averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-04-14 09:57:39 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c59358338c0b933f80098eec1f71d500c644962e
linux-stable-mirror/net/ipv4
History
Xuanqiang Luo fe89feb2bd inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() 
[ Upstream commit b8ec80b130 ]

Since ehash lookups are lockless, if another CPU is converting sk to tw
concurrently, fetching the newly inserted tw with tw->tw_refcnt == 0 cause
lookup failure.

The call trace map is drawn as follows:
   CPU 0                                CPU 1
   -----                                -----
				     inet_twsk_hashdance_schedule()
				     spin_lock()
				     inet_twsk_add_node_rcu(tw, ...)
__inet_lookup_established()
(find tw, failure due to tw_refcnt = 0)
				     __sk_nulls_del_node_init_rcu(sk)
				     refcount_set(&tw->tw_refcnt, 3)
				     spin_unlock()

By replacing sk with tw atomically via hlist_nulls_replace_init_rcu() after
setting tw_refcnt, we ensure that tw is either fully initialized or not
visible to other CPUs, eliminating the race.

It's worth noting that we held lock_sock() before the replacement, so
there's no need to check if sk is hashed. Thanks to Kuniyuki Iwashima!

Fixes: 3ab5aee7fe ("net: Convert TCP & DCCP hash tables to use RCU / hlist_nulls")
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Jiayuan Chen <jiayuan.chen@linux.dev>
Signed-off-by: Xuanqiang Luo <luoxuanqiang@kylinos.cn>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20251015020236.431822-4-xuanqiang.luo@linux.dev
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-12-18 13:54:44 +01:00
..
netfilter
netfilter: nf_reject: don't reply to icmp error messages
2025-11-13 15:34:23 -05:00
af_inet.c
net: inet: do not leave a dangling sk pointer in inet_create()
2024-12-14 20:03:47 +01:00
ah4.c
arp.c
arp: switch to dev_getbyhwaddr() in arp_req_set_public()
2025-02-27 04:30:18 -08:00
bpf_tcp_ca.c
bpf: Check unsupported ops from the bpf_struct_ops's cfi_stubs
2024-07-29 12:54:13 -07:00
cipso_ipv4.c
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
datagram.c
devinet.c
ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
2025-09-09 18:58:13 +02:00
esp4_offload.c
xfrm: Determine inner GSO type from packet inner protocol
2025-12-01 11:43:29 +01:00
esp4.c
espintcp: remove encap socket caching to avoid reference leak
2025-05-29 11:03:14 +02:00
fib_frontend.c
ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
2025-05-29 11:02:32 +02:00
fib_lookup.h
fib_notifier.c
fib_rules.c
ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure().
2025-05-29 11:02:57 +02:00
fib_semantics.c
ipv4: delete redundant judgment statements
2024-08-23 14:27:45 +01:00
fib_trie.c
ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
2025-05-29 11:02:32 +02:00
fou_bpf.c
fou_core.c
fou: fix initialization of grc
2024-09-09 17:21:47 -07:00
fou_nl.c
fou_nl.h
gre_demux.c
gre_offload.c
icmp.c
ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
2025-10-23 16:20:45 +02:00
igmp.c
ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
2025-10-23 16:20:45 +02:00
inet_connection_sock.c
tcp: Fix use-after-free of nreq in reqsk_timer_handler().
2024-12-05 14:02:35 +01:00
inet_diag.c
inet_diag: annotate data-races in inet_diag_bc_sk()
2025-11-13 15:34:17 -05:00
inet_fragment.c
inet_hashtables.c
inet: Avoid ehash lookup race in inet_ehash_insert()
2025-12-18 13:54:44 +01:00
inet_timewait_sock.c
inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule()
2025-12-18 13:54:44 +01:00
inetpeer.c
inetpeer: do not get a refcount in inet_getpeer()
2025-02-08 09:57:06 +01:00
ip_forward.c
ip_fragment.c
ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
2025-10-23 16:20:45 +02:00
ip_gre.c
ipv4: ip_gre: Fix set but not used warning in ipgre_err() if IPv4-only
2025-05-29 11:03:01 +02:00
ip_input.c
net: ipv4: allow directed broadcast routes to use dst hint
