From mboxrd@z Thu Jan 1 00:00:00 1970 From: John Fastabend Subject: [bpf-next PATCH 2/4] bpf: sockmap, duplicates release calls may NULL sk_prot Date: Sun, 01 Apr 2018 08:00:59 -0700 Message-ID: <20180401150059.24727.21318.stgit@john-Precision-Tower-5810> References: <20180401145728.24727.706.stgit@john-Precision-Tower-5810> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, davem@davemloft.net To: ast@kernel.org, daniel@iogearbox.net Return-path: Received: from [75.106.27.153] ([75.106.27.153]:37986 "EHLO john-Precision-Tower-5810" rhost-flags-FAIL-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1753777AbeDAPBD (ORCPT ); Sun, 1 Apr 2018 11:01:03 -0400 In-Reply-To: <20180401145728.24727.706.stgit@john-Precision-Tower-5810> Sender: netdev-owner@vger.kernel.org List-ID: It is possible to have multiple ULP tcp_release call paths in flight if a sock is closed and simultaneously being removed from the sockmap control path. The result would be setting the sk_prot to the saved values on the first iteration and then on the second iteration setting the value to NULL. This patch resolves this by ensuring we only reset the sk_prot pointer if we have a valid saved state to set. Fixes: 4f738adba30a7 ("bpf: create tcp_bpf_ulp allowing BPF to monitor socket TX/RX data") Signed-off-by: John Fastabend --- kernel/bpf/sockmap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c index 8ddf326..8dd9210 100644 --- a/kernel/bpf/sockmap.c +++ b/kernel/bpf/sockmap.c @@ -182,8 +182,10 @@ static void bpf_tcp_release(struct sock *sk) psock->cork = NULL; } - sk->sk_prot = psock->sk_proto; - psock->sk_proto = NULL; + if (psock->sk_proto) { + sk->sk_prot = psock->sk_proto; + psock->sk_proto = NULL; + } out: rcu_read_unlock(); }