AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
983,564 Commits 7 Branches 0 Tags 1.9 GiB
C 98%
Assembly 1.1%
Shell 0.3%
Makefile 0.3%
Python 0.1%
Other 0.1%
516760f1d2
Go to file
Jon Maxwell 516760f1d2 bpf: Fix request_sock leak in sk lookup helpers 
[ Upstream commit 3046a827316c0e55fc563b4fb78c93b9ca5c7c37 ]

A customer reported a request_socket leak in a Calico cloud environment. We
found that a BPF program was doing a socket lookup with takes a refcnt on
the socket and that it was finding the request_socket but returning the parent
LISTEN socket via sk_to_full_sk() without decrementing the child request socket
1st, resulting in request_sock slab object leak. This patch retains the
existing behaviour of returning full socks to the caller but it also decrements
the child request_socket if one is present before doing so to prevent the leak.

Thanks to Curtis Taylor for all the help in diagnosing and testing this. And
thanks to Antoine Tenart for the reproducer and patch input.

v2 of this patch contains, refactor as per Daniel Borkmann's suggestions to
validate RCU flags on the listen socket so that it balances with bpf_sk_release()
and update comments as per Martin KaFai Lau's suggestion. One small change to
Daniels suggestion, put "sk = sk2" under "if (sk2 != sk)" to avoid an extra
instruction.

Fixes: f7355a6c04 ("bpf: Check sk_fullsock() before returning from bpf_sk_lookup()")
Fixes: edbf8c01de ("bpf: add skc_lookup_tcp helper")
Co-developed-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Signed-off-by: Jon Maxwell <jmaxwell37@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Curtis Taylor <cutaylor-pub@yahoo.com>
Cc: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/56d6f898-bde0-bb25-3427-12a330b29fb8@iogearbox.net
Link: https://lore.kernel.org/bpf/20220615011540.813025-1-jmaxwell37@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-06-29 08:59:46 +02:00
arch arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer 2022-06-25 15:16:09 +02:00
block block: Fix handling of offline queues in blk_mq_alloc_request_hctx() 2022-06-22 14:13:17 +02:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:13:17 +02:00
crypto crypto: memneq - move into lib/ 2022-06-22 14:13:18 +02:00
Documentation x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data 2022-06-16 13:27:59 +02:00
drivers drm/msm: use for_each_sgtable_sg to iterate over scatterlist 2022-06-29 08:59:46 +02:00
fs btrfs: add error messages to all unrecognized mount options 2022-06-29 08:59:45 +02:00
include netfilter: nftables: add nft_parse_register_store() and use it 2022-06-29 08:59:46 +02:00
init Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug 2022-06-09 10:21:25 +02:00
ipc ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() 2022-06-09 10:21:17 +02:00
kernel dma-direct: don't over-decrypt memory 2022-06-22 14:13:20 +02:00
lib crypto: memneq - move into lib/ 2022-06-22 14:13:18 +02:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
mm hugetlb: fix huge_pmd_unshare address update 2022-06-09 10:21:27 +02:00
net bpf: Fix request_sock leak in sk lookup helpers 2022-06-29 08:59:46 +02:00
samples samples/bpf, xdpsock: Fix race when running for fix duration of time 2022-04-08 14:40:21 +02:00
scripts faddr2line: Fix overlapping text section failures, the sequel 2022-06-22 14:13:17 +02:00
security ima: remove the IMA_TEMPLATE Kconfig option 2022-06-09 10:21:25 +02:00
sound ALSA: hda/realtek: Add quirk for Clevo NS50PU 2022-06-29 08:59:45 +02:00
tools net/sched: act_police: more accurate MTU policing 2022-06-22 14:13:20 +02:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:25:48 +01:00
virt KVM: Prevent module exit until all VMs are freed 2022-04-08 14:40:38 +02:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: add git tree for random.c 2022-05-30 09:33:24 +02:00
Makefile Linux 5.10.126 2022-06-27 09:41:01 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.