[RFC PATCH v3 05/10] tcp, ulp: Add clone operation to tcp_ulp_ops

Wed, 09 Oct 2019 16:09:58 -0700 

If ULP is used on a listening socket, icsk_ulp_ops and icsk_ulp_data are
copied when the listener is cloned. Sometimes the clone is immediately
deleted, which will invoke the release op on the clone and likely
corrupt the listening socket's icsk_ulp_data.

The clone operation is invoked immediately after the clone is copied and
gives the ULP type an opportunity to set up the clone socket and its
icsk_ulp_data.

Signed-off-by: Mat Martineau <mathew.j.martin...@linux.intel.com>
---
 include/net/tcp.h               |  5 +++++
 net/ipv4/inet_connection_sock.c |  2 ++
 net/ipv4/tcp_ulp.c              | 12 ++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/include/net/tcp.h b/include/net/tcp.h
index 382e245a7909..16c9f21243ca 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -2126,6 +2126,9 @@ struct tcp_ulp_ops {
        /* diagnostic */
        int (*get_info)(const struct sock *sk, struct sk_buff *skb);
        size_t (*get_info_size)(const struct sock *sk);
+       /* clone ulp */
+       void (*clone)(const struct request_sock *req, struct sock *newsk,
+                     const gfp_t priority);
 
        char            name[TCP_ULP_NAME_MAX];
        struct module   *owner;
@@ -2136,6 +2139,8 @@ int tcp_set_ulp(struct sock *sk, const char *name);
 void tcp_get_available_ulp(char *buf, size_t len);
 void tcp_cleanup_ulp(struct sock *sk);
 void tcp_update_ulp(struct sock *sk, struct proto *p);
+void tcp_clone_ulp(const struct request_sock *req,
+                  struct sock *newsk, const gfp_t priority);
 
 #define MODULE_ALIAS_TCP_ULP(name)                             \
        __MODULE_INFO(alias, alias_userspace, name);            \
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index a9183543ca30..64857672e0b5 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -810,6 +810,8 @@ struct sock *inet_csk_clone_lock(const struct sock *sk,
                /* Deinitialize accept_queue to trap illegal accesses. */
                memset(&newicsk->icsk_accept_queue, 0, 
sizeof(newicsk->icsk_accept_queue));
 
+               tcp_clone_ulp(req, newsk, priority);
+
                security_inet_csk_clone(newsk, req);
        }
        return newsk;
diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c
index 4849edb62d52..27f949846450 100644
--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -127,6 +127,18 @@ void tcp_cleanup_ulp(struct sock *sk)
        icsk->icsk_ulp_ops = NULL;
 }
 
+void tcp_clone_ulp(const struct request_sock *req, struct sock *newsk,
+                  const gfp_t priority)
+{
+       struct inet_connection_sock *icsk = inet_csk(newsk);
+
+       if (!icsk->icsk_ulp_ops)
+               return;
+
+       if (icsk->icsk_ulp_ops->clone)
+               icsk->icsk_ulp_ops->clone(req, newsk, priority);
+}
+
 static int __tcp_set_ulp(struct sock *sk, const struct tcp_ulp_ops *ulp_ops)
 {
        struct inet_connection_sock *icsk = inet_csk(sk);
-- 
2.23.0

Reply via email to