From: Alexey Kodanev <alexey.kodanev@oracle.com>
Date: Fri, 27 Mar 2015 09:24:22 +0000 (+0300)
Subject: net: tcp6: fix double call of tcp_v6_fill_cb()
X-Git-Tag: omap-for-v4.1/fixes-rc1~242^2~13
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ad19de8774e2a7b075b3e8ea48db85adcf33fa6;p=pandora-kernel.git

net: tcp6: fix double call of tcp_v6_fill_cb()

tcp_v6_fill_cb() will be called twice if socket's state changes from
TCP_TIME_WAIT to TCP_LISTEN. That can result in control buffer data
corruption because in the second tcp_v6_fill_cb() call it's not copying
IP6CB(skb) anymore, but 'seq', 'end_seq', etc., so we can get weird and
unpredictable results. Performance loss of up to 1200% has been observed
in LTP/vxlan03 test.

This can be fixed by copying inet6_skb_parm to the beginning of 'cb'
only if xfrm6_policy_check() and tcp_v6_fill_cb() are going to be
called again.

Fixes: 2dc49d1680b53 ("tcp6: don't move IP6CB before xfrm6_policy_check()")

Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed