From: Ursula Braun <ubr...@linux.ibm.com> Date: Wed, 2 May 2018 16:53:56 +0200
> The smc_poll code tries to finish connect() if the socket is in > state SMC_INIT and polling of the internal CLC-socket returns with > EPOLLOUT. This makes sense for a select/poll call following a connect > call, but not without preceding connect(). > With this patch smc_poll starts connect logic only, if the CLC-socket > is no longer in its initial state TCP_CLOSE. > > In addition, a poll error on the internal CLC-socket is always > propagated to the SMC socket. > > With this patch the code path mentioned by syzbot > https://syzkaller.appspot.com/bug?extid=03faa2dc16b8b64be396 > is no longer possible. > > Signed-off-by: Ursula Braun <ubr...@linux.ibm.com> > Reported-by: syzbot+03faa2dc16b8b64be...@syzkaller.appspotmail.com Applied and queued up for -stable, thanks.
