| From foo@baz Mon 17 Aug 2020 11:30:21 AM CEST |
| From: Tim Froidcoeur <tim.froidcoeur@tessares.net> |
| Date: Tue, 11 Aug 2020 20:33:24 +0200 |
| Subject: net: initialize fastreuse on inet_inherit_port |
| |
| From: Tim Froidcoeur <tim.froidcoeur@tessares.net> |
| |
| [ Upstream commit d76f3351cea2d927fdf70dd7c06898235035e84e ] |
| |
| In the case of TPROXY, bind_conflict optimizations for SO_REUSEADDR or |
| SO_REUSEPORT are broken, possibly resulting in O(n) instead of O(1) bind |
| behaviour or in the incorrect reuse of a bind. |
| |
| the kernel keeps track for each bind_bucket if all sockets in the |
| bind_bucket support SO_REUSEADDR or SO_REUSEPORT in two fastreuse flags. |
| These flags allow skipping the costly bind_conflict check when possible |
| (meaning when all sockets have the proper SO_REUSE option). |
| |
| For every socket added to a bind_bucket, these flags need to be updated. |
| As soon as a socket that does not support reuse is added, the flag is |
| set to false and will never go back to true, unless the bind_bucket is |
| deleted. |
| |
| Note that there is no mechanism to re-evaluate these flags when a socket |
| is removed (this might make sense when removing a socket that would not |
| allow reuse; this leaves room for a future patch). |
| |
| For this optimization to work, it is mandatory that these flags are |
| properly initialized and updated. |
| |
| When a child socket is created from a listen socket in |
| __inet_inherit_port, the TPROXY case could create a new bind bucket |
| without properly initializing these flags, thus preventing the |
| optimization to work. Alternatively, a socket not allowing reuse could |
| be added to an existing bind bucket without updating the flags, causing |
| bind_conflict to never be called as it should. |
| |
| Call inet_csk_update_fastreuse when __inet_inherit_port decides to create |
| a new bind_bucket or use a different bind_bucket than the one of the |
| listen socket. |
| |
| Fixes: 093d282321da ("tproxy: fix hash locking issue when using port redirection in __inet_inherit_port()") |
| Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net> |
| Signed-off-by: Tim Froidcoeur <tim.froidcoeur@tessares.net> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv4/inet_hashtables.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- a/net/ipv4/inet_hashtables.c |
| +++ b/net/ipv4/inet_hashtables.c |
| @@ -163,6 +163,7 @@ int __inet_inherit_port(const struct soc |
| return -ENOMEM; |
| } |
| } |
| + inet_csk_update_fastreuse(tb, child); |
| } |
| inet_bind_hash(child, tb, port); |
| spin_unlock(&head->lock); |