Eric Dumazet 2b7cda9c35 tcp: fix tcp_mtu_probe() vs highest_sack ... Based on SNMP values provided by Roman, Yuchung made the observation that some crashes in tcp_sacktag_walk() might be caused by MTU probing. Looking at tcp_mtu_probe(), I found that when a new skb was placed in front of the write queue, we were not updating tcp highest sack. If one skb is freed because all its content was copied to the new skb (for MTU probing), then tp->highest_sack could point to a now freed skb. Bad things would then happen, including infinite loops. This patch renames tcp_highest_sack_combine() and uses it from tcp_mtu_probe() to fix the bug. Note that I also removed one test against tp->sacked_out, since we want to replace tp->highest_sack regardless of whatever condition, since keeping a stale pointer to freed skb is a recipe for disaster. Fixes: a47e5a988a ("[TCP]: Convert highest_sack to sk_buff to allow direct access") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Alexei Starovoitov <alexei.starovoitov@gmail.com> Reported-by: Roman Gushchin <guro@fb.com> Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name> Acked-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Neal Cardwell <ncardwell@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2017-11-01 21:18:34 +09:00
..
netfilter	netfilter: SYNPROXY: skip non-tcp packet in {ipv4, ipv6}_synproxy_hook	2017-10-09 13:08:39 +02:00
af_inet.c	net: Add comment that early_demux can change via sysctl	2017-08-28 15:17:29 -07:00
ah4.c
arp.c	neigh: increase queue_len_bytes to match wmem_default	2017-08-29 16:10:50 -07:00
cipso_ipv4.c	tcp/dccp: fix ireq->opt races	2017-10-21 01:33:19 +01:00
datagram.c
devinet.c	rtnetlink: make rtnl_register accept a flags parameter	2017-08-09 16:57:38 -07:00
esp4.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
esp4_offload.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
fib_frontend.c	rtnetlink: make rtnl_register accept a flags parameter	2017-08-09 16:57:38 -07:00
fib_lookup.h	ipv4: do metrics match when looking up and deleting a route	2017-08-23 20:37:10 -07:00
fib_notifier.c	net: Add module reference to FIB notifiers	2017-09-01 20:33:42 -07:00
fib_rules.c	net: fib_rules: Implement notification logic in core	2017-08-03 15:35:59 -07:00
fib_semantics.c	ipv4: do metrics match when looking up and deleting a route	2017-08-23 20:37:10 -07:00
fib_trie.c	ipv4: do metrics match when looking up and deleting a route	2017-08-23 20:37:10 -07:00
fou.c	gue: fix remcsum when GRO on and CHECKSUM_PARTIAL boundary is outer UDP	2017-08-01 16:09:14 -07:00
gre_demux.c
gre_offload.c	gso: fix payload length when gso_size is zero	2017-10-08 10:12:15 -07:00
icmp.c	ip/options: explicitly provide net ns to __ip_options_echo()	2017-08-06 20:51:12 -07:00
igmp.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-08-21 17:06:42 -07:00
inet_connection_sock.c	tcp/dccp: fix other lockdep splats accessing ireq_opt	2017-10-26 17:41:32 +09:00
inet_diag.c	inet_diag: allow protocols to provide additional data	2017-09-01 18:38:09 -07:00
inet_fragment.c	Revert "net: use lib/percpu_counter API for fragmentation mem accounting"	2017-09-03 11:01:05 -07:00
inet_hashtables.c	soreuseport: fix initialization race	2017-10-22 02:03:51 +01:00
inet_timewait_sock.c	net: convert sock.sk_refcnt from atomic_t to refcount_t	2017-07-01 07:39:08 -07:00
inetpeer.c	inetpeer: fix RCU lookup() again	2017-09-28 09:39:34 -07:00
ip_forward.c
ip_fragment.c	Revert "net: fix percpu memory leaks"	2017-09-03 11:01:05 -07:00
ip_gre.c	ip_gre: erspan device should keep dst	2017-10-01 22:30:32 -07:00
ip_input.c	IPv4: early demux can return an error code	2017-10-01 03:55:47 +01:00
ip_options.c	ip/options: explicitly provide net ns to __ip_options_echo()	2017-08-06 20:51:12 -07:00
ip_output.c	udp: remove unreachable ufo branches	2017-08-22 14:27:18 -07:00
ip_sockglue.c	net: ipv4: fix l3slave check for index returned in IP_PKTINFO	2017-09-15 14:27:51 -07:00
