From: Tim Froidcoeur <tim.froidco...@tessares.net> Date: Tue, 11 Aug 2020 20:33:22 +0200
> In the case of TPROXY, bind_conflict optimizations for SO_REUSEADDR or > SO_REUSEPORT are broken, possibly resulting in O(n) instead of O(1) bind > behaviour or in the incorrect reuse of a bind. > > the kernel keeps track for each bind_bucket if all sockets in the > bind_bucket support SO_REUSEADDR or SO_REUSEPORT in two fastreuse flags. > These flags allow skipping the costly bind_conflict check when possible > (meaning when all sockets have the proper SO_REUSE option). > > For every socket added to a bind_bucket, these flags need to be updated. > As soon as a socket that does not support reuse is added, the flag is > set to false and will never go back to true, unless the bind_bucket is > deleted. > > Note that there is no mechanism to re-evaluate these flags when a socket > is removed (this might make sense when removing a socket that would not > allow reuse; this leaves room for a future patch). > > For this optimization to work, it is mandatory that these flags are > properly initialized and updated. > > When a child socket is created from a listen socket in > __inet_inherit_port, the TPROXY case could create a new bind bucket > without properly initializing these flags, thus preventing the > optimization to work. Alternatively, a socket not allowing reuse could > be added to an existing bind bucket without updating the flags, causing > bind_conflict to never be called as it should. > > Patch 1/2 refactors the fastreuse update code in inet_csk_get_port into a > small helper function, making the actual fix tiny and easier to understand. > > Patch 2/2 calls this new helper when __inet_inherit_port decides to create > a new bind_bucket or use a different bind_bucket than the one of the listen > socket. > > v4: - rebase on latest linux/net master branch > v3: - remove company disclaimer from automatic signature > v2: - remove unnecessary cast Series applied and queued up for -stable, thank you.
