Commit 1ac88557 authored Jan 03, 2023 by Eric Dumazet Committed by Jakub Kicinski Jan 04, 2023

inet: control sockets should not use current thread task_frag



Because ICMP handlers run from softirq contexts,
they must not use current thread task_frag.

Previously, all sockets allocated by inet_ctl_sock_create()
would use the per-socket page fragment, with no chance of
recursion.

Fixes: 98123866 ("Treewide: Stop corrupting socket's task_frag")
Reported-by:  <syzbot+bebc6f1acdf4cbb79b03@syzkaller.appspotmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Benjamin Coddington <bcodding@redhat.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Link: https://lore.kernel.org/r/20230103192736.454149-1-edumazet@google.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 2c02d41d

net/ipv4/af_inet.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -1665,6 +1665,7 @@ int inet_ctl_sock_create(struct sock **sk, unsigned short family,
		if (rc == 0) {
		*sk = sock->sk;
		(*sk)->sk_allocation = GFP_ATOMIC;
		(*sk)->sk_use_task_frag = false;
		/*
		* Unhash it so that IP input processing does not even see it,
		* we do not wish this socket to see incoming packets.