net/dccp · v4.1.27 · Upstream / linux-stable

tcp/dccp: fix timewait races in timer handling

Eric Dumazet authored 9 years ago

[ Upstream commit ed2e9239 ]

When creating a timewait socket, we need to arm the timer before
allowing other cpus to find it. The signal allowing cpus to find
the socket is setting tw_refcnt to non zero value.

As we set tw_refcnt in __inet_twsk_hashdance(), we therefore need to
call inet_twsk_schedule() first.

This also means we need to remove tw_refcnt changes from
inet_twsk_schedule() and let the caller handle it.

Note that because we use mod_timer_pinned(), we have the guarantee
the timer wont expire before we set tw_refcnt as we run in BH context.

To make things more readable I introduced inet_twsk_reschedule() helper.

When rearming the timer, we can use mod_timer_pending() to make sure
we do not rearm a canceled timer.

Note: This bug can possibly trigger if packets of a flow can hit
multiple cpus. This does not normally happen, unless flow steering
is broken somehow. This explains this bug was spotted ~5 months afte...

479b539a

Name	Last commit	Last update
..
ccids	dccp: re-enable debug macro	11 years ago
Kconfig	net/dccp: remove depends on CONFIG_EXPERIMENTAL	12 years ago
Makefile	dccp: Policy-based packet dequeueing infrastructure	14 years ago
ackvec.c	dccp: replace min/casting by min_t	10 years ago
ackvec.h	net: dccp: Remove extern from function prototypes	11 years ago
ccid.c	net/dccp/ccid.c: add __init to ccid_activate	10 years ago
ccid.h	net: dccp: Remove extern from function prototypes	11 years ago
dccp.h	ipv4: dccp: handle ICMP messages on DCCP_NEW_SYN_RECV request sockets	10 years ago
diag.c	inet_diag: add const to inet_diag_req_v2	10 years ago
feat.c	dccp: kerneldoc warning fixes	10 years ago
feat.h	net: dccp: Remove extern from function prototypes	11 years ago
input.c	dccp: spelling s/reseting/resetting	10 years ago
ipv4.c	inet: fix possible panic in reqsk_queue_unlink()	10 years ago
ipv6.c	ipv6: add complete rcu protection around np->opt	9 years ago
ipv6.h	inet: includes a sock_common in request_sock	11 years ago
minisocks.c	tcp/dccp: fix timewait races in timer handling	9 years ago
options.c	dccp: remove obsolete code	11 years ago
output.c	ipv4: add a sock pointer to ip_queue_xmit()	11 years ago
probe.c	net: Remove iocb argument from sendmsg and recvmsg	10 years ago
proto.c	net: Remove iocb argument from sendmsg and recvmsg	10 years ago
qpolicy.c	dccp qpolicy: Parameter checking of cmsg qpolicy parameters	14 years ago
sysctl.c	dccp: make the request_retries minimum is 1	11 years ago
timer.c	inet: get rid of central tcp/dccp listener timer	10 years ago

GitLab

Menu

Download source code

Download this directory