From: Craig Gallek <kraigatg...@gmail.com>
Date: Thu, 19 Oct 2017 15:00:29 -0400
> From: Craig Gallek <kr...@google.com>
>
> Syzkaller stumbled upon a way to trigger
> WARNING: CPU: 1 PID: 13881 at net/core/sock_reuseport.c:41
> reuseport_alloc+0x306/0x3b0 net/core/sock_reuseport.c:39
>
> There are two initialization paths for the sock_reuseport structure in a
> socket: Through the udp/tcp bind paths of SO_REUSEPORT sockets or through
> SO_ATTACH_REUSEPORT_[CE]BPF before bind. The existing implementation
> assumedthat the socket lock protected both of these paths when it actually
> only protects the SO_ATTACH_REUSEPORT path. Syzkaller triggered this
> double allocation by running these paths concurrently.
>
> This patch moves the check for double allocation into the reuseport_alloc
> function which is protected by a global spin lock.
>
> Fixes: e32ea7e74727 ("soreuseport: fast reuseport UDP socket selection")
> Fixes: c125e80b8868 ("soreuseport: fast reuseport TCP socket selection")
> Signed-off-by: Craig Gallek <kr...@google.com>
Applied and queued up for -stable.
