diff options
author | Eric Dumazet <edumazet@google.com> | 2023-01-03 20:27:36 +0100 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2023-01-05 05:38:25 +0100 |
commit | 1ac88557447088ccd15eb2f2520ce46d463c8e0b (patch) | |
tree | 41368d4ff67356ed2fe36418fb0f026185277d50 /net | |
parent | net/ulp: prevent ULP without clone op from entering the LISTEN status (diff) | |
download | linux-1ac88557447088ccd15eb2f2520ce46d463c8e0b.tar.xz linux-1ac88557447088ccd15eb2f2520ce46d463c8e0b.zip |
inet: control sockets should not use current thread task_frag
Because ICMP handlers run from softirq contexts,
they must not use current thread task_frag.
Previously, all sockets allocated by inet_ctl_sock_create()
would use the per-socket page fragment, with no chance of
recursion.
Fixes: 98123866fcf3 ("Treewide: Stop corrupting socket's task_frag")
Reported-by: syzbot+bebc6f1acdf4cbb79b03@syzkaller.appspotmail.com
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Benjamin Coddington <bcodding@redhat.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Link: https://lore.kernel.org/r/20230103192736.454149-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/af_inet.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index ab4a06be489b..6c0ec2789943 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -1665,6 +1665,7 @@ int inet_ctl_sock_create(struct sock **sk, unsigned short family, if (rc == 0) { *sk = sock->sk; (*sk)->sk_allocation = GFP_ATOMIC; + (*sk)->sk_use_task_frag = false; /* * Unhash it so that IP input processing does not even see it, * we do not wish this socket to see incoming packets. |