tcp: fix syn cookied MPTCP request socket leak

Paolo Abeni · davem330 · commit 9d8c05ad5627 · 2020-10-02T15:34:38.000-07:00
If a syn-cookies request socket don't pass MPTCP-level validation done in syn_recv_sock(), we need to release it immediately, or it will be leaked. Closes: multipath-tcp/mptcp_net-next#89 Fixes: 9466a1c ("mptcp: enable JOIN requests even if cookies are in use") Reported-and-tested-by: Geliang Tang <geliangtang@gmail.com> Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
@@ -214,7 +214,7 @@ struct sock *tcp_get_cookie_sock(struct sock *sk, struct sk_buff *skb,
 		sock_rps_save_rxhash(child, skb);
 
 		if (rsk_drop_req(req)) {
-			refcount_set(&req->rsk_refcnt, 2);
+			reqsk_put(req);
 			return child;
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -214,7 +214,7 @@ struct sock tcp_get_cookie_sock(struct sock sk, struct sk_buff *skb,`
`214`	`214`	`sock_rps_save_rxhash(child, skb);`
`215`	`215`
`216`	`216`	`if (rsk_drop_req(req)) {`
`217`		`- refcount_set(&req->rsk_refcnt, 2);`
	`217`	`+ reqsk_put(req);`
`218`	`218`	`return child;`
`219`	`219`	`}`
`220`	`220`