acrn-kernel/net/ipv4
Craig Gallek 1b5f962e71 soreuseport: fix initialization race
Syzkaller stumbled upon a way to trigger
WARNING: CPU: 1 PID: 13881 at net/core/sock_reuseport.c:41
reuseport_alloc+0x306/0x3b0 net/core/sock_reuseport.c:39

There are two initialization paths for the sock_reuseport structure in a
socket: Through the udp/tcp bind paths of SO_REUSEPORT sockets or through
SO_ATTACH_REUSEPORT_[CE]BPF before bind.  The existing implementation
assumedthat the socket lock protected both of these paths when it actually
only protects the SO_ATTACH_REUSEPORT path.  Syzkaller triggered this
double allocation by running these paths concurrently.

This patch moves the check for double allocation into the reuseport_alloc
function which is protected by a global spin lock.

Fixes: e32ea7e747 ("soreuseport: fast reuseport UDP socket selection")
Fixes: c125e80b88 ("soreuseport: fast reuseport TCP socket selection")
Signed-off-by: Craig Gallek <kraig@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-22 02:03:51 +01:00
..
netfilter netfilter: SYNPROXY: skip non-tcp packet in {ipv4, ipv6}_synproxy_hook 2017-10-09 13:08:39 +02:00
Kconfig ip: update policy routing config help 2017-10-12 22:57:11 -07:00
Makefile
af_inet.c net: Add comment that early_demux can change via sysctl 2017-08-28 15:17:29 -07:00
ah4.c
arp.c neigh: increase queue_len_bytes to match wmem_default 2017-08-29 16:10:50 -07:00
cipso_ipv4.c tcp/dccp: fix ireq->opt races 2017-10-21 01:33:19 +01:00
datagram.c
devinet.c
esp4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
esp4_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
fib_frontend.c
fib_lookup.h ipv4: do metrics match when looking up and deleting a route 2017-08-23 20:37:10 -07:00
fib_notifier.c net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib_rules.c
fib_semantics.c ipv4: do metrics match when looking up and deleting a route 2017-08-23 20:37:10 -07:00
fib_trie.c ipv4: do metrics match when looking up and deleting a route 2017-08-23 20:37:10 -07:00
fou.c
gre_demux.c
gre_offload.c gso: fix payload length when gso_size is zero 2017-10-08 10:12:15 -07:00
icmp.c
igmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-21 17:06:42 -07:00
inet_connection_sock.c tcp/dccp: fix ireq->opt races 2017-10-21 01:33:19 +01:00
inet_diag.c inet_diag: allow protocols to provide additional data 2017-09-01 18:38:09 -07:00
inet_fragment.c Revert "net: use lib/percpu_counter API for fragmentation mem accounting" 2017-09-03 11:01:05 -07:00
inet_hashtables.c soreuseport: fix initialization race 2017-10-22 02:03:51 +01:00
inet_timewait_sock.c
inetpeer.c inetpeer: fix RCU lookup() again 2017-09-28 09:39:34 -07:00
ip_forward.c
ip_fragment.c Revert "net: fix percpu memory leaks" 2017-09-03 11:01:05 -07:00
ip_gre.c ip_gre: erspan device should keep dst 2017-10-01 22:30:32 -07:00
ip_input.c IPv4: early demux can return an error code 2017-10-01 03:55:47 +01:00
ip_options.c
ip_output.c udp: remove unreachable ufo branches 2017-08-22 14:27:18 -07:00
ip_sockglue.c net: ipv4: fix l3slave check for index returned in IP_PKTINFO 2017-09-15 14:27:51 -07:00
ip_tunnel.c ip_tunnel: fix ip tunnel lookup in collect_md mode 2017-09-12 20:45:31 -07:00
ip_tunnel_core.c
ip_vti.c vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit 2017-09-26 09:58:21 -07:00
ipcomp.c
ipconfig.c
ipip.c
ipmr.c
netfilter.c
ping.c
proc.c tcp: Revert "tcp: remove header prediction" 2017-08-30 11:20:09 -07:00
protocol.c
raw.c
raw_diag.c
route.c ipv4: Fix traffic triggered IPsec connections. 2017-10-09 09:39:50 -07:00
syncookies.c tcp/dccp: fix ireq->opt races 2017-10-21 01:33:19 +01:00
sysctl_net_ipv4.c
tcp.c net: prepare (struct ubuf_info)->refcnt conversion 2017-09-01 20:22:03 -07:00
tcp_bbr.c
tcp_bic.c
tcp_cdg.c
tcp_cong.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
tcp_cubic.c
tcp_dctcp.c
tcp_diag.c tcp_diag: report TCP MD5 signing keys and addresses 2017-09-01 18:38:09 -07:00
tcp_fastopen.c tcp: Remove the unused parameter for tcp_try_fastopen. 2017-08-22 14:16:12 -07:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp/dccp: fix ireq->opt races 2017-10-21 01:33:19 +01:00
tcp_ipv4.c tcp/dccp: fix ireq->opt races 2017-10-21 01:33:19 +01:00
tcp_lp.c
tcp_metrics.c
tcp_minisocks.c tcp: Revert "tcp: remove header prediction" 2017-08-30 11:20:09 -07:00
tcp_nv.c
tcp_offload.c
tcp_output.c tcp: fastopen: fix on syn-data transmit failure 2017-09-19 16:16:51 -07:00
tcp_probe.c
tcp_rate.c
tcp_recovery.c
tcp_scalable.c
tcp_timer.c
tcp_ulp.c tcp: ulp: avoid module refcnt leak in tcp_set_ulp 2017-08-14 22:17:05 -07:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c tcp: Revert "tcp: remove CA_ACK_SLOWPATH" 2017-08-30 11:20:08 -07:00
tcp_yeah.c
tunnel4.c
udp.c soreuseport: fix initialization race 2017-10-22 02:03:51 +01:00
udp_diag.c
udp_impl.h
udp_offload.c gso: fix payload length when gso_size is zero 2017-10-08 10:12:15 -07:00
udp_tunnel.c
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c