bpf: sockmap, fix transition through disconnect without close
authorJohn Fastabend <john.fastabend@gmail.com>
Tue, 18 Sep 2018 16:01:49 +0000 (09:01 -0700)
committerDaniel Borkmann <daniel@iogearbox.net>
Sat, 22 Sep 2018 00:46:41 +0000 (02:46 +0200)
commitb05545e15e1ff1d6a6a8593971275f9cc3e6b92b
tree15a5f8f63fcea18adbfeeaff94ae6869f3cecc74
parent5607fff303636d48b88414c6be353d9fed700af2
bpf: sockmap, fix transition through disconnect without close

It is possible (via shutdown()) for TCP socks to go trough TCP_CLOSE
state via tcp_disconnect() without actually calling tcp_close which
would then call our bpf_tcp_close() callback. Because of this a user
could disconnect a socket then put it in a LISTEN state which would
break our assumptions about sockets always being ESTABLISHED state.

To resolve this rely on the unhash hook, which is called in the
disconnect case, to remove the sock from the sockmap.

Reported-by: Eric Dumazet <edumazet@google.com>
Fixes: 1aa12bdf1bfb ("bpf: sockmap, add sock close() hook to remove socks")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
kernel/bpf/sockmap.c