From: Ursula Braun <[email protected]> Date: Wed, 2 May 2018 16:53:56 +0200
> The smc_poll code tries to finish connect() if the socket is in > state SMC_INIT and polling of the internal CLC-socket returns with > EPOLLOUT. This makes sense for a select/poll call following a connect > call, but not without preceding connect(). > With this patch smc_poll starts connect logic only, if the CLC-socket > is no longer in its initial state TCP_CLOSE. > > In addition, a poll error on the internal CLC-socket is always > propagated to the SMC socket. > > With this patch the code path mentioned by syzbot > https://syzkaller.appspot.com/bug?extid=03faa2dc16b8b64be396 > is no longer possible. > > Signed-off-by: Ursula Braun <[email protected]> > Reported-by: [email protected] Applied and queued up for -stable, thanks.
