Commit 4f0f2121 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge branch 'tcp-udp-fix-memory-leaks-and-data-races-around-ipv6_addrform' 

Kuniyuki Iwashima says:

====================
tcp/udp: Fix memory leaks and data races around IPV6_ADDRFORM.

This series fixes some memory leaks and data races caused in the
same scenario where one thread converts an IPv6 socket into IPv4
with IPV6_ADDRFORM and another accesses the socket concurrently.

  v4: https://lore.kernel.org/netdev/20221004171802.40968-1-kuniyu@amazon.com/
  v3 (Resend): https://lore.kernel.org/netdev/20221003154425.49458-1-kuniyu@amazon.com/
  v3: https://lore.kernel.org/netdev/20220929012542.55424-1-kuniyu@amazon.com/
  v2: https://lore.kernel.org/netdev/20220928002741.64237-1-kuniyu@amazon.com/
  v1: https://lore.kernel.org/netdev/20220927161209.32939-1-kuniyu@amazon.com/
====================

Link: https://lore.kernel.org/r/20221006185349.74777-1-kuniyu@amazon.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 3a732b46 f49cd2f4

include/net/ipv6.h

+2 −0
Original line number Diff line number Diff line
@@ -1182,6 +1182,8 @@ void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err, __be16 port, 
void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info);

void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu);



void inet6_cleanup_sock(struct sock *sk);

void inet6_sock_destruct(struct sock *sk);

int inet6_release(struct socket *sock);

int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len);

int inet6_getname(struct socket *sock, struct sockaddr *uaddr,

include/net/udp.h

+1 −1
Original line number Diff line number Diff line
@@ -247,7 +247,7 @@ static inline bool udp_sk_bound_dev_eq(struct net *net, int bound_dev_if, 
}



/* net/ipv4/udp.c */

void udp_destruct_sock(struct sock *sk);

void udp_destruct_common(struct sock *sk);

void skb_consume_udp(struct sock *sk, struct sk_buff *skb, int len);

int __udp_enqueue_schedule_skb(struct sock *sk, struct sk_buff *skb);

void udp_skb_destructor(struct sock *sk, struct sk_buff *skb);

include/net/udplite.h

+0 −8
Original line number Diff line number Diff line
@@ -25,14 +25,6 @@ static __inline__ int udplite_getfrag(void *from, char *to, int offset, 
	return copy_from_iter_full(to, len, &msg->msg_iter) ? 0 : -EFAULT;

}



/* Designate sk as UDP-Lite socket */

static inline int udplite_sk_init(struct sock *sk)

{

	udp_init_sock(sk);

	udp_sk(sk)->pcflag = UDPLITE_BIT;

	return 0;

}



/*

 * 	Checksumming routines

 */

net/core/sock.c

+4 −2
Original line number Diff line number Diff line
@@ -3610,7 +3610,8 @@ int sock_common_getsockopt(struct socket *sock, int level, int optname, 
{

	struct sock *sk = sock->sk;



	return sk->sk_prot->getsockopt(sk, level, optname, optval, optlen);

	/* IPV6_ADDRFORM can change sk->sk_prot under us. */

	return READ_ONCE(sk->sk_prot)->getsockopt(sk, level, optname, optval, optlen);

}

EXPORT_SYMBOL(sock_common_getsockopt);
@@ -3636,7 +3637,8 @@ int sock_common_setsockopt(struct socket *sock, int level, int optname, 
{

	struct sock *sk = sock->sk;



	return sk->sk_prot->setsockopt(sk, level, optname, optval, optlen);

	/* IPV6_ADDRFORM can change sk->sk_prot under us. */

	return READ_ONCE(sk->sk_prot)->setsockopt(sk, level, optname, optval, optlen);

}

EXPORT_SYMBOL(sock_common_setsockopt);

net/ipv4/af_inet.c

+16 −7
Original line number Diff line number Diff line
@@ -558,22 +558,27 @@ int inet_dgram_connect(struct socket *sock, struct sockaddr *uaddr, 
		       int addr_len, int flags)

{

	struct sock *sk = sock->sk;

	const struct proto *prot;

	int err;



	if (addr_len < sizeof(uaddr->sa_family))

		return -EINVAL;



	/* IPV6_ADDRFORM can change sk->sk_prot under us. */

	prot = READ_ONCE(sk->sk_prot);



	if (uaddr->sa_family == AF_UNSPEC)

		return sk->sk_prot->disconnect(sk, flags);

		return prot->disconnect(sk, flags);



	if (BPF_CGROUP_PRE_CONNECT_ENABLED(sk)) {

		err = sk->sk_prot->pre_connect(sk, uaddr, addr_len);

		err = prot->pre_connect(sk, uaddr, addr_len);

		if (err)

			return err;

	}



	if (data_race(!inet_sk(sk)->inet_num) && inet_autobind(sk))

		return -EAGAIN;

	return sk->sk_prot->connect(sk, uaddr, addr_len);

	return prot->connect(sk, uaddr, addr_len);

}

EXPORT_SYMBOL(inet_dgram_connect);
@@ -734,10 +739,11 @@ EXPORT_SYMBOL(inet_stream_connect); 
int inet_accept(struct socket *sock, struct socket *newsock, int flags,

		bool kern)

{

	struct sock *sk1 = sock->sk;

	struct sock *sk1 = sock->sk, *sk2;

	int err = -EINVAL;

	struct sock *sk2 = sk1->sk_prot->accept(sk1, flags, &err, kern);



	/* IPV6_ADDRFORM can change sk->sk_prot under us. */

	sk2 = READ_ONCE(sk1->sk_prot)->accept(sk1, flags, &err, kern);

	if (!sk2)

		goto do_err;
@@ -825,12 +831,15 @@ ssize_t inet_sendpage(struct socket *sock, struct page *page, int offset, 
		      size_t size, int flags)

{

	struct sock *sk = sock->sk;

	const struct proto *prot;



	if (unlikely(inet_send_prepare(sk)))

		return -EAGAIN;



	if (sk->sk_prot->sendpage)

		return sk->sk_prot->sendpage(sk, page, offset, size, flags);

	/* IPV6_ADDRFORM can change sk->sk_prot under us. */

	prot = READ_ONCE(sk->sk_prot);

	if (prot->sendpage)

		return prot->sendpage(sk, page, offset, size, flags);

	return sock_no_sendpage(sock, page, offset, size, flags);

}

EXPORT_SYMBOL(inet_sendpage);