mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 18:11:39 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/ipv4
History
Eric Dumazet 88cd232146 tcp: tcp_rtx_synack() can be called from process context 
[ Upstream commit 0a375c8224 ]

Laurent reported the enclosed report [1]

This bug triggers with following coditions:

0) Kernel built with CONFIG_DEBUG_PREEMPT=y

1) A new passive FastOpen TCP socket is created.
   This FO socket waits for an ACK coming from client to be a complete
   ESTABLISHED one.
2) A socket operation on this socket goes through lock_sock()
   release_sock() dance.
3) While the socket is owned by the user in step 2),
   a retransmit of the SYN is received and stored in socket backlog.
4) At release_sock() time, the socket backlog is processed while
   in process context.
5) A SYNACK packet is cooked in response of the SYN retransmit.
6) -> tcp_rtx_synack() is called in process context.

Before blamed commit, tcp_rtx_synack() was always called from BH handler,
from a timer handler.

Fix this by using TCP_INC_STATS() & NET_INC_STATS()
which do not assume caller is in non preemptible context.

[1]
BUG: using __this_cpu_add() in preemptible [00000000] code: epollpep/2180
caller is tcp_rtx_synack.part.0+0x36/0xc0
CPU: 10 PID: 2180 Comm: epollpep Tainted: G           OE     5.16.0-0.bpo.4-amd64 #1  Debian 5.16.12-1~bpo11+1
Hardware name: Supermicro SYS-5039MC-H8TRF/X11SCD-F, BIOS 1.7 11/23/2021
Call Trace:
 <TASK>
 dump_stack_lvl+0x48/0x5e
 check_preemption_disabled+0xde/0xe0
 tcp_rtx_synack.part.0+0x36/0xc0
 tcp_rtx_synack+0x8d/0xa0
 ? kmem_cache_alloc+0x2e0/0x3e0
 ? apparmor_file_alloc_security+0x3b/0x1f0
 inet_rtx_syn_ack+0x16/0x30
 tcp_check_req+0x367/0x610
 tcp_rcv_state_process+0x91/0xf60
 ? get_nohz_timer_target+0x18/0x1a0
 ? lock_timer_base+0x61/0x80
 ? preempt_count_add+0x68/0xa0
 tcp_v4_do_rcv+0xbd/0x270
 __release_sock+0x6d/0xb0
 release_sock+0x2b/0x90
 sock_setsockopt+0x138/0x1140
 ? __sys_getsockname+0x7e/0xc0
 ? aa_sk_perm+0x3e/0x1a0
 __sys_setsockopt+0x198/0x1e0
 __x64_sys_setsockopt+0x21/0x30
 do_syscall_64+0x38/0xc0
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Fixes: 168a8f5805 ("tcp: TCP Fast Open Server - main code path")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Laurent Fasnacht <laurent.fasnacht@proton.ch>
Acked-by: Neal Cardwell <ncardwell@google.com>
Link: https://lore.kernel.org/r/20220530213713.601888-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-06-14 18:36:12 +02:00
..
bpfilter
netfilter netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() 2022-01-27 11:03:50 +01:00
af_inet.c gso: do not skip outer ip header in case of ipip and net_failover 2022-03-02 11:47:56 +01:00
ah4.c Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
arp.c ipv4: Invalidate neighbour for broadcast address upon address addition 2022-04-13 20:59:05 +02:00
bpf_tcp_ca.c bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs 2021-11-25 09:49:07 +01:00
cipso_ipv4.c net: remove the unnecessary check in cipso_v4_doi_free 2021-09-03 13:52:29 +01:00
datagram.c
devinet.c net: return correct error code 2021-12-08 09:04:38 +01:00
esp4.c esp: limit skb_page_frag_refill use to a single page 2022-04-27 14:38:52 +02:00
esp4_offload.c esp: Fix BEET mode inter address family tunneling on GSO 2022-03-16 14:23:36 +01:00
fib_frontend.c ipv4: Invalidate neighbour for broadcast address upon address addition 2022-04-13 20:59:05 +02:00
fib_lookup.h ipv4: fix data races in fib_alias_hw_flags_set 2022-02-23 12:03:10 +01:00
fib_notifier.c
fib_rules.c ipv4: convert fib_num_tclassid_users to atomic_t 2021-12-08 09:04:49 +01:00
fib_semantics.c net: ipv4: fix route with nexthop object delete warning 2022-04-13 20:59:16 +02:00
fib_trie.c ipv4: fix data races in fib_alias_hw_flags_set 2022-02-23 12:03:10 +01:00
fou.c fou: remove sparse errors 2021-08-31 12:03:33 +01:00
gre_demux.c
gre_offload.c
icmp.c icmp: fix icmp_ext_echo_iio parsing in icmp_build_probe 2021-10-14 07:54:47 -07:00
igmp.c net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() 2022-05-12 12:30:17 +02:00
inet_connection_sock.c inet: use #ifdef CONFIG_SOCK_RX_QUEUE_MAPPING consistently 2021-12-17 10:30:13 +01:00
inet_diag.c inet_diag: fix kernel-infoleak for UDP sockets 2021-12-22 09:32:40 +01:00
