----- Original Message -----
| With commit 0ffdaf5b41cf ("net/sock: add WARN_ON(parent->sk)
| in sock_graft()"), a calltrace happened as follows:
|
| [ 457.018340] WARNING: CPU: 0 PID: 15623 at ./include/net/sock.h:1703
| inet_accept+0x135/0x140
| ...
| [ 457.018381] RIP: 0010:inet_accept+0x135/0x140
| [ 457.018381] RSP: 0018:ffffc90001727d18 EFLAGS: 00010286
| [ 457.018383] RAX: 0000000000000001 RBX: ffff880012413000 RCX:
| 0000000000000001
| [ 457.018384] RDX: 000000000000018a RSI: 00000000fffffe01 RDI:
| ffffffff8156fae8
| [ 457.018384] RBP: ffffc90001727d38 R08: 0000000000000000 R09:
| 0000000000004305
| [ 457.018385] R10: 0000000000000001 R11: 0000000000004304 R12:
| ffff880035ae7a00
| [ 457.018386] R13: ffff88001282af10 R14: ffff880034e4e200 R15:
| 0000000000000000
| [ 457.018387] FS: 0000000000000000(0000) GS:ffff88003fc00000(0000)
| knlGS:0000000000000000
| [ 457.018388] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
| [ 457.018389] CR2: 00007fdec22f9000 CR3: 0000000002b5a000 CR4:
| 00000000000006f0
| [ 457.018395] Call Trace:
| [ 457.018402] tcp_accept_from_sock.part.8+0x12d/0x449 [dlm]
| [ 457.018405] ? vprintk_emit+0x248/0x2d0
| [ 457.018409] tcp_accept_from_sock+0x3f/0x50 [dlm]
| [ 457.018413] process_recv_sockets+0x3b/0x50 [dlm]
| [ 457.018415] process_one_work+0x138/0x370
| [ 457.018417] worker_thread+0x4d/0x3b0
| [ 457.018419] kthread+0x109/0x140
| [ 457.018421] ? rescuer_thread+0x320/0x320
| [ 457.018422] ? kthread_park+0x60/0x60
| [ 457.018424] ret_from_fork+0x25/0x30
|
| Since newsocket created by sock_create_kern sets it's
| sock by the path:
|
| sock_create_kern -> __sock_creat
| ->pf->create => inet_create
| -> sock_init_data
|
| Then WARN_ON is triggered by "con->sock->ops->accept =>
| inet_accept -> sock_graft", it also means newsock->sk
| is leaked since sock_graft will replace it with a new
| sk.
|
| To resolve the issue, we need to use sock_create_lite
| instead of sock_create_kern, like commit 0933a578cd55
| ("rds: tcp: use sock_create_lite() to create the accept
| socket") did.
|
| Signed-off-by: Guoqing Jiang <gqji...@suse.com>
| ---
| fs/dlm/lowcomms.c | 2 +-
| 1 file changed, 1 insertion(+), 1 deletion(-)
|
| diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c
| index 9382db9..4813d0e 100644
| --- a/fs/dlm/lowcomms.c
| +++ b/fs/dlm/lowcomms.c
| @@ -729,7 +729,7 @@ static int tcp_accept_from_sock(struct connection *con)
| mutex_unlock(&connections_lock);
|
| memset(&peeraddr, 0, sizeof(peeraddr));
| - result = sock_create_kern(&init_net, dlm_local_addr[0]->ss_family,
| + result = sock_create_lite(dlm_local_addr[0]->ss_family,
| SOCK_STREAM, IPPROTO_TCP, &newsock);
| if (result < 0)
| return -ENOMEM;
| --
| 2.10.0
|
|
Isn't this also a problem for the sctp equivalent, sctp_connect_to_sock?
Regards,
Bob Peterson
Red Hat File Systems
