From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Guillaume Nault <gnault@redhat.com>,
Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.14 10/36] tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
Date: Thu, 19 Dec 2019 19:34:27 +0100 [thread overview]
Message-ID: <20191219182856.768968365@linuxfoundation.org> (raw)
In-Reply-To: <20191219182848.708141124@linuxfoundation.org>
From: Guillaume Nault <gnault@redhat.com>
[ Upstream commit 721c8dafad26ccfa90ff659ee19755e3377b829d ]
Syncookies borrow the ->rx_opt.ts_recent_stamp field to store the
timestamp of the last synflood. Protect them with READ_ONCE() and
WRITE_ONCE() since reads and writes aren't serialised.
Use of .rx_opt.ts_recent_stamp for storing the synflood timestamp was
introduced by a0f82f64e269 ("syncookies: remove last_synq_overflow from
struct tcp_sock"). But unprotected accesses were already there when
timestamp was stored in .last_synq_overflow.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/tcp.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -500,17 +500,17 @@ struct sock *cookie_v4_check(struct sock
*/
static inline void tcp_synq_overflow(const struct sock *sk)
{
- unsigned long last_overflow = tcp_sk(sk)->rx_opt.ts_recent_stamp;
+ unsigned long last_overflow = READ_ONCE(tcp_sk(sk)->rx_opt.ts_recent_stamp);
unsigned long now = jiffies;
if (!time_between32(now, last_overflow, last_overflow + HZ))
- tcp_sk(sk)->rx_opt.ts_recent_stamp = now;
+ WRITE_ONCE(tcp_sk(sk)->rx_opt.ts_recent_stamp, now);
}
/* syncookies: no recent synqueue overflow on this listening socket? */
static inline bool tcp_synq_no_recent_overflow(const struct sock *sk)
{
- unsigned long last_overflow = tcp_sk(sk)->rx_opt.ts_recent_stamp;
+ unsigned long last_overflow = READ_ONCE(tcp_sk(sk)->rx_opt.ts_recent_stamp);
/* If last_overflow <= jiffies <= last_overflow + TCP_SYNCOOKIE_VALID,
* then we're under synflood. However, we have to use
next prev parent reply other threads:[~2019-12-19 19:01 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-19 18:34 [PATCH 4.14 00/36] 4.14.160-stable review Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 01/36] net: bridge: deny dev_set_mac_address() when unregistering Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 02/36] net: dsa: fix flow dissection on Tx path Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 03/36] net: ethernet: ti: cpsw: fix extra rx interrupt Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 04/36] net: thunderx: start phy before starting autonegotiation Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 05/36] openvswitch: support asymmetric conntrack Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 06/36] tcp: md5: fix potential overestimation of TCP option space Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 07/36] tipc: fix ordering of tipc module init and exit routine Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 08/36] tcp: fix rejected syncookies due to stale timestamps Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 09/36] tcp: tighten acceptance of ACKs not matching a child socket Greg Kroah-Hartman
2019-12-19 18:34 ` Greg Kroah-Hartman [this message]
2019-12-19 18:34 ` [PATCH 4.14 11/36] inet: protect against too small mtu values Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 12/36] nvme: host: core: fix precedence of ternary operator Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 13/36] Revert "regulator: Defer init completion for a while after late_initcall" Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 14/36] PCI/PM: Always return devices to D0 when thawing Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 15/36] PCI: Fix Intel ACS quirk UPDCR register address Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 16/36] PCI/MSI: Fix incorrect MSI-X masking on resume Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 17/36] PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3 Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 18/36] xtensa: fix TLB sanity checker Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 19/36] rpmsg: glink: Set tail pointer to 0 at end of FIFO Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 20/36] rpmsg: glink: Fix reuse intents memory leak issue Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 21/36] rpmsg: glink: Fix use after free in open_ack TIMEOUT case Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 22/36] rpmsg: glink: Put an extra reference during cleanup Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 23/36] rpmsg: glink: Fix rpmsg_register_device err handling Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 24/36] rpmsg: glink: Dont send pending rx_done during remove Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 25/36] rpmsg: glink: Free pending deferred work on remove Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 26/36] CIFS: Respect O_SYNC and O_DIRECT flags during reconnect Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 27/36] ARM: dts: s3c64xx: Fix init order of clock providers Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 28/36] ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 29/36] vfio/pci: call irq_bypass_unregister_producer() before freeing irq Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 30/36] dma-buf: Fix memory leak in sync_file_merge() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 31/36] dm btree: increase rebalance threshold in __rebalance2() Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 32/36] scsi: iscsi: Fix a potential deadlock in the timeout handler Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 33/36] drm/radeon: fix r1xx/r2xx register checker for POT textures Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 34/36] xhci: fix USB3 device initiated resume race with roothub autosuspend Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 35/36] net: stmmac: use correct DMA buffer size in the RX descriptor Greg Kroah-Hartman
2019-12-19 18:34 ` [PATCH 4.14 36/36] net: stmmac: dont stop NAPI processing when dropping a packet Greg Kroah-Hartman
2019-12-20 4:39 ` [PATCH 4.14 00/36] 4.14.160-stable review shuah
2019-12-20 5:34 ` Naresh Kamboju
2019-12-20 10:29 ` Jon Hunter
2019-12-20 10:29 ` Jon Hunter
2019-12-20 18:48 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191219182856.768968365@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gnault@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.