diff options
| author | Srinivasarao P <spathi@codeaurora.org> | 2017-12-26 17:35:16 +0530 |
|---|---|---|
| committer | Srinivasarao P <spathi@codeaurora.org> | 2017-12-26 17:37:19 +0530 |
| commit | 9841ef2ef2d380f47d37d5f3e505fa1bb44f9ec6 (patch) | |
| tree | 49ad59fdd8941fb08eefc8383f29e576f59e766a /net/ipv4/tcp_ipv4.c | |
| parent | 202fde333dc0065e2f2ca3539f5a06a9126f896d (diff) | |
| parent | 7eab308a49db1596e7dca26bbcaffdedf6818e9b (diff) | |
Merge android-4.4.99 (7eab308) into msm-4.4
* refs/heads/tmp-7eab308
Linux 4.4.99
misc: panel: properly restore atomic counter on error path
target: Fix node_acl demo-mode + uncached dynamic shutdown regression
target/iscsi: Fix iSCSI task reassignment handling
brcmfmac: remove setting IBSS mode when stopping AP
tipc: fix link attribute propagation bug
security/keys: add CONFIG_KEYS_COMPAT to Kconfig
tcp/dccp: fix other lockdep splats accessing ireq_opt
tcp/dccp: fix lockdep splat in inet_csk_route_req()
tcp/dccp: fix ireq->opt races
ipip: only increase err_count for some certain type icmp in ipip_err
ppp: fix race in ppp device destruction
sctp: reset owner sk for data chunks on out queues when migrating a sock
tun: allow positive return values on dev_get_valid_name() call
ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
net/unix: don't show information about sockets from other namespaces
ipv6: flowlabel: do not leave opt->tot_len with garbage
packet: avoid panic in packet_getsockopt()
sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
tun: call dev_get_valid_name() before register_netdevice()
l2tp: check ps->sock before running pppol2tp_session_ioctl()
tcp: fix tcp_mtu_probe() vs highest_sack
tun/tap: sanitize TUNSETSNDBUF input
ALSA: seq: Cancel pending autoload work at unbinding device
Input: ims-psu - check if CDC union descriptor is sane
usb: usbtest: fix NULL pointer dereference
mac80211: don't compare TKIP TX MIC key in reinstall prevention
mac80211: use constant time comparison with keys
mac80211: accept key reinstall without changing anything
FROMLIST: binder: fix proc->files use-after-free
Change-Id: I9aaf4f803a5da1fc983879a214b2fddda7879f41
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Diffstat (limited to 'net/ipv4/tcp_ipv4.c')
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 3845ab04a9b4..30d4e38a6241 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -860,7 +860,7 @@ static int tcp_v4_send_synack(const struct sock *sk, struct dst_entry *dst, err = ip_build_and_send_pkt(skb, sk, ireq->ir_loc_addr, ireq->ir_rmt_addr, - ireq->opt); + ireq_opt_deref(ireq)); err = net_xmit_eval(err); } @@ -872,7 +872,7 @@ static int tcp_v4_send_synack(const struct sock *sk, struct dst_entry *dst, */ static void tcp_v4_reqsk_destructor(struct request_sock *req) { - kfree(inet_rsk(req)->opt); + kfree(rcu_dereference_protected(inet_rsk(req)->ireq_opt, 1)); } @@ -1201,7 +1201,7 @@ static void tcp_v4_init_req(struct request_sock *req, sk_rcv_saddr_set(req_to_sk(req), ip_hdr(skb)->daddr); sk_daddr_set(req_to_sk(req), ip_hdr(skb)->saddr); ireq->no_srccheck = inet_sk(sk_listener)->transparent; - ireq->opt = tcp_v4_save_options(skb); + RCU_INIT_POINTER(ireq->ireq_opt, tcp_v4_save_options(skb)); } static struct dst_entry *tcp_v4_route_req(const struct sock *sk, @@ -1297,10 +1297,9 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, ireq = inet_rsk(req); sk_daddr_set(newsk, ireq->ir_rmt_addr); sk_rcv_saddr_set(newsk, ireq->ir_loc_addr); - newinet->inet_saddr = ireq->ir_loc_addr; - inet_opt = ireq->opt; - rcu_assign_pointer(newinet->inet_opt, inet_opt); - ireq->opt = NULL; + newinet->inet_saddr = ireq->ir_loc_addr; + inet_opt = rcu_dereference(ireq->ireq_opt); + RCU_INIT_POINTER(newinet->inet_opt, inet_opt); newinet->mc_index = inet_iif(skb); newinet->mc_ttl = ip_hdr(skb)->ttl; newinet->rcv_tos = ip_hdr(skb)->tos; @@ -1348,9 +1347,12 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, if (__inet_inherit_port(sk, newsk) < 0) goto put_and_exit; *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash)); - if (*own_req) + if (likely(*own_req)) { tcp_move_syn(newtp, req); - + ireq->ireq_opt = NULL; + } else { + newinet->inet_opt = NULL; + } return newsk; exit_overflow: @@ -1361,6 +1363,7 @@ exit: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); return NULL; put_and_exit: + newinet->inet_opt = NULL; inet_csk_prepare_forced_close(newsk); tcp_done(newsk); goto exit; |