On Wed, Jan 31, 2018 at 3:52 PM, Nikolay Aleksandrov
<niko...@cumulusnetworks.com> wrote:
> On 31/01/18 16:49, Dmitry Vyukov wrote:
>> On Wed, Jan 31, 2018 at 3:29 PM, Nikolay Aleksandrov
>> <niko...@cumulusnetworks.com> wrote:
>>> When we dump the ip6mr mfc entries via proc, we initialize an iterator
>>> with the table to dump but we don't clear the cache pointer which might
>>> be initialized from a prior read on the same descriptor that ended. This
>>> can result in lock imbalance (an unnecessary unlock) leading to other
>>> crashes and hangs. Clear the cache pointer like ipmr does to fix the issue.
>>> Thanks for the reliable reproducer.
> [snip]
>>> Reported-by: syzbot 
>>> <bot+eceb3204562c41a438fa1f2335e0fe4f6886d...@syzkaller.appspotmail.com>
>>> Signed-off-by: Nikolay Aleksandrov <niko...@cumulusnetworks.com>
>>> ---
>>> v2: make sure the trace doesn't ruin the patch
>>> No fixes tag because it seems this has been there forever.
>>
>> Don't we need to Cc stable 2.6 in this case or something like this. We
>> want it to be backported.
>
> AFAIK Dave takes care of queueing the patches for stable backports and
> maintainers get them from his stable queue.

Good to know. Thanks.

>>>  net/ipv6/ip6mr.c | 1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
>>> index a2e1a864eb46..4fc566ec7e79 100644
>>> --- a/net/ipv6/ip6mr.c
>>> +++ b/net/ipv6/ip6mr.c
>>> @@ -495,6 +495,7 @@ static void *ipmr_mfc_seq_start(struct seq_file *seq, 
>>> loff_t *pos)
>>>                 return ERR_PTR(-ENOENT);
>>>
>>>         it->mrt = mrt;
>>> +       it->cache = NULL;
>>>         return *pos ? ipmr_mfc_seq_idx(net, seq->private, *pos - 1)
>>>                 : SEQ_START_TOKEN;
>>>  }
>>> --
>>> 2.1.4
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "syzkaller-bugs" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to syzkaller-bugs+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/syzkaller-bugs/1517408970-14210-1-git-send-email-nikolay%40cumulusnetworks.com.
>>> For more options, visit https://groups.google.com/d/optout.
>

Reply via email to