From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Guillaume Nault <gnault@redhat.com>,
Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 5.4 19/37] tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
Date: Tue, 17 Dec 2019 21:09:40 +0100 [thread overview]
Message-ID: <20191217200727.666289371@linuxfoundation.org> (raw)
In-Reply-To: <20191217200721.741054904@linuxfoundation.org>
From: Guillaume Nault <gnault@redhat.com>
[ Upstream commit 721c8dafad26ccfa90ff659ee19755e3377b829d ]
Syncookies borrow the ->rx_opt.ts_recent_stamp field to store the
timestamp of the last synflood. Protect them with READ_ONCE() and
WRITE_ONCE() since reads and writes aren't serialised.
Use of .rx_opt.ts_recent_stamp for storing the synflood timestamp was
introduced by a0f82f64e269 ("syncookies: remove last_synq_overflow from
struct tcp_sock"). But unprotected accesses were already there when
timestamp was stored in .last_synq_overflow.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/tcp.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -501,9 +501,9 @@ static inline void tcp_synq_overflow(con
}
}
- last_overflow = tcp_sk(sk)->rx_opt.ts_recent_stamp;
+ last_overflow = READ_ONCE(tcp_sk(sk)->rx_opt.ts_recent_stamp);
if (!time_between32(now, last_overflow, last_overflow + HZ))
- tcp_sk(sk)->rx_opt.ts_recent_stamp = now;
+ WRITE_ONCE(tcp_sk(sk)->rx_opt.ts_recent_stamp, now);
}
/* syncookies: no recent synqueue overflow on this listening socket? */
@@ -524,7 +524,7 @@ static inline bool tcp_synq_no_recent_ov
}
}
- last_overflow = tcp_sk(sk)->rx_opt.ts_recent_stamp;
+ last_overflow = READ_ONCE(tcp_sk(sk)->rx_opt.ts_recent_stamp);
/* If last_overflow <= jiffies <= last_overflow + TCP_SYNCOOKIE_VALID,
* then we're under synflood. However, we have to use
next prev parent reply other threads:[~2019-12-17 20:10 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-17 20:09 [PATCH 5.4 00/37] 5.4.5-stable review Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 01/37] inet: protect against too small mtu values Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 02/37] mqprio: Fix out-of-bounds access in mqprio_dump Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 03/37] net: bridge: deny dev_set_mac_address() when unregistering Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 04/37] net: dsa: fix flow dissection on Tx path Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 05/37] net: ethernet: ti: cpsw: fix extra rx interrupt Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 06/37] net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 07/37] net_sched: validate TCA_KIND attribute in tc_chain_tmplt_add() Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 08/37] net-sysfs: Call dev_hold always in netdev_queue_add_kobject Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 09/37] net: thunderx: start phy before starting autonegotiation Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 10/37] net/tls: Fix return values to avoid ENOTSUPP Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 11/37] openvswitch: support asymmetric conntrack Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 12/37] tcp: md5: fix potential overestimation of TCP option space Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 13/37] tipc: fix ordering of tipc module init and exit routine Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 14/37] net/mlx5e: Query global pause state before setting prio2buffer Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 15/37] net: ipv6: add net argument to ip6_dst_lookup_flow Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 16/37] net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 17/37] tcp: fix rejected syncookies due to stale timestamps Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 18/37] tcp: tighten acceptance of ACKs not matching a child socket Greg Kroah-Hartman
2019-12-17 20:09 ` Greg Kroah-Hartman [this message]
2019-12-17 20:09 ` [PATCH 5.4 20/37] net: core: rename indirect block ingress cb function Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 21/37] net: sched: allow indirect blocks to bind to clsact in TC Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 22/37] cls_flower: Fix the behavior using port ranges with hw-offload Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 23/37] gre: refetch erspan header from skb->data after pskb_may_pull() Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 24/37] Fixed updating of ethertype in function skb_mpls_pop Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 25/37] hsr: fix a NULL pointer dereference in hsr_dev_xmit() Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 26/37] net: Fixed updating of ethertype in skb_mpls_push() Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 27/37] net/mlx5e: Fix TXQ indices to be sequential Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 28/37] act_ct: support asymmetric conntrack Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 29/37] net/mlx5e: Fix SFF 8472 eeprom length Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 30/37] net/mlx5e: Fix freeing flow with kfree() and not kvfree() Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 31/37] net/mlx5e: Fix translation of link mode into speed Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 32/37] net/mlx5e: ethtool, Fix analysis of speed setting Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 33/37] page_pool: do not release pool until inflight == 0 Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 34/37] xdp: obtain the mem_id mutex before trying to remove an entry Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 35/37] ionic: keep users rss hash across lif reset Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 36/37] net: mscc: ocelot: unregister the PTP clock on deinit Greg Kroah-Hartman
2019-12-17 20:09 ` [PATCH 5.4 37/37] r8169: add missing RX enabling for WoL on RTL8125 Greg Kroah-Hartman
2019-12-18 10:24 ` [PATCH 5.4 00/37] 5.4.5-stable review Jon Hunter
2019-12-18 10:24 ` Jon Hunter
2019-12-18 14:34 ` Greg Kroah-Hartman
2019-12-18 14:22 ` Naresh Kamboju
2019-12-18 14:35 ` Greg Kroah-Hartman
2019-12-18 14:48 ` Guenter Roeck
2019-12-18 14:53 ` Greg Kroah-Hartman
2019-12-18 20:59 ` shuah
2019-12-19 8:44 ` Greg Kroah-Hartman
2019-12-18 21:02 ` Geert Uytterhoeven
2019-12-19 8:45 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191217200727.666289371@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gnault@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.