From: Greg Kroah-Hartman Date: Tue, 18 Aug 2020 07:08:40 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.19.140~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=131a36058b9fdfa4e348f1fca346f26541c92e16;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: net-initialize-fastreuse-on-inet_inherit_port.patch --- diff --git a/queue-4.14/net-initialize-fastreuse-on-inet_inherit_port.patch b/queue-4.14/net-initialize-fastreuse-on-inet_inherit_port.patch new file mode 100644 index 00000000000..fa501b6f4e4 --- /dev/null +++ b/queue-4.14/net-initialize-fastreuse-on-inet_inherit_port.patch @@ -0,0 +1,61 @@ +From d76f3351cea2d927fdf70dd7c06898235035e84e Mon Sep 17 00:00:00 2001 +From: Tim Froidcoeur +Date: Tue, 11 Aug 2020 20:33:24 +0200 +Subject: net: initialize fastreuse on inet_inherit_port + +From: Tim Froidcoeur + +commit d76f3351cea2d927fdf70dd7c06898235035e84e upstream. + +In the case of TPROXY, bind_conflict optimizations for SO_REUSEADDR or +SO_REUSEPORT are broken, possibly resulting in O(n) instead of O(1) bind +behaviour or in the incorrect reuse of a bind. + +the kernel keeps track for each bind_bucket if all sockets in the +bind_bucket support SO_REUSEADDR or SO_REUSEPORT in two fastreuse flags. +These flags allow skipping the costly bind_conflict check when possible +(meaning when all sockets have the proper SO_REUSE option). + +For every socket added to a bind_bucket, these flags need to be updated. +As soon as a socket that does not support reuse is added, the flag is +set to false and will never go back to true, unless the bind_bucket is +deleted. + +Note that there is no mechanism to re-evaluate these flags when a socket +is removed (this might make sense when removing a socket that would not +allow reuse; this leaves room for a future patch). + +For this optimization to work, it is mandatory that these flags are +properly initialized and updated. + +When a child socket is created from a listen socket in +__inet_inherit_port, the TPROXY case could create a new bind bucket +without properly initializing these flags, thus preventing the +optimization to work. Alternatively, a socket not allowing reuse could +be added to an existing bind bucket without updating the flags, causing +bind_conflict to never be called as it should. + +Call inet_csk_update_fastreuse when __inet_inherit_port decides to create +a new bind_bucket or use a different bind_bucket than the one of the +listen socket. + +Fixes: 093d282321da ("tproxy: fix hash locking issue when using port redirection in __inet_inherit_port()") +Acked-by: Matthieu Baerts +Signed-off-by: Tim Froidcoeur +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/ipv4/inet_hashtables.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/ipv4/inet_hashtables.c ++++ b/net/ipv4/inet_hashtables.c +@@ -160,6 +160,7 @@ int __inet_inherit_port(const struct soc + return -ENOMEM; + } + } ++ inet_csk_update_fastreuse(tb, child); + } + inet_bind_hash(child, tb, port); + spin_unlock(&head->lock); diff --git a/queue-4.14/series b/queue-4.14/series index 5e07db80ee7..34e9f5b904d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -163,3 +163,4 @@ arm-8992-1-fix-unwind_frame-for-clang-built-kernels.patch irqdomain-treewide-free-firmware-node-after-domain-removal.patch xen-balloon-fix-accounting-in-alloc_xenballooned_pages-error-path.patch xen-balloon-make-the-balloon-wait-interruptible.patch +net-initialize-fastreuse-on-inet_inherit_port.patch