From patchwork Fri Jan  1 23:48:59 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cong Wang <xiyou.wangcong@gmail.com>
X-Patchwork-Id: 562061
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 4540F140B97
	for <patchwork-incoming@ozlabs.org>;
	Sat,  2 Jan 2016 10:50:05 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=aPq+PlaK;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752554AbcAAXtD (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 1 Jan 2016 18:49:03 -0500
Received: from mail-yk0-f173.google.com ([209.85.160.173]:33281 "EHLO
	mail-yk0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752114AbcAAXtB (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 1 Jan 2016 18:49:01 -0500
Received: by mail-yk0-f173.google.com with SMTP id k129so182079868yke.0;
	Fri, 01 Jan 2016 15:49:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=6gNDM5p+b3r+FZu50ut+nb35NZkKrc7BKT7srhZSYGg=;
	b=aPq+PlaK5wIuU9f+abEUg6gEtrU+kMDmFqm+7cjOYPqDolRkfFX0C7ceF8Fgygji4u
	E2ArptBPedCahe4akag/EHEpFApoGklagakQPYY1OcAB8zRbFZb8CSq1pV4DFL2ecLi6
	8wk00m3OAz7zN0AjS99jkBEIQpbN75TzURA+HBAjooTe2zfquGCoq0xrKVDzvmatQ9GH
	j+IOLCMuIvPxyURR6kRPs4NLi54EG2gIWFJyUYS7fgOHWETgTRJYdzH6H/gz3Kh45D+E
	EMwvBVzoR82aXp1fvjcFD/EOAV91mfjn2rOGOyA3IwcRJHSkv18r7S0QQL3q1vNYEDpG
	1GWQ==
MIME-Version: 1.0
X-Received: by 10.129.108.150 with SMTP id
	h144mr16930868ywc.120.1451692140047;
	Fri, 01 Jan 2016 15:49:00 -0800 (PST)
Received: by 10.129.81.15 with HTTP; Fri, 1 Jan 2016 15:48:59 -0800 (PST)
In-Reply-To: 
 <CACT4Y+baorktL_dBHEWcz_jHYTzhM_-DJoms81bzVx8FbYk63w@mail.gmail.com>
References: 
 <CACT4Y+baorktL_dBHEWcz_jHYTzhM_-DJoms81bzVx8FbYk63w@mail.gmail.com>
Date: Fri, 1 Jan 2016 15:48:59 -0800
Message-ID: 
 <CAM_iQpWarm-m1ZNZTEJ24i+O_JuaeJyQ--EzFADvuQJdZPJz7Q@mail.gmail.com>
Subject: Re: net/nfc: GPF in llcp_sock_getname
From: Cong Wang <xiyou.wangcong@gmail.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org>,
	Aloisio Almeida Jr <aloisio.almeida@openbossa.org>,
	Samuel Ortiz <sameo@linux.intel.com>,
	"David S. Miller" <davem@davemloft.net>,
	linux-wireless@vger.kernel.org, netdev <netdev@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	syzkaller <syzkaller@googlegroups.com>,
	Kostya Serebryany <kcc@google.com>,
	Alexander Potapenko <glider@google.com>,
	Sasha Levin <sasha.levin@oracle.com>, Eric Dumazet <edumazet@google.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

On Fri, Jan 1, 2016 at 5:58 AM, Dmitry Vyukov <dvyukov@google.com> wrote:
> GPF seems to be caused by a data race on socket state.

Seems you are right, I think the following patch should work:

        pr_debug("%p %d %d %d\n", sk, llcp_sock->target_idx,
---
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
index ecf0a01..5a91997 100644
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -500,7 +500,7 @@ static int llcp_sock_getname(struct socket *sock,
struct sockaddr *uaddr,
        struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk);
        DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, llcp_addr, uaddr);

-       if (llcp_sock == NULL || llcp_sock->dev == NULL)
+       if (llcp_sock == NULL || sk->sk_state == LLCP_CLOSED)
                return -EBADFD;