mirror of
https://github.com/torvalds/linux.git
synced 2024-11-26 14:12:06 +00:00
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
When connect() is called on a socket bound to the wildcard address, we change the socket's saddr to a local address. If the socket fails to connect() to the destination, we have to reset the saddr. However, when an error occurs after inet_hash6?_connect() in (dccp|tcp)_v[46]_conect(), we forget to reset saddr and leave the socket bound to the address. From the user's point of view, whether saddr is reset or not varies with errno. Let's fix this inconsistent behaviour. Note that after this patch, the repro [0] will trigger the WARN_ON() in inet_csk_get_port() again, but this patch is not buggy and rather fixes a bug papering over the bhash2's bug for which we need another fix. For the record, the repro causes -EADDRNOTAVAIL in inet_hash6_connect() by this sequence: s1 = socket() s1.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1) s1.bind(('127.0.0.1', 10000)) s1.sendto(b'hello', MSG_FASTOPEN, (('127.0.0.1', 10000))) # or s1.connect(('127.0.0.1', 10000)) s2 = socket() s2.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1) s2.bind(('0.0.0.0', 10000)) s2.connect(('127.0.0.1', 10000)) # -EADDRNOTAVAIL s2.listen(32) # WARN_ON(inet_csk(sk)->icsk_bind2_hash != tb2); [0]: https://syzkaller.appspot.com/bug?extid=015d756bbd1f8b5c8f09 Fixes:3df80d9320
("[DCCP]: Introduce DCCPv6") Fixes:7c657876b6
("[DCCP]: Initial implementation") Fixes:1da177e4c3
("Linux-2.6.12-rc2") Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Acked-by: Joanne Koong <joannelkoong@gmail.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
parent
2dc4ac91f8
commit
77934dc6db
@ -157,6 +157,8 @@ failure:
|
|||||||
* This unhashes the socket and releases the local port, if necessary.
|
* This unhashes the socket and releases the local port, if necessary.
|
||||||
*/
|
*/
|
||||||
dccp_set_state(sk, DCCP_CLOSED);
|
dccp_set_state(sk, DCCP_CLOSED);
|
||||||
|
if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
|
||||||
|
inet_reset_saddr(sk);
|
||||||
ip_rt_put(rt);
|
ip_rt_put(rt);
|
||||||
sk->sk_route_caps = 0;
|
sk->sk_route_caps = 0;
|
||||||
inet->inet_dport = 0;
|
inet->inet_dport = 0;
|
||||||
|
@ -985,6 +985,8 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
|
|||||||
|
|
||||||
late_failure:
|
late_failure:
|
||||||
dccp_set_state(sk, DCCP_CLOSED);
|
dccp_set_state(sk, DCCP_CLOSED);
|
||||||
|
if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
|
||||||
|
inet_reset_saddr(sk);
|
||||||
__sk_dst_reset(sk);
|
__sk_dst_reset(sk);
|
||||||
failure:
|
failure:
|
||||||
inet->inet_dport = 0;
|
inet->inet_dport = 0;
|
||||||
|
@ -343,6 +343,8 @@ failure:
|
|||||||
* if necessary.
|
* if necessary.
|
||||||
*/
|
*/
|
||||||
tcp_set_state(sk, TCP_CLOSE);
|
tcp_set_state(sk, TCP_CLOSE);
|
||||||
|
if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
|
||||||
|
inet_reset_saddr(sk);
|
||||||
ip_rt_put(rt);
|
ip_rt_put(rt);
|
||||||
sk->sk_route_caps = 0;
|
sk->sk_route_caps = 0;
|
||||||
inet->inet_dport = 0;
|
inet->inet_dport = 0;
|
||||||
|
@ -359,6 +359,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
|
|||||||
|
|
||||||
late_failure:
|
late_failure:
|
||||||
tcp_set_state(sk, TCP_CLOSE);
|
tcp_set_state(sk, TCP_CLOSE);
|
||||||
|
if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
|
||||||
|
inet_reset_saddr(sk);
|
||||||
failure:
|
failure:
|
||||||
inet->inet_dport = 0;
|
inet->inet_dport = 0;
|
||||||
sk->sk_route_caps = 0;
|
sk->sk_route_caps = 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user