tcp: md5: input path is run under rcu protected sections

It is guaranteed that both tcp_v4_rcv() and tcp_v6_rcv()
run from rcu read locked sections :

ip_local_deliver_finish() and ip6_input_finish() both
use rcu_read_lock()

Also align tcp_v6_inbound_md5_hash() on tcp_v4_inbound_md5_hash()
by returning a boolean.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 4e90217003e83f67da99317f7a3aa6a6c2d99b3e..d339a0488f51dee5099a6f729a3343a7e1929698 100644 (file)
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1153,8 +1153,9 @@ clear_hash_noput:
 }
 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
 
-static bool __tcp_v4_inbound_md5_hash(struct sock *sk,
-                                     const struct sk_buff *skb)
+/* Called with rcu_read_lock() */
+static bool tcp_v4_inbound_md5_hash(struct sock *sk,
+                                   const struct sk_buff *skb)
 {
        /*
         * This gets called for each TCP segment that arrives
@@ -1206,18 +1207,6 @@ static bool __tcp_v4_inbound_md5_hash(struct sock *sk,
        }
        return false;
 }
-
-static bool tcp_v4_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
-{
-       bool ret;
-
-       rcu_read_lock();
-       ret = __tcp_v4_inbound_md5_hash(sk, skb);
-       rcu_read_unlock();
-
-       return ret;
-}
-
 #endif
 
 static void tcp_v4_init_req(struct request_sock *req, struct sock *sk_listener,

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 4a4e6d30c448b1ee8ec4948e025ed0a19d505553..078e7d0f4cd8ef3653c51d2ee5c86f936fb44625 100644 (file)
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -633,8 +633,7 @@ clear_hash_noput:
        return 1;
 }
 
-static int __tcp_v6_inbound_md5_hash(struct sock *sk,
-                                    const struct sk_buff *skb)
+static bool tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
 {
        const __u8 *hash_location = NULL;
        struct tcp_md5sig_key *hash_expected;
@@ -648,16 +647,16 @@ static int __tcp_v6_inbound_md5_hash(struct sock *sk,
 
        /* We've parsed the options - do we have a hash? */
        if (!hash_expected && !hash_location)
-               return 0;
+               return false;
 
        if (hash_expected && !hash_location) {
                NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
-               return 1;
+               return true;
        }
 
        if (!hash_expected && hash_location) {
                NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
-               return 1;
+               return true;
        }
 
        /* check the signature */
@@ -670,22 +669,10 @@ static int __tcp_v6_inbound_md5_hash(struct sock *sk,
                                     genhash ? "failed" : "mismatch",
                                     &ip6h->saddr, ntohs(th->source),
                                     &ip6h->daddr, ntohs(th->dest));
-               return 1;
+               return true;
        }
-       return 0;
-}
-
-static int tcp_v6_inbound_md5_hash(struct sock *sk, const struct sk_buff *skb)
-{
-       int ret;
-
-       rcu_read_lock();
-       ret = __tcp_v6_inbound_md5_hash(sk, skb);
-       rcu_read_unlock();
-
-       return ret;
+       return false;
 }
-
 #endif
 
 static void tcp_v6_init_req(struct request_sock *req, struct sock *sk,