| From 3bc53be9db21040b5d2de4d455f023c8c494aa68 Mon Sep 17 00:00:00 2001 |
| From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| Date: Wed, 18 Jul 2018 18:57:27 +0900 |
| Subject: net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL. |
| |
| From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| |
| commit 3bc53be9db21040b5d2de4d455f023c8c494aa68 upstream. |
| |
| syzbot is reporting stalls at nfc_llcp_send_ui_frame() [1]. This is |
| because nfc_llcp_send_ui_frame() is retrying the loop without any delay |
| when nonblocking nfc_alloc_send_skb() returned NULL. |
| |
| Since there is no need to use MSG_DONTWAIT if we retry until |
| sock_alloc_send_pskb() succeeds, let's use blocking call. |
| Also, in case an unexpected error occurred, let's break the loop |
| if blocking nfc_alloc_send_skb() failed. |
| |
| [1] https://syzkaller.appspot.com/bug?id=4a131cc571c3733e0eff6bc673f4e36ae48f19c6 |
| |
| Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
| Reported-by: syzbot <syzbot+d29d18215e477cfbfbdd@syzkaller.appspotmail.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| net/nfc/llcp_commands.c | 9 ++++++--- |
| 1 file changed, 6 insertions(+), 3 deletions(-) |
| |
| --- a/net/nfc/llcp_commands.c |
| +++ b/net/nfc/llcp_commands.c |
| @@ -753,11 +753,14 @@ int nfc_llcp_send_ui_frame(struct nfc_ll |
| pr_debug("Fragment %zd bytes remaining %zd", |
| frag_len, remaining_len); |
| |
| - pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, MSG_DONTWAIT, |
| + pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, 0, |
| frag_len + LLCP_HEADER_SIZE, &err); |
| if (pdu == NULL) { |
| - pr_err("Could not allocate PDU\n"); |
| - continue; |
| + pr_err("Could not allocate PDU (error=%d)\n", err); |
| + len -= remaining_len; |
| + if (len == 0) |
| + len = err; |
| + break; |
| } |
| |
| pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI); |