1. 21 Oct, 2017 4 commits
    • Eric Dumazet's avatar
      tcp: fix tcp_send_syn_data() · ba233b34
      Eric Dumazet authored
      syn_data was allocated by sk_stream_alloc_skb(), meaning
      its destructor and _skb_refdst fields are mangled.
      
      We need to call tcp_skb_tsorted_anchor_cleanup() before
      calling kfree_skb() or kernel crashes.
      
      Bug was reported by syzkaller bot.
      
      Fixes: e2080072 ("tcp: new list for sent but unacked skbs for RACK recovery")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Acked-by: default avatarYuchung Cheng <ycheng@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba233b34
    • David S. Miller's avatar
      Merge branch 'ipv6-fixes-for-RTF_CACHE-entries' · 27188af5
      David S. Miller authored
      Paolo Abeni says:
      
      ====================
      ipv6: fixes for RTF_CACHE entries
      
      This series addresses 2 different but related issues with RTF_CACHE
      introduced by the recent refactory.
      
      patch 1 restore the gc timer for such routes
      patch 2 removes the aged out dst from the fib tree, properly coping with pMTU
      routes
      
      v1 -> v2:
       - dropped the  for ip route show cache
       - avoid touching dst.obsolete when the dst is aged out
      
      v2 -> v3:
       - take care of pMTU exceptions
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      27188af5
    • Paolo Abeni's avatar
      ipv6: remove from fib tree aged out RTF_CACHE dst · 1859bac0
      Paolo Abeni authored
      The commit 2b760fcf ("ipv6: hook up exception table to store
      dst cache") partially reverted the commit 1e2ea8ad ("ipv6: set
      dst.obsolete when a cached route has expired").
      
      As a result, RTF_CACHE dst referenced outside the fib tree will
      not be removed until the next sernum change; dst_check() does not
      fail on aged-out dst, and dst->__refcnt can't decrease: the aged
      out dst will stay valid for a potentially unlimited time after the
      timeout expiration.
      
      This change explicitly removes RTF_CACHE dst from the fib tree when
      aged out. The rt6_remove_exception() logic will then obsolete the
      dst and other entities will drop the related reference on next
      dst_check().
      
      pMTU exceptions are not aged-out, and are removed from the exception
      table only when the - usually considerably longer - ip6_rt_mtu_expires
      timeout expires.
      
      v1 -> v2:
        - do not touch dst.obsolete in rt6_remove_exception(), not needed
      v2 -> v3:
        - take care of pMTU exceptions, too
      
      Fixes: 2b760fcf ("ipv6: hook up exception table to store dst cache")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Acked-by: default avatarWei Wang <weiwan@google.com>
      Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1859bac0
    • Paolo Abeni's avatar
      ipv6: start fib6 gc on RTF_CACHE dst creation · b886d5f2
      Paolo Abeni authored
      After the commit 2b760fcf ("ipv6: hook up exception table
      to store dst cache"), the fib6 gc is not started after the
      creation of a RTF_CACHE via a redirect or pmtu update, since
      fib6_add() isn't invoked anymore for such dsts.
      
      We need the fib6 gc to run periodically to clean the RTF_CACHE,
      or the dst will stay there forever.
      
      Fix it by explicitly calling fib6_force_start_gc() on successful
      exception creation. gc_args->more accounting will ensure that
      the gc timer will run for whatever time needed to properly
      clean the table.
      
      v2 -> v3:
       - clarified the commit message
      
      Fixes: 2b760fcf ("ipv6: hook up exception table to store dst cache")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Acked-by: default avatarWei Wang <weiwan@google.com>
      Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b886d5f2
  2. 20 Oct, 2017 36 commits