Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 85017869 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files

tcp/dccp: fix inet_reuseport_add_sock() 



David Ahern reported panics in __inet_hash() caused by my recent commit.

The reason is inet_reuseport_add_sock() was still using
sk_nulls_for_each_rcu() instead of sk_for_each_rcu().
SO_REUSEPORT enabled listeners were causing an instant crash.

While chasing this bug, I found that I forgot to clear SOCK_RCU_FREE
flag, as it is inherited from the parent at clone time.

Fixes: 3b24d854 ("tcp/dccp: do not touch listener sk_refcnt under synflood")
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Reported-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
Tested-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 94ab1ea9

net/ipv4/inet_connection_sock.c

+3 −0
Original line number Original line Diff line number Diff line
@@ -661,6 +661,9 @@ struct sock *inet_csk_clone_lock(const struct sock *sk, 
		inet_sk(newsk)->inet_sport = htons(inet_rsk(req)->ir_num);

		inet_sk(newsk)->inet_sport = htons(inet_rsk(req)->ir_num);

		newsk->sk_write_space = sk_stream_write_space;

		newsk->sk_write_space = sk_stream_write_space;





		/* listeners have SOCK_RCU_FREE, not the children */

		sock_reset_flag(newsk, SOCK_RCU_FREE);



		newsk->sk_mark = inet_rsk(req)->ir_mark;

		newsk->sk_mark = inet_rsk(req)->ir_mark;

		atomic64_set(&newsk->sk_cookie,

		atomic64_set(&newsk->sk_cookie,

			     atomic64_read(&inet_rsk(req)->ir_cookie));

			     atomic64_read(&inet_rsk(req)->ir_cookie));

net/ipv4/inet_hashtables.c

+1 −2
Original line number Original line Diff line number Diff line
@@ -439,10 +439,9 @@ static int inet_reuseport_add_sock(struct sock *sk, 
						     bool match_wildcard))

						     bool match_wildcard))

{

{

	struct sock *sk2;

	struct sock *sk2;

	struct hlist_nulls_node *node;

	kuid_t uid = sock_i_uid(sk);

	kuid_t uid = sock_i_uid(sk);





	sk_nulls_for_each_rcu(sk2, node, &ilb->head) {

	sk_for_each_rcu(sk2, &ilb->head) {

		if (sk2 != sk &&

		if (sk2 != sk &&

		    sk2->sk_family == sk->sk_family &&

		    sk2->sk_family == sk->sk_family &&

		    ipv6_only_sock(sk2) == ipv6_only_sock(sk) &&

		    ipv6_only_sock(sk2) == ipv6_only_sock(sk) &&