sctp: Don't call sk->sk_prot->init() in sctp_v[46]_create_accept_sk().

sctp_accept() calls sctp_v[46]_create_accept_sk() to allocate a new
socket and calls sctp_sock_migrate() to copy fields from the parent
socket to the new socket.

sctp_v[46]_create_accept_sk() calls sctp_init_sock() to initialise
sctp_sock, but most fields are overwritten by sctp_copy_descendant()
called from sctp_sock_migrate().

Things done in sctp_init_sock() but not in sctp_sock_migrate() are
the following:

  1. Copy sk->sk_gso
  2. Copy sk->sk_destruct (sctp_v6_init_sock())
  3. Allocate sctp_sock.ep
  4. Initialise sctp_sock.pd_lobby
  5. Count sk_sockets_allocated_inc(), sock_prot_inuse_add(),
     and SCTP_DBG_OBJCNT_INC()

Let's do these in sctp_copy_sock() and sctp_sock_migrate() and avoid
calling sk->sk_prot->init() in sctp_v[46]_create_accept_sk().

Note that sk->sk_destruct is already copied in sctp_copy_sock().

Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Acked-by: Xin Long <lucien.xin@gmail.com>
Link: https://patch.msgid.link/20251023231751.4168390-4-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index d725b215875888eb7d5af40f5852836fb86c118a..c0762424a8544e14ed5337bbf7408e62e1b45df4 100644 (file)
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -789,7 +789,7 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
 
        newsk = sk_alloc(sock_net(sk), PF_INET6, GFP_KERNEL, sk->sk_prot, kern);
        if (!newsk)
-               goto out;
+               return NULL;
 
        sock_init_data(NULL, newsk);
 
@@ -818,12 +818,6 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
 
        newsk->sk_v6_rcv_saddr = sk->sk_v6_rcv_saddr;
 
-       if (newsk->sk_prot->init(newsk)) {
-               sk_common_release(newsk);
-               newsk = NULL;
-       }
-
-out:
        return newsk;
 }
 

diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 9dbc24af749b5ff48e973209245e310eafe828b7..ad2722d1ec150e7ed267597b320bf0b282138612 100644 (file)
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -590,7 +590,7 @@ static struct sock *sctp_v4_create_accept_sk(struct sock *sk,
        struct inet_sock *newinet;
 
        if (!newsk)
-               goto out;
+               return NULL;
 
        sock_init_data(NULL, newsk);
 
@@ -603,12 +603,6 @@ static struct sock *sctp_v4_create_accept_sk(struct sock *sk,
 
        newinet->inet_daddr = asoc->peer.primary_addr.v4.sin_addr.s_addr;
 
-       if (newsk->sk_prot->init(newsk)) {
-               sk_common_release(newsk);
-               newsk = NULL;
-       }
-
-out:
        return newsk;
 }
 

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 735b1222af955888760f827e6257866fe30906da..70c75ac8da55dc74f35a02e9b39a32969db6b6ce 100644 (file)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4851,7 +4851,7 @@ static int sctp_disconnect(struct sock *sk, int flags)
  */
 static struct sock *sctp_accept(struct sock *sk, struct proto_accept_arg *arg)
 {
-       struct sctp_sock *sp;
+       struct sctp_sock *sp, *newsp;
        struct sctp_endpoint *ep;
        struct sock *newsk = NULL;
        struct sctp_association *asoc;
@@ -4891,19 +4891,35 @@ static struct sock *sctp_accept(struct sock *sk, struct proto_accept_arg *arg)
                goto out;
        }
 
+       newsp = sctp_sk(newsk);
+       newsp->ep = sctp_endpoint_new(newsk, GFP_KERNEL);
+       if (!newsp->ep) {
+               error = -ENOMEM;
+               goto out_release;
+       }
+
+       skb_queue_head_init(&newsp->pd_lobby);
+
+       sk_sockets_allocated_inc(newsk);
+       sock_prot_inuse_add(sock_net(sk), newsk->sk_prot, 1);
+       SCTP_DBG_OBJCNT_INC(sock);
+
        /* Populate the fields of the newsk from the oldsk and migrate the
         * asoc to the newsk.
         */
        error = sctp_sock_migrate(sk, newsk, asoc, SCTP_SOCKET_TCP);
-       if (error) {
-               sk_common_release(newsk);
-               newsk = NULL;
-       }
+       if (error)
+               goto out_release;
 
 out:
        release_sock(sk);
        arg->err = error;
        return newsk;
+
+out_release:
+       sk_common_release(newsk);
+       newsk = NULL;
+       goto out;
 }
 
 /* The SCTP ioctl handler. */
@@ -9469,6 +9485,7 @@ void sctp_copy_sock(struct sock *newsk, struct sock *sk,
        newsk->sk_rcvtimeo = READ_ONCE(sk->sk_rcvtimeo);
        newsk->sk_sndtimeo = READ_ONCE(sk->sk_sndtimeo);
        newsk->sk_rxhash = sk->sk_rxhash;
+       newsk->sk_gso_type = sk->sk_gso_type;
 
        newinet = inet_sk(newsk);