提交 fda48a0d 编写于 作者: E Eric Dumazet 提交者: David S. Miller

tcp: bind() fix when many ports are bound

Port autoselection done by kernel only works when number of bound
sockets is under a threshold (typically 30000).

When this threshold is over, we must check if there is a conflict before
exiting first loop in inet_csk_get_port()

Change inet_csk_bind_conflict() to forbid two reuse-enabled sockets to
bind on same (address,port) tuple (with a non ANY address)

Same change for inet6_csk_bind_conflict()
Reported-by: NGaspar Chilingarov <gasparch@gmail.com>
Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
Acked-by: NEvgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 24acc689
...@@ -70,13 +70,17 @@ int inet_csk_bind_conflict(const struct sock *sk, ...@@ -70,13 +70,17 @@ int inet_csk_bind_conflict(const struct sock *sk,
(!sk->sk_bound_dev_if || (!sk->sk_bound_dev_if ||
!sk2->sk_bound_dev_if || !sk2->sk_bound_dev_if ||
sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) { sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
const __be32 sk2_rcv_saddr = inet_rcv_saddr(sk2);
if (!reuse || !sk2->sk_reuse || if (!reuse || !sk2->sk_reuse ||
sk2->sk_state == TCP_LISTEN) { sk2->sk_state == TCP_LISTEN) {
const __be32 sk2_rcv_saddr = inet_rcv_saddr(sk2);
if (!sk2_rcv_saddr || !sk_rcv_saddr || if (!sk2_rcv_saddr || !sk_rcv_saddr ||
sk2_rcv_saddr == sk_rcv_saddr) sk2_rcv_saddr == sk_rcv_saddr)
break; break;
} } else if (reuse && sk2->sk_reuse &&
sk2_rcv_saddr &&
sk2_rcv_saddr == sk_rcv_saddr)
break;
} }
} }
return node != NULL; return node != NULL;
...@@ -120,9 +124,11 @@ int inet_csk_get_port(struct sock *sk, unsigned short snum) ...@@ -120,9 +124,11 @@ int inet_csk_get_port(struct sock *sk, unsigned short snum)
smallest_size = tb->num_owners; smallest_size = tb->num_owners;
smallest_rover = rover; smallest_rover = rover;
if (atomic_read(&hashinfo->bsockets) > (high - low) + 1) { if (atomic_read(&hashinfo->bsockets) > (high - low) + 1) {
spin_unlock(&head->lock); if (!inet_csk(sk)->icsk_af_ops->bind_conflict(sk, tb)) {
snum = smallest_rover; spin_unlock(&head->lock);
goto have_snum; snum = smallest_rover;
goto have_snum;
}
} }
} }
goto next; goto next;
......
...@@ -42,11 +42,16 @@ int inet6_csk_bind_conflict(const struct sock *sk, ...@@ -42,11 +42,16 @@ int inet6_csk_bind_conflict(const struct sock *sk,
if (sk != sk2 && if (sk != sk2 &&
(!sk->sk_bound_dev_if || (!sk->sk_bound_dev_if ||
!sk2->sk_bound_dev_if || !sk2->sk_bound_dev_if ||
sk->sk_bound_dev_if == sk2->sk_bound_dev_if) && sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
(!sk->sk_reuse || !sk2->sk_reuse || if ((!sk->sk_reuse || !sk2->sk_reuse ||
sk2->sk_state == TCP_LISTEN) && sk2->sk_state == TCP_LISTEN) &&
ipv6_rcv_saddr_equal(sk, sk2)) ipv6_rcv_saddr_equal(sk, sk2))
break; break;
else if (sk->sk_reuse && sk2->sk_reuse &&
!ipv6_addr_any(inet6_rcv_saddr(sk2)) &&
ipv6_rcv_saddr_equal(sk, sk2))
break;
}
} }
return node != NULL; return node != NULL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册