q3k/linux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux/net
History
Eric Dumazet 0d4f060861 tcp: dont handle MTU reduction on LISTEN socket 
When an ICMP ICMP_FRAG_NEEDED (or ICMPV6_PKT_TOOBIG) message finds a
LISTEN socket, and this socket is currently owned by the user, we
set TCP_MTU_REDUCED_DEFERRED flag in listener tsq_flags.

This is bad because if we clone the parent before it had a chance to
clear the flag, the child inherits the tsq_flags value, and next
tcp_release_cb() on the child will decrement sk_refcnt.

Result is that we might free a live TCP socket, as reported by
Dormando.

IPv4: Attempt to release TCP socket in state 1

Fix this issue by testing sk_state against TCP_LISTEN early, so that we
set TCP_MTU_REDUCED_DEFERRED on appropriate sockets (not a LISTEN one)

This bug was introduced in commit 563d34d057
(tcp: dont drop MTU reduction indications)

Reported-by: dormando <dormando@rydia.net>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-18 13:31:28 -04:00
..
9p Revert parts of "hlist: drop the node parameter from iterators" 2013-03-08 15:05:34 -08:00
802 mrp: make mrp_rcv static 2013-02-11 14:16:26 -05:00
8021q net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
appletalk hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
atm hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ax25 hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
batman-adv batman-adv: verify tt len does not exceed packet len 2013-03-11 22:59:47 +01:00
bluetooth hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
bridge bridge: Add support for setting BR_ROOT_BLOCK flag. 2013-03-17 12:41:29 -04:00
caif CAIF: fix sparse warning for caif_usb 2013-03-04 14:12:07 -05:00
can hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-02-28 17:43:09 -08:00
core rtnetlink: Mask the rta_type when range checking 2013-03-17 11:43:40 -04:00
dcb dcbnl: fix various netlink info leaks 2013-03-10 05:19:26 -04:00
dccp Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
decnet hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
dns_resolver Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-12-16 15:40:50 -08:00
dsa dsa: make dsa_switch_setup check for valid port names 2013-01-21 15:40:12 -05:00
ethernet net: split eth_mac_addr for better error handling 2013-01-21 14:07:44 -05:00
ieee802154 6lowpan: Fix endianness issue in is_addr_link_local(). 2013-03-10 16:49:35 -04:00
ipv4 tcp: dont handle MTU reduction on LISTEN socket 2013-03-18 13:31:28 -04:00
ipv6 tcp: dont handle MTU reduction on LISTEN socket 2013-03-18 13:31:28 -04:00
ipx hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
irda net/irda: Raise dtr in non-blocking open 2013-03-06 02:47:05 -05:00
iucv hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
key afkey: fix a typo 2013-03-07 16:26:45 -05:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-03-05 18:42:29 -08:00
lapb net/lapb: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:40:01 -08:00
llc hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
mac80211 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2013-03-06 10:21:17 -05:00
mac802154 Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
netfilter Merge branch 'master' of git://1984.lsi.us.es/nf 2013-03-07 15:20:02 -05:00
netlabel netlabel: fix build problems when CONFIG_IPV6=n 2013-03-08 11:33:51 -05:00
netlink hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
netrom hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
nfc NFC: llcp: Report error to pending sockets when a device is removed 2013-03-08 17:35:22 +01:00
openvswitch Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch 2013-03-15 09:00:39 -04:00
packet hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
phonet hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
rds net/rds: zero last byte for strncpy 2013-03-08 00:35:44 -05:00
rfkill rfkill: don't use [delayed_]work_pending() 2012-12-28 13:40:16 -08:00
rose hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
rxrpc Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
sched pkt_sched: sch_qfq: remove a useless invocation of qfq_update_eligible 2013-03-06 02:47:05 -05:00
sctp sctp: don't break the loop while meeting the active_path so as to find the matched transport 2013-03-13 10:09:55 -04:00
sunrpc fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
tipc hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
unix hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
vmw_vsock VSOCK: Don't reject PF_VSOCK protocol 2013-02-18 15:02:51 -05:00
wimax
wireless Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2013-03-06 10:21:17 -05:00
x25 hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
xfrm hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
compat.c
Kconfig Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
Makefile VSOCK: Introduce VM Sockets 2013-02-10 19:41:08 -05:00
nonet.c
socket.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
sysctl_net.c user_ns: get rid of duplicate code in net_ctl_permissions 2012-11-18 20:32:45 -05:00