inet_fragment.c inet: frags: annotate races around fqdir->dead and fqdir->high_thresh 2022-01-27 11:05:35 +01:00
inet_hashtables.c tcp: drop the hash_32() part from the index calculation 2022-05-18 10:26:53 +02:00
inet_timewait_sock.c
inetpeer.c
ip_forward.c
ip_fragment.c inet: frags: annotate races around fqdir->dead and fqdir->high_thresh 2022-01-27 11:05:35 +01:00
ip_gre.c ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode 2022-05-09 09:14:36 +02:00
ip_input.c
ip_options.c
ip_output.c net-timestamp: convert sk->sk_tskey to atomic_t 2022-03-02 11:48:01 +01:00
ip_sockglue.c Revert "Revert "ipv4: fix memory leaks in ip_cmsg_send() callers"" 2021-09-14 14:24:31 +01:00
ip_tunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-07-31 09:14:46 -07:00
ip_tunnel_core.c
ip_vti.c ip_tunnel: use ndo_siocdevprivate 2021-07-27 20:11:44 +01:00
ipcomp.c Networking changes for 5.14. 2021-06-30 15:51:09 -07:00
ipconfig.c
ipip.c ip_tunnel: use ndo_siocdevprivate 2021-07-27 20:11:44 +01:00
ipmr.c ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path 2022-02-16 12:56:29 +01:00
ipmr_base.c
Kconfig
Makefile
metrics.c
netfilter.c
netlink.c
nexthop.c net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group 2021-12-01 09:04:49 +01:00
ping.c ping: fix address binding wrt vrf 2022-05-18 10:26:57 +02:00
proc.c tcp: switch orphan_count to bare per-cpu counters 2021-11-18 19:16:33 +01:00
protocol.c
raw.c ipv4: raw: lock the socket in raw_bind() 2022-02-01 17:27:14 +01:00
raw_diag.c net: Use nlmsg_unicast() instead of netlink_unicast() 2021-07-13 09:28:29 -07:00
route.c xfrm: fix "disable_policy" flag use when arriving from different devices 2022-05-25 09:57:30 +02:00
syncookies.c tcp: make sure treq->af_specific is initialized 2022-05-09 09:14:37 +02:00
sysctl_net_ipv4.c
tcp.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_bbr.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_bic.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_bpf.c bpf, sockmap: Fix double uncharge the mem of sk_msg 2022-04-08 14:23:40 +02:00
tcp_cdg.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_cong.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_cubic.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_dctcp.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD 2021-08-16 17:25:49 -07:00
tcp_highspeed.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_htcp.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_hybla.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_illinois.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_input.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_ipv4.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_lp.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_metrics.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_minisocks.c tcp: md5: incorrect tcp_header_len for incoming connections 2022-05-09 09:14:35 +02:00
tcp_nv.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_offload.c net, gro: Set inner transport header offset in tcp/udp GRO hook 2021-08-02 10:20:56 +01:00
tcp_output.c tcp: tcp_rtx_synack() can be called from process context 2022-06-14 18:36:12 +02:00
tcp_rate.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_recovery.c tcp: more accurately check DSACKs to grow RACK reordering window 2021-07-27 20:07:21 +01:00
tcp_scalable.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_timer.c
tcp_ulp.c
tcp_vegas.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_vegas.h
tcp_veno.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_westwood.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tcp_yeah.c tcp: add accessors to read/set tp->snd_cwnd 2022-06-14 18:36:11 +02:00
tunnel4.c
udp.c net: udp: fix alignment problem in udp4_seq_show() 2022-01-11 15:35:18 +01:00
udp_bpf.c net: Implement ->sock_is_readable() for UDP and AF_UNIX 2021-10-26 12:29:33 -07:00
udp_diag.c net: Use nlmsg_unicast() instead of netlink_unicast() 2021-07-13 09:28:29 -07:00
udp_impl.h
udp_offload.c fou: remove sparse errors 2021-08-31 12:03:33 +01:00
udp_tunnel_core.c
udp_tunnel_nic.c udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() 2022-03-02 11:47:59 +01:00
udp_tunnel_stub.c
udplite.c
xfrm4_input.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c