linux/net/ipv6
Eric Dumazet 0d4f060861 tcp: dont handle MTU reduction on LISTEN socket
When an ICMP ICMP_FRAG_NEEDED (or ICMPV6_PKT_TOOBIG) message finds a
LISTEN socket, and this socket is currently owned by the user, we
set TCP_MTU_REDUCED_DEFERRED flag in listener tsq_flags.

This is bad because if we clone the parent before it had a chance to
clear the flag, the child inherits the tsq_flags value, and next
tcp_release_cb() on the child will decrement sk_refcnt.

Result is that we might free a live TCP socket, as reported by
Dormando.

IPv4: Attempt to release TCP socket in state 1

Fix this issue by testing sk_state against TCP_LISTEN early, so that we
set TCP_MTU_REDUCED_DEFERRED on appropriate sockets (not a LISTEN one)

This bug was introduced in commit 563d34d057
(tcp: dont drop MTU reduction indications)

Reported-by: dormando <dormando@rydia.net>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-18 13:31:28 -04:00
..
netfilter Merge branch 'master' of git://1984.lsi.us.es/nf-next 2013-02-18 23:42:09 -05:00
addrconf_core.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
addrconf.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
addrlabel.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
af_inet6.c ipv6: Use FIELD_SIZEOF() in inet6_init(). 2013-01-09 23:38:23 -08:00
ah6.c net: Add skb_unclone() helper function. 2013-02-15 15:10:37 -05:00
anycast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-05 14:12:20 -05:00
esp6.c ah6/esp6: set transport header correctly for IPsec tunnel mode. 2013-01-08 12:41:30 +01:00
exthdrs_core.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch 2012-11-30 12:01:30 -05:00
exthdrs_offload.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
exthdrs.c ipv6: Store Router Alert option in IP6CB directly. 2013-01-13 20:17:14 -05:00
fib6_rules.c ipv6: introduce ip6_rt_put() 2012-11-03 14:59:05 -04:00
icmp.c ipv6: Add an error handler for icmp6 2013-01-18 14:19:42 -05:00
inet6_connection_sock.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
inet6_hashtables.c soreuseport: TCP/IPv6 implementation 2013-01-23 13:44:01 -05:00
ip6_checksum.c ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
ip6_fib.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ip6_flowlabel.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-08 18:02:14 -05:00
ip6_input.c ipv6: stop multicast forwarding to process interface scoped addresses 2013-03-08 12:28:20 -05:00
ip6_offload.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ipv6: don't let node/interface scoped multicast traffic escape on the wire 2013-02-11 14:00:54 -05:00
ip6_tunnel.c ipv6: Introduce ip6_flow_hdr() to fill version, tclass and flowlabel. 2013-01-13 20:17:13 -05:00
ip6mr.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
ipcomp6.c ipv6: Add redirect support to all protocol icmp error handlers. 2012-07-12 00:25:15 -07:00
ipv6_sockglue.c ipv6: rename datagram_send_ctl and datagram_recv_ctl 2013-01-31 13:53:08 -05:00
Kconfig Merge branch 'akpm' (incoming from Andrew) 2013-02-21 17:38:49 -08:00
Makefile ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
mcast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
mip6.c ipv6: mip6: fix mip6_mh_filter() 2012-09-25 16:04:44 -04:00
ndisc.c ndisc: Use compound literals to build redirect message. 2013-01-21 13:33:18 -05:00
netfilter.c netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change 2012-08-30 03:00:15 +02:00
output_core.c ipv6: Update ipv6 static library with newly needed functions 2012-11-15 17:39:23 -05:00
proc.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
protocol.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
raw.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
reassembly.c ipv6: fix a sparse warning 2013-02-18 15:28:00 -05:00
route.c net: ipv6: Don't purge default router if accept_ra=2 2013-03-04 14:12:07 -05:00
sit.c ipv6: add anti-spoofing checks for 6to4 and 6rd 2013-01-29 15:22:03 -05:00
syncookies.c tcp: make sysctl_tcp_ecn namespace aware 2013-01-06 21:09:56 -08:00
sysctl_net_ipv6.c net: Enable some sysctls that are safe for the userns root 2012-11-18 20:33:00 -05:00
tcp_ipv6.c tcp: dont handle MTU reduction on LISTEN socket 2013-03-18 13:31:28 -04:00
tcpv6_offload.c net: Remove code duplication between offload structures 2012-11-15 17:39:51 -05:00
tunnel6.c net: ipv6: Standardize prefixes for message logging 2012-05-16 01:01:03 -04:00
udp_impl.h
udp_offload.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-02-05 14:12:20 -05:00
udplite.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c ipv6: fix warning in xfrm6_mode_tunnel_input 2013-02-18 12:42:47 -05:00
xfrm6_output.c xfrm6: remove unneeded NULL check in __xfrm6_output() 2012-02-01 02:52:48 -05:00
xfrm6_policy.c xfrm: release neighbor upon dst destruction 2013-02-18 14:57:29 -05:00
xfrm6_state.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
xfrm6_tunnel.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00