From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, bunk@stusta.de,
"David S. Miller" <davem@davemloft.net>
Subject: [patch 17/28] TCP: Do not autobind ports for TCP sockets
Date: Thu, 23 Aug 2007 15:29:11 -0700 [thread overview]
Message-ID: <20070823222911.GC18559@kroah.com> (raw)
In-Reply-To: <20070823221811.GA18559@kroah.com>
[-- Attachment #1: tcp-do-not-autobind-ports-for-tcp-sockets.patch --]
[-- Type: text/plain, Size: 3348 bytes --]
-stable review patch. If anyone has any objections, please let us know.
------------------
From: David Miller <davem@davemloft.net>
[TCP]: Invoke tcp_sendmsg() directly, do not use inet_sendmsg().
As discovered by Evegniy Polyakov, if we try to sendmsg after
a connection reset, we can do incredibly stupid things.
The core issue is that inet_sendmsg() tries to autobind the
socket, but we should never do that for TCP. Instead we should
just go straight into TCP's sendmsg() code which will do all
of the necessary state and pending socket error checks.
TCP's sendpage already directly vectors to tcp_sendpage(), so this
merely brings sendmsg() in line with that.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/net/tcp.h | 2 +-
net/ipv4/af_inet.c | 2 +-
net/ipv4/tcp.c | 3 ++-
net/ipv4/tcp_ipv4.c | 1 -
net/ipv6/af_inet6.c | 2 +-
net/ipv6/tcp_ipv6.c | 1 -
6 files changed, 5 insertions(+), 6 deletions(-)
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -281,7 +281,7 @@ extern int tcp_v4_remember_stamp(struc
extern int tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw);
-extern int tcp_sendmsg(struct kiocb *iocb, struct sock *sk,
+extern int tcp_sendmsg(struct kiocb *iocb, struct socket *sock,
struct msghdr *msg, size_t size);
extern ssize_t tcp_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags);
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -831,7 +831,7 @@ const struct proto_ops inet_stream_ops =
.shutdown = inet_shutdown,
.setsockopt = sock_common_setsockopt,
.getsockopt = sock_common_getsockopt,
- .sendmsg = inet_sendmsg,
+ .sendmsg = tcp_sendmsg,
.recvmsg = sock_common_recvmsg,
.mmap = sock_no_mmap,
.sendpage = tcp_sendpage,
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -658,9 +658,10 @@ static inline int select_size(struct soc
return tmp;
}
-int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
size_t size)
{
+ struct sock *sk = sock->sk;
struct iovec *iov;
struct tcp_sock *tp = tcp_sk(sk);
struct sk_buff *skb;
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2434,7 +2434,6 @@ struct proto tcp_prot = {
.shutdown = tcp_shutdown,
.setsockopt = tcp_setsockopt,
.getsockopt = tcp_getsockopt,
- .sendmsg = tcp_sendmsg,
.recvmsg = tcp_recvmsg,
.backlog_rcv = tcp_v4_do_rcv,
.hash = tcp_v4_hash,
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -487,7 +487,7 @@ const struct proto_ops inet6_stream_ops
.shutdown = inet_shutdown, /* ok */
.setsockopt = sock_common_setsockopt, /* ok */
.getsockopt = sock_common_getsockopt, /* ok */
- .sendmsg = inet_sendmsg, /* ok */
+ .sendmsg = tcp_sendmsg, /* ok */
.recvmsg = sock_common_recvmsg, /* ok */
.mmap = sock_no_mmap,
.sendpage = tcp_sendpage,
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -2135,7 +2135,6 @@ struct proto tcpv6_prot = {
.shutdown = tcp_shutdown,
