Commit 4bbd360a authored Oct 24, 2024 by Kuniyuki Iwashima Committed by Jakub Kicinski Oct 29, 2024

socket: Print pf->create() when it does not clear sock->sk on failure.

I suggested to put DEBUG_NET_WARN_ON_ONCE() in __sock_create() to
catch possible use-after-free.

But the warning itself was not useful because our interest is in
the callee than the caller.

Let's define DEBUG_NET_WARN_ONCE() and print the name of pf->create()
and the socket identifier.

While at it, we enclose DEBUG_NET_WARN_ON_ONCE() in parentheses too
to avoid a checkpatch error.

Note that %pf or %pF were obsoleted and will be removed later as per
comment in lib/vsprintf.c.

Link: https://lore.kernel.org/netdev/202410231427.633734b3-lkp@intel.com/


Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241024201458.49412-1-kuniyu@amazon.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent f75d1fbe

include/net/net_debug.h

+3 −1

Original line number	Diff line number	Diff line
		@@ -149,9 +149,11 @@ do { \


		#if defined(CONFIG_DEBUG_NET)
		#define DEBUG_NET_WARN_ON_ONCE(cond) (void)WARN_ON_ONCE(cond)
		#define DEBUG_NET_WARN_ON_ONCE(cond) ((void)WARN_ON_ONCE(cond))
		#define DEBUG_NET_WARN_ONCE(cond, format...) ((void)WARN_ONCE(cond, format))
		#else
		#define DEBUG_NET_WARN_ON_ONCE(cond) BUILD_BUG_ON_INVALID(cond)
		#define DEBUG_NET_WARN_ONCE(cond, format...) BUILD_BUG_ON_INVALID(cond)
		#endif

		#endif /* _LINUX_NET_DEBUG_H */

net/socket.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -1578,7 +1578,9 @@ int __sock_create(struct net *net, int family, int type, int protocol,
		/* ->create should release the allocated sock->sk object on error
		* and make sure sock->sk is set to NULL to avoid use-after-free
		*/
		DEBUG_NET_WARN_ON_ONCE(sock->sk);
		DEBUG_NET_WARN_ONCE(sock->sk,
		"%ps must clear sock->sk on failure, family: %d, type: %d, protocol: %d\n",
		pf->create, family, type, protocol);
		goto out_module_put;
		}