git.baikalelectronics.ru Git - kernel.git/commit

author	Eric Dumazet <eric.dumazet@gmail.com>
	Wed, 2 Dec 2009 22:31:19 +0000 (22:31 +0000)
committer	David S. Miller <davem@davemloft.net>
	Fri, 4 Dec 2009 00:17:43 +0000 (16:17 -0800)
commit	22141b14f191f5bca503e580aad4dcf286b5b324
tree	5f28f671092c2948726fdde92e20c3371cfceb77	tree \| snapshot
parent	5c50260afe75186b7a5a02f435749c3ea805c024	commit \| diff

tcp: connect() race with timewait reuse

Its currently possible that several threads issuing a connect() find
the same timewait socket and try to reuse it, leading to list
corruptions.

Condition for bug is that these threads bound their socket on same
address/port of to-be-find timewait socket, and connected to same
target. (SO_REUSEADDR needed)

To fix this problem, we could unhash timewait socket while holding
ehash lock, to make sure lookups/changes will be serialized. Only
first thread finds the timewait socket, other ones find the
established socket and return an EADDRNOTAVAIL error.

This second version takes into account Evgeniy's review and makes sure
inet_twsk_put() is called outside of locked sections.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/inet_timewait_sock.h		diff \| blob \| history
net/ipv4/inet_hashtables.c		diff \| blob \| history
net/ipv4/inet_timewait_sock.c		diff \| blob \| history
net/ipv6/inet6_hashtables.c		diff \| blob \| history