linux-hardened/net/ipv4
David S. Miller ec0a196626 tcp: Revert 'process defer accept as established' changes.
This reverts two changesets, ec3c0982a2
("[TCP]: TCP_DEFER_ACCEPT updates - process as established") and
the follow-on bug fix 9ae27e0adb
("tcp: Fix slab corruption with ipv6 and tcp6fuzz").

This change causes several problems, first reported by Ingo Molnar
as a distcc-over-loopback regression where connections were getting
stuck.

Ilpo Järvinen first spotted the locking problems.  The new function
added by this code, tcp_defer_accept_check(), only has the
child socket locked, yet it is modifying state of the parent
listening socket.

Fixing that is non-trivial at best, because we can't simply just grab
the parent listening socket lock at this point, because it would
create an ABBA deadlock.  The normal ordering is parent listening
socket --> child socket, but this code path would require the
reverse lock ordering.

Next is a problem noticed by Vitaliy Gusev, he noted:

----------------------------------------
>--- a/net/ipv4/tcp_timer.c
>+++ b/net/ipv4/tcp_timer.c
>@@ -481,6 +481,11 @@ static void tcp_keepalive_timer (unsigned long data)
> 		goto death;
> 	}
>
>+	if (tp->defer_tcp_accept.request && sk->sk_state == TCP_ESTABLISHED) {
>+		tcp_send_active_reset(sk, GFP_ATOMIC);
>+		goto death;

Here socket sk is not attached to listening socket's request queue. tcp_done()
will not call inet_csk_destroy_sock() (and tcp_v4_destroy_sock() which should
release this sk) as socket is not DEAD. Therefore socket sk will be lost for
freeing.
----------------------------------------

Finally, Alexey Kuznetsov argues that there might not even be any
real value or advantage to these new semantics even if we fix all
of the bugs:

----------------------------------------
Hiding from accept() sockets with only out-of-order data only
is the only thing which is impossible with old approach. Is this really
so valuable? My opinion: no, this is nothing but a new loophole
to consume memory without control.
----------------------------------------

So revert this thing for now.

Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-12 16:34:35 -07:00
..
ipvs ipvs: fix oops in backup for fwmark conn templates 2008-04-29 03:21:23 -07:00
netfilter netfilter: assign PDE->data before gluing PDE into /proc tree 2008-05-02 02:45:42 -07:00
af_inet.c Remove duplicated unlikely() in IS_ERR() 2008-04-29 08:06:25 -07:00
ah4.c [IPSEC]: Fix bogus usage of u64 on input sequence number 2008-02-12 22:50:35 -08:00
arp.c net/ipv4/arp.c: Use common hex_asc helpers 2008-05-21 17:34:32 -07:00
cipso_ipv4.c cipso: Relax too much careful cipso hash function. 2008-05-13 23:23:55 -07:00
datagram.c [IPV4] net/ipv4: Use ipv4_is_<type> 2008-01-28 14:58:15 -08:00
devinet.c route: Remove unused ifa_anycast field 2008-06-03 16:37:33 -07:00
esp4.c [ESP]: Ensure IV is in linear part of the skb to avoid BUG() due to OOB access 2008-03-27 16:08:03 -07:00
fib_frontend.c route: Mark unused routing attributes as such 2008-06-03 16:36:27 -07:00
fib_hash.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
fib_lookup.h [IPV4] FIB_HASH: Reduce memory needs and speedup lookups 2008-01-28 15:02:46 -08:00
fib_rules.c [NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS. 2008-03-26 04:39:55 +09:00
fib_semantics.c net: Fix routing tables with id > 255 for legacy software 2008-06-10 15:44:49 -07:00
fib_trie.c [NET]: Fix heavy stack usage in seq_file output routines. 2008-04-24 01:02:16 -07:00
icmp.c ipv4: Update MTU to all related cache entries in ip_rt_frag_needed() 2008-04-29 03:32:25 -07:00
igmp.c net: Allow netdevices to specify needed head/tailroom 2008-05-12 20:48:31 -07:00
inet_connection_sock.c tcp: Revert 'process defer accept as established' changes. 2008-06-12 16:34:35 -07:00
inet_diag.c [NETNS]: Tcp-v6 sockets per-net lookup. 2008-01-31 19:28:20 -08:00
inet_fragment.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-04-02 22:35:23 -07:00
inet_hashtables.c [INET]: Uninline the __inet_inherit_port call. 2008-04-17 23:18:15 -07:00
inet_lro.c [LRO] Fix lro_mgr->features checks 2008-01-08 23:30:18 -08:00
inet_timewait_sock.c [NETNS]: Add netns refcnt debug for timewait buckets. 2008-04-16 02:00:28 -07:00
inetpeer.c [INET]: Use list_head-s in inetpeer.c 2007-11-12 21:27:28 -08:00
ip_forward.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-04-02 22:35:23 -07:00
ip_fragment.c [IPV4]: Use NIPQUAD_FMT to format ipv4 addresses. 2008-04-14 04:09:00 -07:00
ip_gre.c net: The world is not perfect patch. 2008-05-21 17:47:54 -07:00
ip_input.c net/ipv4: correct RFC 1122 section reference in comment 2008-05-08 01:11:04 -07:00
ip_options.c [IPV4]: Convert do_gettimeofday() to getnstimeofday(). 2008-04-21 02:34:08 -07:00
ip_output.c [IPv4] UFO: prevent generation of chained skb destined to UFO device 2008-04-29 22:36:30 -07:00
ip_sockglue.c net: Add compat support for getsockopt (MCAST_MSFILTER) 2008-04-29 03:23:22 -07:00
ipcomp.c net: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:15:50 -04:00
ipconfig.c net: Allow netdevices to specify needed head/tailroom 2008-05-12 20:48:31 -07:00
ipip.c net: The world is not perfect patch. 2008-05-21 17:47:54 -07:00
ipmr.c [NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS. 2008-03-26 04:39:55 +09:00
Kconfig Documentation: move nfsroot.txt to filesystems/ 2008-04-11 13:18:01 -06:00
Makefile [UDP]: Revert udplite and code split. 2008-03-06 16:22:02 -08:00
netfilter.c [NETFILTER]: Add partial checksum validation helper 2008-04-14 11:15:49 +02:00
proc.c [IPV4][NETNS]: Display per-net info in sockstat file. 2008-03-31 19:43:18 -07:00
protocol.c
raw.c raw: Raw socket leak. 2008-06-04 15:16:12 -07:00
route.c route: Mark unused route cache flags as such. 2008-06-03 16:36:01 -07:00
syncookies.c inet{6}_request_sock: Init ->opt and ->pktopts in the constructor 2008-06-10 12:39:35 -07:00
sysctl_net_ipv4.c [NETNS][ICMP]: Make ctl tables for ICMP sysctls per-net. 2008-03-26 01:56:24 -07:00
tcp.c tcp: Revert 'process defer accept as established' changes. 2008-06-12 16:34:35 -07:00
tcp_bic.c [TCP]: BIC web page link is corrected. 2008-02-28 22:14:32 -08:00
tcp_cong.c tcp: Limit cwnd growth when deferring for GSO 2008-04-29 03:13:52 -07:00
tcp_cubic.c rename div64_64 to div64_u64 2008-05-01 08:03:58 -07:00
tcp_diag.c [INET]: Let inet_diag and friends autoload 2007-10-22 02:59:54 -07:00
tcp_highspeed.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_htcp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_hybla.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_illinois.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_input.c tcp: Revert 'process defer accept as established' changes. 2008-06-12 16:34:35 -07:00
tcp_ipv4.c tcp: Revert 'process defer accept as established' changes. 2008-06-12 16:34:35 -07:00
tcp_lp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_minisocks.c tcp: Revert 'process defer accept as established' changes. 2008-06-12 16:34:35 -07:00
tcp_output.c tcp: Increment OUTRSTS in tcp_send_active_reset() 2008-06-04 15:19:35 -07:00
tcp_probe.c tcp: tcp_probe buffer overflow and incorrect return value 2008-04-24 21:11:58 -07:00
tcp_scalable.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_timer.c tcp: Revert 'process defer accept as established' changes. 2008-06-12 16:34:35 -07:00
tcp_vegas.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_vegas.h
tcp_veno.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_westwood.c
tcp_yeah.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tunnel4.c [IPV4] TUNNEL4: Fix incoming packet length check for inter-protocol tunnel. 2008-06-05 04:02:33 +09:00
udp.c [IPV6]: inet_sk(sk)->cork.opt leak 2008-06-05 04:02:38 +09:00
udp_impl.h [UDP]: Make full use of proto.h.udp_hash innovation. 2008-03-22 16:51:21 -07:00
udplite.c [UDP]: Remove owner from udp_seq_afinfo. 2008-03-28 18:25:53 -07:00
xfrm4_input.c [IPSEC]: Fix transport-mode async resume on intput without netfilter 2008-01-28 15:00:10 -08:00
xfrm4_mode_beet.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_policy.c [NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS. 2008-03-26 04:39:53 +09:00
xfrm4_state.c [IPSEC]: Fix BEET output 2008-03-26 16:51:09 -07:00
xfrm4_tunnel.c [IPCOMP]: Fix reception of incompressible packets 2008-01-31 19:27:24 -08:00