From: Paolo Abeni <pabeni@redhat.com>
Date: Fri, 2 Oct 2020 10:39:44 +0000 (+0200)
Subject: tcp: fix syn cookied MPTCP request socket leak
X-Git-Tag: v5.10.7~1546^2~8
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9d8c05ad5627b3a650087c14c67dd1d22a6368ab;p=platform%2Fkernel%2Flinux-rpi.git

tcp: fix syn cookied MPTCP request socket leak

If a syn-cookies request socket don't pass MPTCP-level
validation done in syn_recv_sock(), we need to release
it immediately, or it will be leaked.

Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/89
Fixes: 9466a1ccebbe ("mptcp: enable JOIN requests even if cookies are in use")
Reported-and-tested-by: Geliang Tang <geliangtang@gmail.com>
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index f0794f0..e037566 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -214,7 +214,7 @@ struct sock *tcp_get_cookie_sock(struct sock *sk, struct sk_buff *skb,
 		sock_rps_save_rxhash(child, skb);
 
 		if (rsk_drop_req(req)) {
-			refcount_set(&req->rsk_refcnt, 2);
+			reqsk_put(req);
 			return child;
 		}