Re: kernel BUG at kernel/timer.c:748!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>

On Mon, 2012-09-24 at 18:34 +0200, Eric Dumazet wrote:

> OK, I believe I found the reason. I Will post a patch.
> open a raw socket AF_INET, TCP_PROTO
> + connect() ->sk_state set to TCP_ESTABLISHED
> + setsockopt( SO_KEEPALIVE, &on)  -> crash

I confirm following patch fixes the problem for me.

Thanks again

[PATCH] net: guard tcp_set_keepalive() to tcp sockets

Its possible to use RAW sockets to get a crash in 
tcp_set_keepalive() / sk_reset_timer()

Fix is to make sure socket is a SOCK_STREAM one.

Reported-by: Dave Jones <davej@xxxxxxxxxx>
Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
 net/core/sock.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/core/sock.c b/net/core/sock.c
index 3057920..a6000fb 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -691,7 +691,8 @@ set_rcvbuf:
-		if (sk->sk_protocol == IPPROTO_TCP)
+		if (sk->sk_protocol == IPPROTO_TCP &&
+		    sk->sk_type == SOCK_STREAM)
 			tcp_set_keepalive(sk, valbool);
 		sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool);

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Linux Kernel Discussion]     [Ethernet Bridging]     [Linux Wireless Networking]     [Linux Bluetooth Networking]     [Linux Networking Users]     [VLAN]     [Git]     [IETF Annouce]     [Linux Assembly]     [Security]     [Bugtraq]     [Photo]     [Singles Social Networking]     [Yosemite Information]     [MIPS Linux]     [ARM Linux Kernel]     [ARM Linux]     [Linux Virtualization]     [Linux Security]     [Linux IDE]     [Linux RAID]     [Linux SCSI]     [Free Dating]

Add to Google Powered by Linux