From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:58636 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751445AbdIOGWP (ORCPT
        <rfc822;stable@vger.kernel.org>); Fri, 15 Sep 2017 02:22:15 -0400
Subject: Patch "tcp: fix a request socket leak" has been added to the 4.13-stable tree
To: edumazet@google.com, ast@kernel.org, davem@davemloft.net,
        gregkh@linuxfoundation.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Thu, 14 Sep 2017 23:22:01 -0700
Message-ID: <150545652123187@kroah.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>


This is a note to let you know that I've just added the patch titled

    tcp: fix a request socket leak

to the 4.13-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     tcp-fix-a-request-socket-leak.patch
and it can be found in the queue-4.13 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>>From foo@baz Thu Sep 14 23:20:44 PDT 2017
From: Eric Dumazet <edumazet@google.com>
Date: Fri, 8 Sep 2017 12:44:47 -0700
Subject: tcp: fix a request socket leak

From: Eric Dumazet <edumazet@google.com>


[ Upstream commit 1f3b359f1004bd34b7b0bad70b93e3c7af92a37b ]

While the cited commit fixed a possible deadlock, it added a leak
of the request socket, since reqsk_put() must be called if the BPF
filter decided the ACK packet must be dropped.

Fixes: d624d276d1dd ("tcp: fix possible deadlock in TCP stack vs BPF filter")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv4/tcp_ipv4.c |    6 +++---
 net/ipv6/tcp_ipv6.c |    6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1722,9 +1722,9 @@ process:
 		 */
 		sock_hold(sk);
 		refcounted = true;
-		if (tcp_filter(sk, skb))
-			goto discard_and_relse;
-		nsk = tcp_check_req(sk, skb, req, false);
+		nsk = NULL;
+		if (!tcp_filter(sk, skb))
+			nsk = tcp_check_req(sk, skb, req, false);
 		if (!nsk) {
 			reqsk_put(req);
 			goto discard_and_relse;
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1456,9 +1456,9 @@ process:
 		}
 		sock_hold(sk);
 		refcounted = true;
-		if (tcp_filter(sk, skb))
-			goto discard_and_relse;
-		nsk = tcp_check_req(sk, skb, req, false);
+		nsk = NULL;
+		if (!tcp_filter(sk, skb))
+			nsk = tcp_check_req(sk, skb, req, false);
 		if (!nsk) {
 			reqsk_put(req);
 			goto discard_and_relse;


Patches currently in stable-queue which might be from edumazet@google.com are

queue-4.13/ipv6-fix-typo-in-fib6_net_exit.patch
queue-4.13/tcp-fix-a-request-socket-leak.patch
queue-4.13/udp-drop-head-states-only-when-all-skb-references-are-gone.patch