linux/include/net
Eric Dumazet 7716682cc5 tcp/dccp: fix another race at listener dismantle
Ilya reported following lockdep splat:

kernel: =========================
kernel: [ BUG: held lock freed! ]
kernel: 4.5.0-rc1-ceph-00026-g5e0a311 #1 Not tainted
kernel: -------------------------
kernel: swapper/5/0 is freeing memory
ffff880035c9d200-ffff880035c9dbff, with a lock still held there!
kernel: (&(&queue->rskq_lock)->rlock){+.-...}, at:
[<ffffffff816f6a88>] inet_csk_reqsk_queue_add+0x28/0xa0
kernel: 4 locks held by swapper/5/0:
kernel: #0:  (rcu_read_lock){......}, at: [<ffffffff8169ef6b>]
netif_receive_skb_internal+0x4b/0x1f0
kernel: #1:  (rcu_read_lock){......}, at: [<ffffffff816e977f>]
ip_local_deliver_finish+0x3f/0x380
kernel: #2:  (slock-AF_INET){+.-...}, at: [<ffffffff81685ffb>]
sk_clone_lock+0x19b/0x440
kernel: #3:  (&(&queue->rskq_lock)->rlock){+.-...}, at:
[<ffffffff816f6a88>] inet_csk_reqsk_queue_add+0x28/0xa0

To properly fix this issue, inet_csk_reqsk_queue_add() needs
to return to its callers if the child as been queued
into accept queue.

We also need to make sure listener is still there before
calling sk->sk_data_ready(), by holding a reference on it,
since the reference carried by the child can disappear as
soon as the child is put on accept queue.

