tcp: add rcu protection around tp->fastopen_rsk (d983ea6f) · Commits · e / devices / android_kernel_fairphone_FP5

include/linux/tcp.h

+3 −3

Original line number	Diff line number	Diff line
		@@ -393,7 +393,7 @@ struct tcp_sock {
		/* fastopen_rsk points to request_sock that resulted in this big
		* socket. Used to retransmit SYNACKs etc.
		*/
		struct request_sock *fastopen_rsk;
		struct request_sock __rcu *fastopen_rsk;
		u32 *saved_syn;
		};

		@@ -447,8 +447,8 @@ static inline struct tcp_timewait_sock tcp_twsk(const struct sock sk)

		static inline bool tcp_passive_fastopen(const struct sock *sk)
		{
		return (sk->sk_state == TCP_SYN_RECV &&
		tcp_sk(sk)->fastopen_rsk != NULL);
		return sk->sk_state == TCP_SYN_RECV &&
		rcu_access_pointer(tcp_sk(sk)->fastopen_rsk) != NULL;
		}

		static inline void fastopen_queue_tune(struct sock *sk, int backlog)

+1 −1

Original line number	Diff line number	Diff line
		@@ -96,7 +96,7 @@ void reqsk_fastopen_remove(struct sock sk, struct request_sock req,

		fastopenq = &inet_csk(lsk)->icsk_accept_queue.fastopenq;

		tcp_sk(sk)->fastopen_rsk = NULL;
		RCU_INIT_POINTER(tcp_sk(sk)->fastopen_rsk, NULL);
		spin_lock_bh(&fastopenq->lock);
		fastopenq->qlen--;
		tcp_rsk(req)->tfo_listener = false;

+2 −2

Original line number	Diff line number	Diff line
		@@ -906,7 +906,7 @@ static void inet_child_forget(struct sock sk, struct request_sock req,
		percpu_counter_inc(sk->sk_prot->orphan_count);

		if (sk->sk_protocol == IPPROTO_TCP && tcp_rsk(req)->tfo_listener) {
		BUG_ON(tcp_sk(child)->fastopen_rsk != req);
		BUG_ON(rcu_access_pointer(tcp_sk(child)->fastopen_rsk) != req);
		BUG_ON(sk != req->rsk_listener);

		/* Paranoid, to prevent race condition if
		@@ -915,7 +915,7 @@ static void inet_child_forget(struct sock sk, struct request_sock req,
		* Also to satisfy an assertion in
		* tcp_v4_destroy_sock().
		*/
		tcp_sk(child)->fastopen_rsk = NULL;
		RCU_INIT_POINTER(tcp_sk(child)->fastopen_rsk, NULL);
		}
		inet_csk_destroy_sock(child);
		}

+8 −3

Original line number	Diff line number	Diff line
		@@ -543,7 +543,7 @@ __poll_t tcp_poll(struct file file, struct socket sock, poll_table *wait)

		/* Connected or passive Fast Open socket? */
		if (state != TCP_SYN_SENT &&
		(state != TCP_SYN_RECV \|\| tp->fastopen_rsk)) {
		(state != TCP_SYN_RECV \|\| rcu_access_pointer(tp->fastopen_rsk))) {
		int target = sock_rcvlowat(sk, 0, INT_MAX);

		if (tp->urg_seq == tp->copied_seq &&
		@@ -2487,7 +2487,10 @@ void tcp_close(struct sock *sk, long timeout)
		}

		if (sk->sk_state == TCP_CLOSE) {
		struct request_sock *req = tcp_sk(sk)->fastopen_rsk;
		struct request_sock *req;

		req = rcu_dereference_protected(tcp_sk(sk)->fastopen_rsk,
		lockdep_sock_is_held(sk));
		/* We could get here with a non-NULL req if the socket is
		* aborted (e.g., closed with unread data) before 3WHS
		* finishes.
		@@ -3831,8 +3834,10 @@ EXPORT_SYMBOL(tcp_md5_hash_key);

		void tcp_done(struct sock *sk)
		{
		struct request_sock *req = tcp_sk(sk)->fastopen_rsk;
		struct request_sock *req;

		req = rcu_dereference_protected(tcp_sk(sk)->fastopen_rsk,
		lockdep_sock_is_held(sk));
		if (sk->sk_state == TCP_SYN_SENT \|\| sk->sk_state == TCP_SYN_RECV)
		TCP_INC_STATS(sock_net(sk), TCP_MIB_ATTEMPTFAILS);

+1 −1

Original line number	Diff line number	Diff line
		@@ -253,7 +253,7 @@ static struct sock tcp_fastopen_create_child(struct sock sk,
		*/
		tp = tcp_sk(child);

		tp->fastopen_rsk = req;
		rcu_assign_pointer(tp->fastopen_rsk, req);
		tcp_rsk(req)->tfo_listener = true;

		/* RFC1323: The window in SYN & SYN/ACK segments is never