-
- Downloads
tcp: add rcu protection around tp->fastopen_rsk
Both tcp_v4_err() and tcp_v6_err() do the following operations while they do not own the socket lock : fastopen = tp->fastopen_rsk; snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una; The problem is that without appropriate barrier, the compiler might reload tp->fastopen_rsk and trigger a NULL deref. request sockets are protected by RCU, we can simply add the missing annotations and barriers to solve the issue. Fixes: 168a8f58 ("tcp: TCP Fast Open Server - main code path") Signed-off-by:Eric Dumazet <edumazet@google.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
Showing
- include/linux/tcp.h 3 additions, 3 deletionsinclude/linux/tcp.h
- net/core/request_sock.c 1 addition, 1 deletionnet/core/request_sock.c
- net/ipv4/inet_connection_sock.c 2 additions, 2 deletionsnet/ipv4/inet_connection_sock.c
- net/ipv4/tcp.c 8 additions, 3 deletionsnet/ipv4/tcp.c
- net/ipv4/tcp_fastopen.c 1 addition, 1 deletionnet/ipv4/tcp_fastopen.c
- net/ipv4/tcp_input.c 9 additions, 4 deletionsnet/ipv4/tcp_input.c
- net/ipv4/tcp_ipv4.c 2 additions, 2 deletionsnet/ipv4/tcp_ipv4.c
- net/ipv4/tcp_minisocks.c 1 addition, 1 deletionnet/ipv4/tcp_minisocks.c
- net/ipv4/tcp_output.c 1 addition, 1 deletionnet/ipv4/tcp_output.c
- net/ipv4/tcp_timer.c 6 additions, 5 deletionsnet/ipv4/tcp_timer.c
- net/ipv6/tcp_ipv6.c 1 addition, 1 deletionnet/ipv6/tcp_ipv6.c
Loading
Please register or sign in to comment