Reported-by: Ilya Dryomov <idryomov@gmail.com>
Fixes: ebb516af60 ("tcp/dccp: fix race at listener dismantle phase")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-02-18 11:35:51 -05:00
..
9p
bluetooth Bluetooth: L2CAP: Introduce proper defines for PSM ranges 2016-01-29 11:47:24 +01:00
caif
irda
iucv
netfilter netfilter: nf_conntrack: use safer way to lock all buckets 2016-01-20 14:15:31 +01:00
netns ipv4: Namespecify the tcp_keepalive_intvl sysctl knob 2016-01-10 17:32:09 -05:00
nfc nfc: netlink: HCI event connectivity implementation 2015-12-29 19:06:20 +01:00
phonet
sctp sctp: remove the dead field of sctp_transport 2016-01-28 15:59:32 -08:00
tc_act
6lowpan.h 6lowpan: add debugfs support 2015-12-10 01:25:25 +01:00
act_api.h
addrconf.h soreuseport: fast reuseport UDP socket selection 2016-01-04 22:49:58 -05:00
af_ieee802154.h
af_rxrpc.h
af_unix.h unix: correctly track in-flight fds in sending process user_struct 2016-02-08 10:30:42 -05:00
af_vsock.h Revert "Merge branch 'vsock-virtio'" 2015-12-08 21:55:49 -05:00
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h bonding: simplify / unify event handling code for 3ad mode. 2015-11-02 22:52:24 -05:00
bond_alb.h
bond_options.h
bonding.h bonding: implement lower state change propagation 2015-12-03 11:49:27 -05:00
busy_poll.h net: un-inline sk_busy_loop() 2015-11-18 16:17:38 -05:00
cfg80211-wext.h
cfg80211.h cfg80211: Add support for aborting an ongoing scan 2015-12-04 14:43:32 +01:00
cfg802154.h
checksum.h rco: Clean up casting errors 2015-12-13 23:57:45 -05:00
cipso_ipv4.h
cls_cgroup.h net: wrap sock->sk_cgrp_prioidx and ->sk_classid inside a struct 2015-12-08 22:02:33 -05:00
codel.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h net: dsa: remove DSA link polling 2015-12-07 16:35:49 -05:00
dsfield.h
dst_metadata.h gro: Make GRO aware of lightweight tunnels. 2016-01-20 18:48:38 -08:00
dst_ops.h
dst.h net: fix IP early demux races 2015-12-14 23:52:00 -05:00
esp.h
ethoc.h
fib_rules.h
firewire.h
flow_dissector.h
flow.h
flowcache.h
fou.h
garp.h
gen_stats.h
genetlink.h netlink: add a start callback for starting a netlink dump 2015-12-15 23:25:20 -05:00
geneve.h geneve: Add geneve_get_rx_port support 2015-12-16 10:58:56 -05:00
gre.h
gro_cells.h
gue.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h mac802154: constify ieee802154_llsec_ops structure 2016-01-04 20:40:41 +01:00
if_inet6.h
ila.h ila: Add generic ILA translation facility 2015-12-15 23:25:20 -05:00
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h
inet_connection_sock.h tcp/dccp: fix another race at listener dismantle 2016-02-18 11:35:51 -05:00
inet_ecn.h ipv6: update skb->csum when CE mark is propagated 2016-01-15 15:07:23 -05:00
inet_frag.h inet: kill unused skb_free op 2016-01-05 22:25:57 -05:00
inet_hashtables.h
inet_sock.h net: Allow accepted sockets to be bound to l3mdev domain 2015-12-18 14:43:38 -05:00
inet_timewait_sock.h
inetpeer.h inet: tcp: fix inetpeer_set_addr_v4() 2015-12-16 00:14:12 -05:00
ip6_checksum.h
ip6_fib.h ipv6: Check rt->dst.from for the DST_NOCACHE route 2015-11-15 17:12:37 -05:00
ip6_route.h ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail() 2016-01-29 20:31:26 -08:00
ip6_tunnel.h net: make ip6tunnel_xmit definition conditional 2016-01-04 21:50:51 -05:00
ip_fib.h route: check and remove route cache when we get route 2016-02-18 11:31:36 -05:00
ip_tunnels.h vxlan, gre, geneve: Set a large MTU on ovs-created tunnel devices 2016-02-10 05:50:03 -05:00
ip_vs.h
ip.h
ipcomp.h
ipconfig.h
ipv6.h ipv6: add ipv6_addr_prefix_copy 2015-12-10 12:55:28 +01:00
ipx.h
iw_handler.h
l3mdev.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-06 22:54:18 -05:00
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h
mac80211.h mac80211: add new IEEE80211_VIF_GET_NOA_UPDATE flag 2015-12-04 14:43:32 +01:00
mac802154.h
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mrp.h
ndisc.h Revert "ipv6: ndisc: inherit metadata dst when creating ndisc requests" 2015-12-01 15:07:59 -05:00
neighbour.h
net_namespace.h netfilter: cttimeout: add netns support 2015-12-14 12:48:58 +01:00
net_ratelimit.h
netevent.h
netlabel.h
netlink.h
netprio_cgroup.h net: wrap sock->sk_cgrp_prioidx and ->sk_classid inside a struct 2015-12-08 22:02:33 -05:00
netrom.h
nexthop.h
nl802154.h
p8022.h
ping.h
pkt_cls.h
pkt_sched.h
protocol.h udp: restrict offloads to one namespace 2016-01-10 17:28:24 -05:00
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h net: add inet_sk_transparent() helper 2015-12-22 17:03:05 -05:00
rose.h
route.h net: Propagate lookup failure in l3mdev_get_saddr to caller 2016-01-04 22:58:30 -05:00
rtnetlink.h
sch_generic.h net, sched: add skb_at_tc_ingress helper 2016-01-10 17:54:28 -05:00
scm.h unix: correctly track in-flight fds in sending process user_struct 2016-02-08 10:30:42 -05:00
secure_seq.h
slhc_vj.h
snmp.h
sock_reuseport.h soreuseport: fix NULL ptr dereference SO_REUSEPORT after bind 2016-01-19 14:44:23 -05:00
sock.h net: sock: remove dead cgroup methods from struct proto 2016-01-21 14:16:51 -08:00
Space.h
stp.h
switchdev.h switchdev: Adding MDB entry offload 2016-01-10 16:50:20 -05:00
tcp_states.h
tcp.h tcp: do not drop syn_recv on all icmp reports 2016-02-09 04:15:37 -05:00
timewait_sock.h
transp_v6.h
tso.h
udp_tunnel.h ip_tunnel: Move stats update to iptunnel_xmit() 2015-12-25 23:32:23 -05:00
udp.h soreuseport: setsockopt SO_ATTACH_REUSEPORT_[CE]BPF 2016-01-04 22:49:59 -05:00
udplite.h
vsock_addr.h
vxlan.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-12-17 22:08:28 -05:00
wext.h
wimax.h
x25.h
x25device.h
xfrm.h xfrm: add rcu protection to sk->sk_policy[] 2015-12-11 19:22:06 -05:00