From bd9dfc54e39266ff67521c09d37e838077385b21 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Fri, 25 Aug 2017 06:27:05 -0700 Subject: [PATCH] tcp: fix hang in tcp_sendpage_locked() syszkaller got a hang in tcp stack, related to a bug in tcp_sendpage_locked() root@syzkaller:~# cat /proc/3059/stack [] __lock_sock+0x1dc/0x2f0 [] lock_sock_nested+0xf3/0x110 [] tcp_sendmsg+0x21/0x50 [] inet_sendmsg+0x11f/0x5e0 [] sock_sendmsg+0xca/0x110 [] kernel_sendmsg+0x47/0x60 [] sock_no_sendpage+0x1cc/0x280 [] tcp_sendpage_locked+0x10b/0x160 [] tcp_sendpage+0x43/0x60 [] inet_sendpage+0x1aa/0x660 [] kernel_sendpage+0x8d/0xe0 [] sock_sendpage+0x8c/0xc0 [] pipe_to_sendpage+0x290/0x3b0 [] __splice_from_pipe+0x343/0x750 [] splice_from_pipe+0x1e9/0x330 [] generic_splice_sendpage+0x40/0x50 [] SyS_splice+0x7b7/0x1610 [] entry_SYSCALL_64_fastpath+0x1f/0xbe Fixes: 306b13eb3cf9 ("proto_ops: Add locked held versions of sendmsg and sendpage") Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Cc: Tom Herbert Signed-off-by: David S. Miller --- net/ipv4/tcp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 0cce4472b4a1..566083ee2654 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1052,8 +1052,7 @@ int tcp_sendpage_locked(struct sock *sk, struct page *page, int offset, { if (!(sk->sk_route_caps & NETIF_F_SG) || !sk_check_csum_caps(sk)) - return sock_no_sendpage(sk->sk_socket, page, offset, size, - flags); + return sock_no_sendpage_locked(sk, page, offset, size, flags); tcp_rate_check_app_limited(sk); /* is sending application-limited? */ -- 2.20.1