• Eric Dumazet's avatar
    tcp: connect() race with timewait reuse · 13475a30
    Eric Dumazet authored
    Its currently possible that several threads issuing a connect() find
    the same timewait socket and try to reuse it, leading to list
    corruptions.
    
    Condition for bug is that these threads bound their socket on same
    address/port of to-be-find timewait socket, and connected to same
    target. (SO_REUSEADDR needed)
    
    To fix this problem, we could unhash timewait socket while holding
    ehash lock, to make sure lookups/changes will be serialized. Only
    first thread finds the timewait socket, other ones find the
    established socket and return an EADDRNOTAVAIL error.
    
    This second version takes into account Evgeniy's review and makes sure
    inet_twsk_put() is called outside of locked sections.
    Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    13475a30
inet_timewait_sock.h 6.83 KB