[3.11.y.z extended stable] Patch "net-tcp: fix panic in tcp_fastopen_cache_set()" has been added to staging queue

Luis Henriques luis.henriques at canonical.com
Wed Dec 11 14:39:32 UTC 2013 

This is a note to let you know that I have just added a patch titled

    net-tcp: fix panic in tcp_fastopen_cache_set()

to the linux-3.11.y-queue branch of the 3.11.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.11.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.11.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

>From 4b138035852b54ce8419a84645f844cb3b3b56a6 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet at google.com>
Date: Wed, 13 Nov 2013 15:00:46 -0800
Subject: net-tcp: fix panic in tcp_fastopen_cache_set()

commit dccf76ca6b626c0c4a4e09bb221adee3270ab0ef upstream.

We had some reports of crashes using TCP fastopen, and Dave Jones
gave a nice stack trace pointing to the error.

Issue is that tcp_get_metrics() should not be called with a NULL dst

Fixes: 1fe4c481ba637 ("net-tcp: Fast Open client - cookie cache")
Signed-off-by: Eric Dumazet <edumazet at google.com>
Reported-by: Dave Jones <davej at redhat.com>
Cc: Yuchung Cheng <ycheng at google.com>
Acked-by: Yuchung Cheng <ycheng at google.com>
Tested-by: Dave Jones <davej at fedoraproject.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 net/ipv4/tcp_metrics.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
index f6a005c..306dbd9 100644
--- a/net/ipv4/tcp_metrics.c
+++ b/net/ipv4/tcp_metrics.c
@@ -665,10 +665,13 @@ void tcp_fastopen_cache_get(struct sock *sk, u16 *mss,
 void tcp_fastopen_cache_set(struct sock *sk, u16 mss,
 			    struct tcp_fastopen_cookie *cookie, bool syn_lost)
 {
+	struct dst_entry *dst = __sk_dst_get(sk);
 	struct tcp_metrics_block *tm;

+	if (!dst)
+		return;
 	rcu_read_lock();
-	tm = tcp_get_metrics(sk, __sk_dst_get(sk), true);
+	tm = tcp_get_metrics(sk, dst, true);
 	if (tm) {
 		struct tcp_fastopen_metrics *tfom = &tm->tcpm_fastopen;

--
1.8.3.2

More information about the kernel-team mailing list