[rds-devel] [PATCH v2 net 5/5] tcp: Add assertion for reqsk->rsk_listener->sk_net_refcnt.
Kuniyuki Iwashima
kuniyu at amazon.com
Tue Feb 27 01:10:41 UTC 2024
syzbot demonstrated that a reqsk timer could be fired after netns
dismantle if the timer was kicked by kernel TCP listener.
Regardless of the owner of the socket, TCP listener always has to
hold netns refcount.
Let's make sure that new user will not create kernel TCP listener
without holding netns refcount.
Suggested-by: Eric Dumazet <edumazet at google.com>
Signed-off-by: Kuniyuki Iwashima <kuniyu at amazon.com>
---
net/ipv4/tcp_input.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index df7b13f0e5e0..341dd5bb3fd1 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6972,6 +6972,8 @@ struct request_sock *inet_reqsk_alloc(const struct request_sock_ops *ops,
if (req) {
struct inet_request_sock *ireq = inet_rsk(req);
+ DEBUG_NET_WARN_ON_ONCE(!sk_listener->sk_net_refcnt);
+
ireq->ireq_opt = NULL;
#if IS_ENABLED(CONFIG_IPV6)
ireq->pktopts = NULL;
--
2.30.2
More information about the rds-devel
mailing list