From: Eric Dumazet <eric.duma...@gmail.com>
Date: Tue, 05 Dec 2017 12:45:56 -0800
> From: Eric Dumazet <eduma...@google.com>
>
> Alexander Potapenko reported use of uninitialized memory [1]
>
> This happens when inserting a request socket into TCP ehash,
> in __sk_nulls_add_node_rcu(), since sk_reuseport is not initialized.
>
> Bug was added by commit d894ba18d4e4 ("soreuseport: fix ordering for
> mixed v4/v6 sockets")
>
> Note that d296ba60d8e2 ("soreuseport: Resolve merge conflict for v4/v6
> ordering fix") missed the opportunity to get rid of
> hlist_nulls_add_tail_rcu() :
>
> Both UDP sockets and TCP/DCCP listeners no longer use
> __sk_nulls_add_node_rcu() for their hash insertion.
>
> Since all other sockets have unique 4-tuple, the reuseport status
> has no special meaning, so we can always use hlist_nulls_add_head_rcu()
> for them and save few cycles/instructions.
>
> [1]
...
> Fixes: d894ba18d4e4 ("soreuseport: fix ordering for mixed v4/v6 sockets")
> Fixes: d296ba60d8e2 ("soreuseport: Resolve merge conflict for v4/v6 ordering
> fix")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: Alexander Potapenko <gli...@google.com>
> Acked-by: Craig Gallek <kr...@google.com>
I was just talking with Craig and Willem about this change the other
day, what a coincidence :-)
Applied and queued up for -stable, thanks Eric.
