github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-02 03:24:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
858d2a4f67
linux/net/mptcp
History
Eric Dumazet 858d2a4f67 tcp: fix potential race in tcp_v6_syn_recv_sock() 
Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock()
is done too late.

After tcp_v4_syn_recv_sock(), the child socket is already visible
from TCP ehash table and other cpus might use it.

Since newinet->pinet6 is still pointing to the listener ipv6_pinfo
bad things can happen as syzbot found.

Move the problematic code in tcp_v6_mapped_child_init()
and call this new helper from tcp_v4_syn_recv_sock() before
the ehash insertion.

This allows the removal of one tcp_sync_mss(), since
tcp_v4_syn_recv_sock() will call it with the correct
context.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: syzbot+937b5bbb6a815b3e5d0b@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/69949275.050a0220.2eeac1.0145.GAE@google.com/
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260217161205.2079883-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-02-19 14:02:19 -08:00
..
bpf.c
crypto_test.c
crypto.c mptcp: use HMAC-SHA256 library instead of open-coded HMAC 2025-09-03 15:08:20 -07:00
ctrl.c mptcp: reset blackhole on success with non-loopback ifaces 2025-09-19 07:06:19 -07:00
diag.c tcp: ulp: diag: more info without CAP_NET_ADMIN 2025-03-07 19:39:53 -08:00
fastopen.c mptcp: borrow forward memory from subflow 2025-11-24 19:49:42 -08:00
Kconfig mptcp: select CRYPTO_LIB_UTILS instead of CRYPTO 2025-12-08 23:44:16 -08:00
Makefile mptcp: pm: split in-kernel PM specific code 2025-03-10 13:35:50 -07:00
mib.c mptcp: borrow forward memory from subflow 2025-11-24 19:49:42 -08:00
mib.h mptcp: borrow forward memory from subflow 2025-11-24 19:49:42 -08:00
mptcp_diag.c mptcp: introduce mptcp-level backlog 2025-11-24 19:49:43 -08:00
mptcp_pm_gen.c tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
mptcp_pm_gen.h tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
options.c mptcp: fallback earlier on simult connection 2025-12-23 09:12:25 +01:00
pm_kernel.c mptcp: pm: in-kernel: clarify mptcp_pm_remove_anno_addr() 2026-02-06 20:35:06 -08:00
pm_netlink.c mptcp: pm: ignore unknown endpoint flags 2025-12-08 23:54:02 -08:00
pm_userspace.c mptcp: pm: rename 'subflows' to 'extra_subflows' 2025-09-26 17:44:04 -07:00
pm.c mptcp: ensure the kernel PM does not take action too late 2025-11-24 19:49:42 -08:00
protocol.c mptcp: allow overridden write_space to be invoked 2026-02-10 19:54:21 -08:00
protocol.h mptcp: allow overridden write_space to be invoked 2026-02-10 19:54:21 -08:00
sched.c mptcp: sched: split validation part 2025-04-15 08:21:46 -07:00
sockopt.c mptcp: pm: in-kernel: record fullmesh endp nb 2025-11-04 17:15:06 -08:00
subflow.c tcp: fix potential race in tcp_v6_syn_recv_sock() 2026-02-19 14:02:19 -08:00
syncookies.c
token_test.c mptcp: token kunit: set protocol 2024-02-26 18:42:12 -08:00
token.c mptcp: fix kdoc warnings 2026-02-06 20:35:06 -08:00