.setsockopt = tcp_setsockopt,
.getsockopt = tcp_getsockopt,
- .sendmsg = tcp_sendmsg,
.recvmsg = tcp_recvmsg,
.backlog_rcv = tcp_v6_do_rcv,
.hash = tcp_v6_hash,
--
next prev parent reply other threads:[~2007-08-23 22:42 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070823220656.101239233@mini.kroah.org>
2007-08-23 22:18 ` [patch 00/28] 2.6.22-stable review cycle again Greg KH
2007-08-23 22:25 ` [patch 01/28] ocfs2: Fix bad source start calculation during kernel writes Greg KH
2007-08-23 22:25 ` [patch 02/28] NET: Share correct feature code between bridging and bonding Greg KH
2007-08-23 22:26 ` [patch 03/28] sky2: dont clear phy power bits Greg KH
2007-08-23 22:26 ` [patch 04/28] uml: fix previous request size limit fix Greg KH
2007-08-23 22:26 ` [patch 05/28] i386: fix lazy mode vmalloc synchronization for paravirt Greg KH
2007-08-23 22:26 ` [patch 06/28] signalfd: fix interaction with posix-timers Greg KH
2007-08-23 22:26 ` [patch 07/28] signalfd: make it group-wide, fix posix-timers scheduling Greg KH
2007-08-23 22:26 ` [patch 08/28] DCCP: Fix DCCP GFP_KERNEL allocation in atomic context Greg KH
2007-08-23 22:26 ` [patch 09/28] IPV6: Fix kernel panic while send SCTP data with IP fragments Greg KH
2007-08-23 22:26 ` [patch 10/28] IPv6: Invalid semicolon after if statement Greg KH
2007-08-23 22:26 ` [patch 11/28] Fix soft-fp underflow handling Greg KH
2007-08-23 22:26 ` [patch 12/28] Netfilter: Missing Kbuild entry for netfilter Greg KH
2007-08-23 22:26 ` [patch 13/28] SNAP: Fix SNAP protocol header accesses Greg KH
2007-08-23 22:27 ` [patch 14/28] NET: Fix missing rcu unlock in __sock_create() Greg KH
2007-08-23 22:27 ` [patch 15/28] SPARC64: Fix sparc64 task stack traces Greg KH
2007-08-23 22:27 ` [patch 16/28] SPARC64: Fix sparc64 PCI config accesses on sun4u Greg KH
2007-08-23 22:27 ` [patch 18/28] TCP: Fix TCP rate-halving on bidirectional flows Greg KH
2007-08-23 22:27 ` [patch 19/28] TCP: Fix TCP handling of SACK in " Greg KH
2007-08-23 22:27 ` [patch 20/28] PPP: Fix PPP buffer sizing Greg KH
2007-08-23 22:27 ` [patch 21/28] PCI: lets kill the PCI hidden behind bridge message Greg KH
2007-08-23 22:27 ` [patch 22/28] PCI: disable MSI on RS690 Greg KH
2007-08-23 22:27 ` [patch 23/28] PCI: disable MSI on RD580 Greg KH
2007-08-23 22:27 ` [patch 24/28] PCI: disable MSI on RX790 Greg KH
2007-08-23 22:27 ` [patch 25/28] USB: cdc-acm: fix sysfs attribute registration bug Greg KH
2007-08-24 13:59 ` Alan Stern
2007-08-24 15:49 ` [stable] " Greg KH
2007-08-24 17:59 ` Alan Stern
2007-08-24 18:04 ` Greg KH
2007-08-29 18:48 ` Chuck Ebbert
2007-08-29 23:33 ` Chuck Ebbert
2007-08-31 5:10 ` Greg KH
2007-08-23 22:27 ` [patch 26/28] USB: allow retry on descriptor fetch errors Greg KH
2007-08-23 22:27 ` [patch 27/28] USB: fix DoS in pwc USB video driver Greg KH
2007-08-23 22:28 ` [patch 28/28] usb: add PRODUCT, TYPE to usb-interface events Greg KH
2007-08-23 22:29 ` Greg KH [this message]
2007-08-23 22:32 ` [patch 00/28] 2.6.22-stable review cycle again Greg KH
2007-08-29 19:43 ` Thomas Backlund
2007-08-29 20:03 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070823222911.GC18559@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@stusta.de \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox