[rds-devel] [External] : Re: [PATCH net v4] rds: filter RDS_INFO_* getsockopt by caller's netns
Maoyi Xie
maoyixie.tju at gmail.com
Mon May 18 17:33:09 UTC 2026
Hi Simon,
Confirmed. net/rds/bind.c writes rs_bound_addr at lines 123,
138, and 160 without taking rds_sock_lock. The race is real,
and the len=0 path you described reaches the NULL iter->pages.
v5 caps the second pass at cnt in all four handlers
(rds_sock_info, rds6_sock_info, rds_tcp_tc_info,
rds6_tcp_tc_info):
unsigned int copied = 0;
list_for_each_entry(rs, &rds_sock_list, rs_item) {
if (copied >= cnt)
break;
if (!net_eq(sock_net(rds_rs_to_sk(rs)), net))
continue;
if (!ipv6_addr_v4mapped(&rs->rs_bound_addr))
continue;
...
rds_info_copy(iter, &sinfo, sizeof(sinfo));
copied++;
}
Sent as v5 in a separate mail.
Thanks,
Maoyi Xie
More information about the rds-devel
mailing list