2025-11-13 15:34:15 -05:00
ip_options.c
ipv4: Convert ip_route_input() to dscp_t.
2025-03-07 18:25:29 +01:00
ip_output.c
net: Add locking to protect skb->dev access in ip_output
2025-10-23 16:20:45 +02:00
ip_sockglue.c
ip_tunnel_core.c
tunnels: reset the GSO metadata before reusing the skb
2025-09-19 16:35:48 +02:00
ip_tunnel.c
net/ip6_tunnel: Prevent perpetual tunnel growth
2025-10-23 16:20:29 +02:00
ip_vti.c
ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
2025-10-23 16:20:45 +02:00
ipcomp.c
xfrm: delete x->tunnel as we delete x
2025-12-12 18:37:17 +01:00
ipconfig.c
ipip.c
netdev_features: convert NETIF_F_LLTX to dev->lltx
2024-09-03 11:36:43 +02:00
ipmr_base.c
ipmr: do not call mr_mfc_uses_dev() for unres entries
2025-02-08 09:58:02 +01:00
ipmr.c
inet: ipmr: fix data-races
2025-02-08 09:57:23 +01:00
Kconfig
net/tcp: Expand goo.gl link
2024-07-30 18:35:12 -07:00
Makefile
metrics.c
netfilter.c
ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
2025-10-23 16:20:45 +02:00
netlink.c
nexthop.c
net: When removing nexthops, don't call synchronize_net if it is not necessary
2025-11-13 15:34:14 -05:00
ping.c
inet: ping: check sock_net() in ping_get_port() and ping_lookup()
2025-10-15 12:00:07 +02:00
proc.c
minmax: add a few more MIN_T/MAX_T users
2024-07-28 13:41:14 -07:00
protocol.c
raw_diag.c
raw.c
route.c
ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
2025-11-24 10:36:00 +01:00
syncookies.c
sysctl_net_ipv4.c
icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns
2024-08-30 11:14:06 -07:00
tcp_ao.c
net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR
2025-09-25 11:13:42 +02:00
tcp_bbr.c
tcp_bic.c
tcp_bpf.c
tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.
2025-09-19 16:35:45 +02:00
tcp_cdg.c
tcp_cong.c
tcp: Replace strncpy() with strscpy()
2024-07-16 07:52:15 -07:00
tcp_cubic.c
tcp_cubic: fix incorrect HyStart round start detection
2025-02-08 09:57:25 +01:00
tcp_dctcp.c
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c
tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
2025-11-13 15:34:17 -05:00
tcp_highspeed.c
tcp_htcp.c
tcp: Use clamp() in htcp_alpha_update()
2024-08-06 12:16:25 -07:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c
tcp: cache RTAX_QUICKACK metric in a hot cache line
2025-10-23 16:20:45 +02:00
tcp_ipv4.c
ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
2025-10-23 16:20:45 +02:00
tcp_lp.c
tcp_metrics.c
ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
2025-10-23 16:20:45 +02:00
tcp_minisocks.c
tcp: Defer ts_recent changes until req is owned
2025-03-07 18:25:33 +01:00
tcp_nv.c
tcp_offload.c
net: fix segmentation after TCP/UDP fraglist GRO
2025-07-24 08:56:33 +02:00
tcp_output.c
tcp: fix tcp_tso_should_defer() vs large RTT
2025-10-23 16:20:29 +02:00
tcp_plb.c
tcp_rate.c
tcp_recovery.c
tcp_scalable.c
tcp_sigpool.c
tcp_timer.c
mptcp: fallback to TCP after SYN+MPC drops
2024-09-11 15:57:50 -07:00
tcp_ulp.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c
net: devmem: expose tcp_recvmsg_locked errors
2025-11-13 15:34:23 -05:00
tunnel4.c
udp_bpf.c
udp_diag.c
udp_impl.h
udp_offload.c
udp: also consider secpath when evaluating ipsec use for checksumming
2025-08-20 18:30:17 +02:00
udp_tunnel_core.c
ipv4: udp_tunnel: Unmask upper DSCP bits in udp_tunnel_dst_lookup()
2024-09-09 14:14:53 +01:00
udp_tunnel_nic.c
udp_tunnel: use netdev_warn() instead of netdev_WARN()
2025-11-13 15:34:23 -05:00
udp_tunnel_stub.c
udp.c
udp: Fix memory accounting leak.
2025-04-10 14:39:34 +02:00
udplite.c
xfrm4_input.c
xfrm: Set transport header to fix UDP GRO handling
2025-08-01 09:48:40 +01:00
xfrm4_output.c
ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
2025-10-23 16:20:45 +02:00
xfrm4_policy.c
xfrm: respect ip protocols rules criteria when performing dst lookups
2024-09-23 07:02:07 +02:00
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c