diff options
| author | Dmitry Torokhov <dtor@google.com> | 2015-09-03 13:08:37 -0700 |
|---|---|---|
| committer | Dmitry Shmidt <dimitrysh@google.com> | 2015-09-04 14:21:36 -0700 |
| commit | 3ac97f2411ad66f872bd0fe401ad94af5ff4d7d3 (patch) | |
| tree | 8ef28afc4362f2a8bbe3de0e3e4241bdb5fed1d6 /drivers/usb | |
| parent | 6265ed1db96795ba7f6c3c4a1a32c8ef25712237 (diff) | |
net: fix crash in tcp_nuke_addr()
When iterating through sockets we need to skip sockets in TIME_WAIT
state as they use lightweight structure inet_timewait_sock that does not
have sk_lock member, and if we try to lock them we'll crash thusly:
[ 89.376383] BUG: spinlock lockup suspected on CPU#0, netd/431
[ 89.382139] lock: 0xffffffc039d05070, .magic: 66d30606, .owner: /-1682098992, .owner_cpu: 0
[ 89.390598] CPU: 0 PID: 431 Comm: netd Tainted: G U W 3.18.0 #5
[ 89.397389] Hardware name: Google Tegra210 Smaug Rev 1+ (DT)
[ 89.403049] Call trace:
[ 89.405501] [<ffffffc0002072b4>] dump_backtrace+0x0/0x10c
[ 89.410918] [<ffffffc0002073d0>] show_stack+0x10/0x1c
[ 89.415971] [<ffffffc000a88608>] dump_stack+0x74/0x94
[ 89.421018] [<ffffffc000257e8c>] spin_dump+0x78/0x88
[ 89.425984] [<ffffffc0002580d8>] do_raw_spin_lock+0xfc/0x158
[ 89.431666] [<ffffffc000a90090>] _raw_spin_lock+0x34/0x44
[ 89.437059] [<ffffffc0009509a8>] tcp_nuke_addr+0x1fc/0x29c
[ 89.442548] [<ffffffc0009735f4>] devinet_ioctl+0x288/0x680
[ 89.448053] [<ffffffc000975004>] inet_ioctl+0xc4/0xf4
[ 89.453103] [<ffffffc0008baedc>] sock_do_ioctl+0x2c/0x5c
[ 89.458408] [<ffffffc0008bbb54>] sock_ioctl+0x210/0x230
[ 89.463633] [<ffffffc000317088>] do_vfs_ioctl+0x4ac/0x590
[ 89.469049] [<ffffffc0003171c8>] SyS_ioctl+0x5c/0x88
(or with NULL pointer dereference if lockdep is still working).
Change-Id: I07c70d9a60b125b1070ff05c4eec27daee1a3e90
Signed-off-by: Dmitry Torokhov <dtor@google.com>
Diffstat (limited to 'drivers/usb')
0 files changed, 0 insertions, 0 deletions