: Dmitry Vyukov Cc: "David S. Miller" , Herbert Xu , Thomas Graf , Daniel Borkmann , Ken-ichirou MATSUZAWA , Nicolas Dichtel , Florian Westphal , netdev , LKML , syzkaller , Kostya Serebryany , Alexander Potapenko , Sasha Levin , Eric Dumazet Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Fri, Jan 15, 2016 at 11:31 PM, Dmitry Vyukov wrote: > Call Trace: > [< inline >] netlink_ns_capable net/netlink/af_netlink.c:1417 > [] netlink_capable+0x25/0x30 net/netlink/af_netlink.c:1432 Hmm, we're crashing because NETLINK_CB(skb).sk is NULL. netlink_dump() creates a new skb without a netlink control block, but infiniband's dump functions use netlink_capable() which needs a valid NETLINK_CB(skb).sk. What about something like that? sk_mem_charge(sk, skb->truesize); diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 81dc1bb..bb40ec5 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -919,6 +919,7 @@ static void netlink_skb_set_owner_r(struct sk_buff *skb, struct sock *sk) { WARN_ON(skb->sk != NULL); skb->sk = sk; + NETLINK_CB(skb).sk = sk; skb->destructor = netlink_skb_destructor; atomic_add(skb->truesize, &sk->sk_rmem_alloc);