From: Eric Dumazet <eduma...@google.com> Date: Sun, 29 Nov 2015 20:03:11 -0800
> Dmitry provided a syzkaller (http://github.com/google/syzkaller) > triggering a fault in sock_wake_async() when async IO is requested. > > Said program stressed af_unix sockets, but the issue is generic > and should be addressed in core networking stack. > > The problem is that by the time sock_wake_async() is called, > we should not access the @flags field of 'struct socket', > as the inode containing this socket might be freed without > further notice, and without RCU grace period. > > We already maintain an RCU protected structure, "struct socket_wq" > so moving SOCKWQ_ASYNC_NOSPACE & SOCKWQ_ASYNC_WAITDATA into it > is the safe route. > > It also reduces number of cache lines needing dirtying, so might > provide a performance improvement anyway. > > In followup patches, we might move remaining flags (SOCK_NOSPACE, > SOCK_PASSCRED, SOCK_PASSSEC) to save 8 bytes and let 'struct socket' > being mostly read and let it being shared between cpus. > > Reported-by: Dmitry Vyukov <dvyu...@google.com> > Signed-off-by: Eric Dumazet <eduma...@google.com> Applied and queued up for -stable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