ip_tunnel.c	ip_tunnel: fix ip tunnel lookup in collect_md mode	2017-09-12 20:45:31 -07:00
ip_tunnel_core.c
ip_vti.c	vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit	2017-09-26 09:58:21 -07:00
ipcomp.c
ipconfig.c
ipip.c	ipip: only increase err_count for some certain type icmp in ipip_err	2017-10-27 23:43:31 +09:00
ipmr.c	rtnetlink: make rtnl_register accept a flags parameter	2017-08-09 16:57:38 -07:00
Kconfig	ip: update policy routing config help	2017-10-12 22:57:11 -07:00
Makefile
netfilter.c
ping.c	net: convert sock.sk_refcnt from atomic_t to refcount_t	2017-07-01 07:39:08 -07:00
proc.c	tcp: Revert "tcp: remove header prediction"	2017-08-30 11:20:09 -07:00
protocol.c
raw.c	net: ipv4: add second dif to multicast source filter	2017-08-07 11:39:22 -07:00
raw_diag.c	net: ipv6: add second dif to raw socket lookups	2017-08-07 11:39:22 -07:00
route.c	ipv4: Fix traffic triggered IPsec connections.	2017-10-09 09:39:50 -07:00
syncookies.c	tcp/dccp: fix ireq->opt races	2017-10-21 01:33:19 +01:00
sysctl_net_ipv4.c	tcp: remove low_latency sysctl	2017-07-31 14:37:49 -07:00
tcp.c	net: prepare (struct ubuf_info)->refcnt conversion	2017-09-01 20:22:03 -07:00
tcp_bbr.c	tcp_bbr: init pacing rate on first RTT sample	2017-07-15 14:43:29 -07:00
tcp_bic.c	tcp: consolidate congestion control undo functions	2017-08-06 21:25:10 -07:00
tcp_cdg.c	tcp: consolidate congestion control undo functions	2017-08-06 21:25:10 -07:00
tcp_cong.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-01 17:42:05 -07:00
tcp_cubic.c	tcp: consolidate congestion control undo functions	2017-08-06 21:25:10 -07:00
tcp_dctcp.c
tcp_diag.c	tcp_diag: report TCP MD5 signing keys and addresses	2017-09-01 18:38:09 -07:00
tcp_fastopen.c	tcp: Remove the unused parameter for tcp_try_fastopen.	2017-08-22 14:16:12 -07:00
tcp_highspeed.c	tcp: consolidate congestion control undo functions	2017-08-06 21:25:10 -07:00
tcp_htcp.c	tcp: fix cwnd undo in Reno and HTCP congestion controls	2017-08-06 21:25:10 -07:00
tcp_hybla.c
tcp_illinois.c	tcp: consolidate congestion control undo functions	2017-08-06 21:25:10 -07:00
tcp_input.c	tcp/dccp: fix ireq->opt races	2017-10-21 01:33:19 +01:00
tcp_ipv4.c	tcp/dccp: fix other lockdep splats accessing ireq_opt	2017-10-26 17:41:32 +09:00
tcp_lp.c
tcp_metrics.c
tcp_minisocks.c	tcp: Revert "tcp: remove header prediction"	2017-08-30 11:20:09 -07:00
tcp_nv.c	tcp: consolidate congestion control undo functions	2017-08-06 21:25:10 -07:00
tcp_offload.c	net: convert sock.sk_wmem_alloc from atomic_t to refcount_t	2017-07-01 07:39:08 -07:00
tcp_output.c	tcp: fix tcp_mtu_probe() vs highest_sack	2017-11-01 21:18:34 +09:00
tcp_probe.c	tcp: remove redundant argument from tcp_rcv_established()	2017-07-24 17:28:12 -07:00
tcp_rate.c
tcp_recovery.c	tcp: adjust tail loss probe timeout	2017-07-19 16:14:10 -07:00
tcp_scalable.c	tcp: consolidate congestion control undo functions	2017-08-06 21:25:10 -07:00
tcp_timer.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-08-09 16:28:45 -07:00
tcp_ulp.c	tcp: ulp: avoid module refcnt leak in tcp_set_ulp	2017-08-14 22:17:05 -07:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c	tcp: consolidate congestion control undo functions	2017-08-06 21:25:10 -07:00
tcp_westwood.c	tcp: Revert "tcp: remove CA_ACK_SLOWPATH"	2017-08-30 11:20:08 -07:00
tcp_yeah.c	tcp: consolidate congestion control undo functions	2017-08-06 21:25:10 -07:00
tunnel4.c
udp.c	soreuseport: fix initialization race	2017-10-22 02:03:51 +01:00
udp_diag.c	net: ipv6: add second dif to udp socket lookups	2017-08-07 11:39:22 -07:00
udp_impl.h
udp_offload.c	gso: fix payload length when gso_size is zero	2017-10-08 10:12:15 -07:00
udp_tunnel.c	net: add infrastructure to un-offload UDP tunnel port	2017-07-24 13:52:59 -07:00
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c	net: xfrm: support setting an output mark.	2017-08-11 07:03:00 +02:00
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c