Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/include
History
Eric Dumazet 858d2a4f67 tcp: fix potential race in tcp_v6_syn_recv_sock() 
Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock()
is done too late.

After tcp_v4_syn_recv_sock(), the child socket is already visible
from TCP ehash table and other cpus might use it.

Since newinet->pinet6 is still pointing to the listener ipv6_pinfo
bad things can happen as syzbot found.

Move the problematic code in tcp_v6_mapped_child_init()
and call this new helper from tcp_v4_syn_recv_sock() before
the ehash insertion.

This allows the removal of one tcp_sync_mss(), since
tcp_v4_syn_recv_sock() will call it with the correct
context.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: syzbot+937b5bbb6a815b3e5d0b@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/69949275.050a0220.2eeac1.0145.GAE@google.com/
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260217161205.2079883-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2026-02-19 14:02:19 -08:00
..
acpi
asm-generic
clocksource
crypto
cxl
drm
dt-bindings
hyperv
keys
kunit
kvm
linux Including fixes from Netfilter. 2026-02-19 10:39:08 -08:00
math-emu
media
memory
misc
net tcp: fix potential race in tcp_v6_syn_recv_sock() 2026-02-19 14:02:19 -08:00
pcmcia
ras
rdma
rv
scsi
soc
sound
target
trace
uapi Including fixes from Netfilter. 2026-02-19 10:39:08 -08:00
ufs
vdso
video
xen
Kbuild