Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e0724d0 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files

tcp/dccp: fix hashdance race for passive sessions 



Multiple cpus can process duplicates of incoming ACK messages
matching a SYN_RECV request socket. This is a rare event under
normal operations, but definitely can happen.

Only one must win the race, otherwise corruption would occur.

To fix this without adding new atomic ops, we use logic in
inet_ehash_nolisten() to detect the request was present in the same
ehash bucket where we try to insert the new child.

If request socket was not found, we have to undo the child creation.

This actually removes a spin_lock()/spin_unlock() pair in
reqsk_queue_unlink() for the fast path.

Fixes: e994b2f0 ("tcp: do not lock listener to process SYN packets")
Fixes: 079096f1 ("tcp/dccp: install syn_recv requests into ehash table")
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7b131180

include/net/inet_connection_sock.h

+6 −1
Original line number Diff line number Diff line
@@ -43,7 +43,9 @@ struct inet_connection_sock_af_ops { 
	int	    (*conn_request)(struct sock *sk, struct sk_buff *skb);

	struct sock *(*syn_recv_sock)(const struct sock *sk, struct sk_buff *skb,

				      struct request_sock *req,

				      struct dst_entry *dst);

				      struct dst_entry *dst,

				      struct request_sock *req_unhash,

				      bool *own_req);

	u16	    net_header_len;

	u16	    net_frag_header_len;

	u16	    sockaddr_len;
@@ -272,6 +274,9 @@ void inet_csk_reqsk_queue_add(struct sock *sk, struct request_sock *req, 
			      struct sock *child);

void inet_csk_reqsk_queue_hash_add(struct sock *sk, struct request_sock *req,

				   unsigned long timeout);

struct sock *inet_csk_complete_hashdance(struct sock *sk, struct sock *child,

					 struct request_sock *req,

					 bool own_req);



static inline void inet_csk_reqsk_queue_added(struct sock *sk)

{

include/net/inet_hashtables.h

+2 −2
Original line number Diff line number Diff line
@@ -205,8 +205,8 @@ void inet_put_port(struct sock *sk); 


void inet_hashinfo_init(struct inet_hashinfo *h);



int inet_ehash_insert(struct sock *sk, struct sock *osk);

void __inet_hash_nolisten(struct sock *sk, struct sock *osk);

bool inet_ehash_insert(struct sock *sk, struct sock *osk);

bool inet_ehash_nolisten(struct sock *sk, struct sock *osk);

void __inet_hash(struct sock *sk, struct sock *osk);

void inet_hash(struct sock *sk);

void inet_unhash(struct sock *sk);

include/net/tcp.h

+3 −1
Original line number Diff line number Diff line
@@ -457,7 +457,9 @@ struct sock *tcp_create_openreq_child(const struct sock *sk, 
void tcp_ca_openreq_child(struct sock *sk, const struct dst_entry *dst);

struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,

				  struct request_sock *req,

				  struct dst_entry *dst);

				  struct dst_entry *dst,

				  struct request_sock *req_unhash,

				  bool *own_req);

int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb);

int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len);

int tcp_connect(struct sock *sk);

net/dccp/dccp.h

+3 −1
Original line number Diff line number Diff line
@@ -278,7 +278,9 @@ int dccp_v4_do_rcv(struct sock *sk, struct sk_buff *skb); 


struct sock *dccp_v4_request_recv_sock(const struct sock *sk, struct sk_buff *skb,

				       struct request_sock *req,

				       struct dst_entry *dst);

				       struct dst_entry *dst,

				       struct request_sock *req_unhash,

				       bool *own_req);

struct sock *dccp_check_req(struct sock *sk, struct sk_buff *skb,

			    struct request_sock *req);

net/dccp/ipv4.c

+4 −2
Original line number Diff line number Diff line
@@ -393,7 +393,9 @@ static inline u64 dccp_v4_init_sequence(const struct sk_buff *skb) 
struct sock *dccp_v4_request_recv_sock(const struct sock *sk,

				       struct sk_buff *skb,

				       struct request_sock *req,

				       struct dst_entry *dst)

				       struct dst_entry *dst,

				       struct request_sock *req_unhash,

				       bool *own_req)

{

	struct inet_request_sock *ireq;

	struct inet_sock *newinet;
@@ -426,7 +428,7 @@ struct sock *dccp_v4_request_recv_sock(const struct sock *sk, 


	if (__inet_inherit_port(sk, newsk) < 0)

		goto put_and_exit;

	__inet_hash_nolisten(newsk, NULL);

	*own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));



	return newsk;