From: Marc Dionne <marc.c.dionne@gmail.com>
To: Craig Gallek <kraigatgoog@gmail.com>
Cc: netdev <netdev@vger.kernel.org>, David Miller <davem@davemloft.net>
Subject: Re: [PATCH net] soreuseport: fix NULL ptr dereference SO_REUSEPORT after bind
Date: Tue, 19 Jan 2016 15:43:22 -0400 [thread overview]
Message-ID: <CAB9dFdvj8SJkfbV-pvMRRkkDf16rUrMsYPbEDv=0eWEfWtm0Fg@mail.gmail.com> (raw)
In-Reply-To: <1453231628-18603-1-git-send-email-kraigatgoog@gmail.com>
On Tue, Jan 19, 2016 at 3:27 PM, Craig Gallek <kraigatgoog@gmail.com> wrote:
> From: Craig Gallek <kraig@google.com>
>
> Marc Dionne discovered a NULL pointer dereference when setting
> SO_REUSEPORT on a socket after it is bound.
> This patch removes the assumption that at least one socket in the
> reuseport group is bound with the SO_REUSEPORT option before other
> bind calls occur.
>
> Fixes: e32ea7e74727 ("soreuseport: fast reuseport UDP socket selection")
> Reported-by: Marc Dionne <marc.c.dionne@gmail.com>
> Signed-off-by: Craig Gallek <kraig@google.com>
> ---
> include/net/sock_reuseport.h | 2 +-
> net/core/sock_reuseport.c | 9 ++++++++-
> 2 files changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/include/net/sock_reuseport.h b/include/net/sock_reuseport.h
> index 7dda3d7adba8..aecd30308d50 100644
> --- a/include/net/sock_reuseport.h
> +++ b/include/net/sock_reuseport.h
> @@ -16,7 +16,7 @@ struct sock_reuseport {
> };
>
> extern int reuseport_alloc(struct sock *sk);
> -extern int reuseport_add_sock(struct sock *sk, const struct sock *sk2);
> +extern int reuseport_add_sock(struct sock *sk, struct sock *sk2);
> extern void reuseport_detach_sock(struct sock *sk);
> extern struct sock *reuseport_select_sock(struct sock *sk,
> u32 hash,
> diff --git a/net/core/sock_reuseport.c b/net/core/sock_reuseport.c
> index 1df98c557440..e92b759d906c 100644
> --- a/net/core/sock_reuseport.c
> +++ b/net/core/sock_reuseport.c
> @@ -93,10 +93,17 @@ static struct sock_reuseport *reuseport_grow(struct sock_reuseport *reuse)
> * @sk2: Socket belonging to the existing reuseport group.
> * May return ENOMEM and not add socket to group under memory pressure.
> */
> -int reuseport_add_sock(struct sock *sk, const struct sock *sk2)
> +int reuseport_add_sock(struct sock *sk, struct sock *sk2)
> {
> struct sock_reuseport *reuse;
>
> + if (!rcu_access_pointer(sk2->sk_reuseport_cb)) {
> + int err = reuseport_alloc(sk2);
> +
> + if (err)
> + return err;
> + }
> +
> spin_lock_bh(&reuseport_lock);
> reuse = rcu_dereference_protected(sk2->sk_reuseport_cb,
> lockdep_is_held(&reuseport_lock)),
> --
> 2.6.0.rc2.230.g3dd15c0
>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
next prev parent reply other threads:[~2016-01-19 19:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-19 19:27 [PATCH net] soreuseport: fix NULL ptr dereference SO_REUSEPORT after bind Craig Gallek
2016-01-19 19:43 ` Marc Dionne [this message]
2016-01-19 19:44 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAB9dFdvj8SJkfbV-pvMRRkkDf16rUrMsYPbEDv=0eWEfWtm0Fg@mail.gmail.com' \
--to=marc.c.dionne@gmail.com \
--cc=davem@davemloft.net \
--cc=kraigatgoog@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.