On Fri, Dec 14, 2018 at 2:40 PM Christoph Paasch <cpaa...@apple.com> wrote:
>
...
> int tcp_fastopen_reset_cipher(struct net *net, struct sock *sk,
> void *key, unsigned int len)
> {
> @@ -96,13 +131,22 @@ error: kfree(ctx);
> spin_lock(&net->ipv4.tcp_fastopen_ctx_lock);
> if (sk) {
> q = &inet_csk(sk)->icsk_accept_queue.fastopenq;
> + rcu_assign_pointer(ctx->next, q->ctx);
At this point, ctx is not yet visible, so you do not need a barrier yet
ctx->next = q->ctx;
> + rcu_assign_pointer(q->ctx, ctx);
Note that readers could see 3 contexts in the chain, instead of maximum two.
This means that proc_tcp_fastopen_key() (your 3/5 change) would
overflow an automatic array :
while (ctxt) {
memcpy(&key[i], ctxt->key, TCP_FASTOPEN_KEY_LENGTH);
i += 4;
ctxt = rcu_dereference(ctxt->next);
}
> +
> octx = rcu_dereference_protected(q->ctx,
> lockdep_is_held(&net->ipv4.tcp_fastopen_ctx_lock));
> - rcu_assign_pointer(q->ctx, ctx);
> +
> + octx = tcp_fastopen_cut_keypool(octx,
> &net->ipv4.tcp_fastopen_ctx_lock);
> } else {
> + rcu_assign_pointer(ctx->next, net->ipv4.tcp_fastopen_ctx);
same remark here.
> + rcu_assign_pointer(net->ipv4.tcp_fastopen_ctx, ctx);
> +
> octx = rcu_dereference_protected(net->ipv4.tcp_fastopen_ctx,
> lockdep_is_held(&net->ipv4.tcp_fastopen_ctx_lock));
> - rcu_assign_pointer(net->ipv4.tcp_fastopen_ctx, ctx);
> +
> + octx = tcp_fastopen_cut_keypool(octx,
> +
> &net->ipv4.tcp_fastopen_ctx_lock);
> }
> spin_unlock(&net->ipv4.tcp_fastopen_ctx_lock);
>
> --
> 2.16.2
>
