代码拉取完成,页面将自动刷新
问题:
WARNING: CPU: 3 PID: 6901 at net/core/stream.c:205 sk_stream_kill_queues+0x1cc/0x1f0 net/core/stream.c:205
Modules linked in:
CPU: 3 PID: 6901 Comm: syz-executor309 Not tainted 5.10.0 #5
Hardware name: linux,dummy-virt (DT)
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--)
pc : sk_stream_kill_queues+0x1cc/0x1f0 net/core/stream.c:205
lr : sk_stream_kill_queues+0x1cc/0x1f0 net/core/stream.c:205
sp : ffffa00019ce7b20
x29: ffffa00019ce7b20 x28: ffffd72a7711d000
x27: ffffd72a7711d010 x26: 0000000000000202
x25: 0000000000000201 x24: ffffd72a761a2080
x23: ffff333b1bc58068 x22: 0000000000000007
x21: ffff333b1bc58148 x20: ffff333b1bc58040
x19: 000000008000b000 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000
x15: 0000000000000000 x14: 1ffff4000339cdb4
x13: 00000000f1f1f1f1 x12: ffff8667609dc78d
x11: 1fffe667609dc78c x10: ffff8667609dc78c
x9 : ffffd72a73f30878 x8 : 0000000041b58ab3
x7 : ffff94000339cf56 x6 : dfffa00000000000
x5 : ffff333b01e6a9c0 x4 : 0000000000000000
x3 : ffffd72a72400000 x2 : ffffd72a74230000
x1 : ffff333b01e6a9c0 x0 : 0000000000000000
Call trace:
sk_stream_kill_queues+0x1cc/0x1f0 net/core/stream.c:205
inet_csk_destroy_sock+0xe8/0x310 net/ipv4/inet_connection_sock.c:889
tcp_close+0xb44/0xe6c net/ipv4/tcp.c:2677
inet_release+0xc0/0x140 net/ipv4/af_inet.c:431
__sock_release+0x80/0x14c net/socket.c:598
sock_close+0x28/0x40 net/socket.c:1268
__fput+0x1dc/0x500 fs/file_table.c:281
____fput+0x24/0x30 fs/file_table.c:314
task_work_run+0x240/0x420 kernel/task_work.c:151
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
do_notify_resume+0x39c/0x440 arch/arm64/kernel/signal.c:718
work_pending+0xc/0x19c
根因分析:
发送一个很大的tcp报文,报文大小size接近INX_MAX,在sk_wmem_schedule()中直接将size作为__sk_mem_schedule()入参计算预分配缓存sk->sk_forward_alloc大小,sk->sk_forward_alloc类型是 int 整型,当sk->sk_forward_alloc本身的值为较大的正值,sk->sk_forward_alloc += size 会产生整型溢出,sk->sk_forward_alloc变成一个很大的负值,无法再恢复。
sk_wmem_schedule()的目的是要schedule不足的预分配缓存,即size - sk->sk_forward_alloc。
修复:
主线修复补丁commit:7c80b038d23e1f4c7fcc311f43f83b8c60e7fb80 ("net: fix sk_wmem_schedule() and sk_rmem_schedule() errors")
Hi ziyang-xuan, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers: @YangYingliang , @成坚 (CHENG Jian) , @jiaoff , @zhengzengkai , @刘勇强 , @wangxiongfeng , @朱科潜 , @WangShaoBo , @lujialin , @wuxu_buque , @Xu Kuohai , @冷嘲啊 , @Lingmingqiang , @yuzenghui , @岳海兵 , @juntian , @OSSIM , @陈结松 , @whoisxxx , @koulihong , @刘恺 , @hanjun-guo , @woqidaideshi , @Chiqijun , @Kefeng , @ThunderTown , @AlexGuo , @kylin-mayukun , @Zheng Zucheng , @柳歆 , @Jackie Liu , @zhujianwei001 , @郑振鹏 , @SuperSix173 , @colyli , @Zhang Yi , @htforge , @Qiuuuuu , @Xie XiuQi , @openeuler-sync-bot
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
登录 后才可以发表评论
