inet_diag: fix access to tcp cc information
Two different problems are fixed here : 1) inet_sk_diag_fill() might be called without socket lock held. icsk->icsk_ca_ops can change under us and module be unloaded. -> Access to freed memory. Fix this using rcu_read_lock() to prevent module unload. 2) Some TCP Congestion Control modules provide information but again this is not safe against icsk->icsk_ca_ops change and nla_put() errors were ignored. Some sockets could not get the additional info if skb was almost full. Fix this by returning a status from get_info() handlers and using rcu protection as well. Signed-off-by:Eric Dumazet <edumazet@google.com> Acked-by:
Daniel Borkmann <daniel@iogearbox.net> Signed-off-by:
David S. Miller <davem@davemloft.net>
Showing
- include/net/tcp.h 1 addition, 1 deletioninclude/net/tcp.h
- net/ipv4/inet_diag.c 22 additions, 6 deletionsnet/ipv4/inet_diag.c
- net/ipv4/tcp_dctcp.c 3 additions, 2 deletionsnet/ipv4/tcp_dctcp.c
- net/ipv4/tcp_illinois.c 3 additions, 3 deletionsnet/ipv4/tcp_illinois.c
- net/ipv4/tcp_vegas.c 3 additions, 2 deletionsnet/ipv4/tcp_vegas.c
- net/ipv4/tcp_vegas.h 1 addition, 1 deletionnet/ipv4/tcp_vegas.h
- net/ipv4/tcp_westwood.c 3 additions, 3 deletionsnet/ipv4/tcp_westwood.c
Please register or sign in to comment