mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 07:13:34 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/core
History
Sabrina Dubroca ebfa00c574 tcp: fix refcnt leak with ebpf congestion control 
There are a few bugs around refcnt handling in the new BPF congestion
control setsockopt:

 - The new ca is assigned to icsk->icsk_ca_ops even in the case where we
   cannot get a reference on it. This would lead to a use after free,
   since that ca is going away soon.

 - Changing the congestion control case doesn't release the refcnt on
   the previous ca.

 - In the reinit case, we first leak a reference on the old ca, then we
   call tcp_reinit_congestion_control on the ca that we have just
   assigned, leading to deinitializing the wrong ca (->release of the
   new ca on the old ca's data) and releasing the refcount on the ca
   that we actually want to use.

This is visible by building (for example) BIC as a module and setting
net.ipv4.tcp_congestion_control=bic, and using tcp_cong_kern.c from
samples/bpf.

This patch fixes the refcount issues, and moves reinit back into tcp
core to avoid passing a ca pointer back to BPF.

Fixes: 91b5b21c7c ("bpf: Add support for changing congestion control")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-08-25 17:16:27 -07:00
..
datagram.c udp: on peeking bad csum, drop packets even if not at head 2017-08-22 14:27:58 -07:00
dev.c net: avoid skb_warn_bad_offload false positives on UFO 2017-08-08 21:39:01 -07:00
dev_addr_lists.c
dev_ioctl.c net: check dev->addr_len for dev_set_mac_address() 2017-07-29 11:25:05 -07:00
devlink.c devlink: fix potential memort leak 2017-06-05 11:24:28 -04:00
drop_monitor.c drop_monitor: use setup_timer 2017-03-12 23:47:16 -07:00
dst.c net: store port/representator id in metadata_dst 2017-06-25 11:42:01 -04:00
dst_cache.c
ethtool.c ethtool: don't open-code memdup_user() 2017-06-30 02:04:10 -04:00
fib_rules.c net: set fib rule refcount after malloc 2017-07-13 13:43:54 -07:00
filter.c tcp: fix refcnt leak with ebpf congestion control 2017-08-25 17:16:27 -07:00
flow.c flowcache: more "unsigned int" 2017-04-03 19:04:48 -07:00
flow_dissector.c net/flow_dissector: add support for dissection of misc ip header fields 2017-06-04 18:12:23 -04:00
gen_estimator.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
gen_stats.c net_sched: gen_estimator: complete rewrite of rate estimators 2016-12-05 15:21:59 -05:00
gro_cells.c net: Generic XDP 2017-04-25 13:33:49 -04:00
hwbm.c
link_watch.c
lwt_bpf.c net: add extack arg to lwtunnel build state 2017-05-30 11:55:32 -04:00
lwtunnel.c net: add extack arg to lwtunnel build state 2017-05-30 11:55:32 -04:00
Makefile gro_cells: move to net/core/gro_cells.c 2017-02-08 14:38:18 -05:00
neighbour.c Add wait_for_random_bytes() and get_random_*_wait() functions so that 2017-07-15 12:44:02 -07:00
net-procfs.c net-procfs: Use vsnprintf extension %phN 2017-06-04 19:52:58 -04:00
net-sysfs.c net: convert net.passive from atomic_t to refcount_t 2017-07-01 07:39:09 -07:00
net-sysfs.h
net-traces.c
net_namespace.c net: convert net.passive from atomic_t to refcount_t 2017-07-01 07:39:09 -07:00
netclassid_cgroup.c cgroup, net_cls: iterate the fds of only the tasks which are being migrated 2017-03-22 10:32:46 -07:00
netevent.c
netpoll.c netpoll: Fix device name check in netpoll_setup() 2017-07-26 17:01:43 -07:00
netprio_cgroup.c net: break include loop netdevice.h, dsa.h, devlink.h 2017-03-28 22:46:04 -07:00
pktgen.c net: convert sk_buff.users from atomic_t to refcount_t 2017-07-01 07:39:07 -07:00
ptp_classifier.c
request_sock.c ipv4: Namespaceify tcp_max_syn_backlog knob 2016-12-29 11:38:31 -05:00
rtnetlink.c rtnetlink: allocate more memory for dev_set_mac_address() 2017-07-20 15:23:22 -07:00
scm.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/user.h> 2017-03-02 08:42:29 +01:00
secure_seq.c tcp: Namespaceify sysctl_tcp_timestamps 2017-06-08 10:53:29 -04:00
skbuff.c net: core: Specify skb_pad()/skb_put_padto() SKB freeing 2017-08-23 20:33:49 -07:00
sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-07-05 12:31:59 -07:00
sock_diag.c netlink: extended ACK reporting 2017-04-13 13:58:20 -04:00
sock_reuseport.c soreuseport: use "unsigned int" in __reuseport_alloc() 2017-04-03 19:06:38 -07:00
stream.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
sysctl_net_core.c net: move somaxconn init from sysctl code 2017-05-25 13:12:17 -04:00
timestamping.c
tso.c
utils.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00