| Message ID | 20210107051110.12247-1-baptiste.lepers@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | udp: Prevent reuseport_select_sock from reading uninitialized socks | expand |
On Thu, Jan 7, 2021 at 12:11 AM Baptiste Lepers <baptiste.lepers@gmail.com> wrote: > > reuse->socks[] is modified concurrently by reuseport_add_sock. To > prevent reading values that have not been fully initialized, only read > the array up until the last known safe index instead of incorrectly > re-reading the last index of the array. > > Fixes: acdcecc61285f ("udp: correct reuseport selection with connected > sockets") > Signed-off-by: Baptiste Lepers <baptiste.lepers@gmail.com> Acked-by: Willem de Bruijn <willemb@google.com> Thanks. This also matches local variable socks as used to calculate i and j with reciprocal_scale immediately above. Please mark fixes [PATCH net] in the future. > --- > net/core/sock_reuseport.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/core/sock_reuseport.c b/net/core/sock_reuseport.c > index bbdd3c7b6cb5..b065f0a103ed 100644 > --- a/net/core/sock_reuseport.c > +++ b/net/core/sock_reuseport.c > @@ -293,7 +293,7 @@ struct sock *reuseport_select_sock(struct sock *sk, > i = j = reciprocal_scale(hash, socks); > while (reuse->socks[i]->sk_state == TCP_ESTABLISHED) { > i++; > - if (i >= reuse->num_socks) > + if (i >= socks) > i = 0; > if (i == j) > goto out; > -- > 2.17.1 >
On Thu, 7 Jan 2021 00:27:07 -0500 Willem de Bruijn wrote: > On Thu, Jan 7, 2021 at 12:11 AM Baptiste Lepers > <baptiste.lepers@gmail.com> wrote: > > > > reuse->socks[] is modified concurrently by reuseport_add_sock. To > > prevent reading values that have not been fully initialized, only read > > the array up until the last known safe index instead of incorrectly > > re-reading the last index of the array. > > > > Fixes: acdcecc61285f ("udp: correct reuseport selection with connected > > sockets") > > Signed-off-by: Baptiste Lepers <baptiste.lepers@gmail.com> > > Acked-by: Willem de Bruijn <willemb@google.com> > > Thanks. This also matches local variable socks as used to calculate i > and j with reciprocal_scale immediately above. > > Please mark fixes [PATCH net] in the future. And please don't wrap the fixes tags. Applied, thanks!
diff --git a/net/core/sock_reuseport.c b/net/core/sock_reuseport.c index bbdd3c7b6cb5..b065f0a103ed 100644 --- a/net/core/sock_reuseport.c +++ b/net/core/sock_reuseport.c @@ -293,7 +293,7 @@ struct sock *reuseport_select_sock(struct sock *sk, i = j = reciprocal_scale(hash, socks); while (reuse->socks[i]->sk_state == TCP_ESTABLISHED) { i++; - if (i >= reuse->num_socks) + if (i >= socks) i = 0; if (i == j) goto out;
reuse->socks[] is modified concurrently by reuseport_add_sock. To prevent reading values that have not been fully initialized, only read the array up until the last known safe index instead of incorrectly re-reading the last index of the array. Fixes: acdcecc61285f ("udp: correct reuseport selection with connected sockets") Signed-off-by: Baptiste Lepers <baptiste.lepers@gmail.com> --- net/core/sock_reuseport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)