Re: [PATCH net v3] tcp: clear sock_ops cb flags before force-closing a child socket

Next message: Uwe Kleine-K&#xF6;nig (The Capable Hub): "[PATCH v3 2/2] ata: Use named initializers for pci_device_id arrays"
Previous message: Dmitry Baryshkov: "Re: [PATCH 12/15] accel/qda: Add FastRPC invocation support"
In reply to: Kuniyuki Iwashima: "Re: [PATCH net v3] tcp: clear sock_ops cb flags before force-closing a child socket"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net v3] tcp: clear sock_ops cb flags before force-closing a child socket"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Dumazet

Date: Fri Jun 12 2026 - 04:22:52 EST

On Thu, Jun 11, 2026 at 2:29 AM Sechang Lim <rhkrqnwk98@xxxxxxxxx> wrote:
>
> A child socket inherits the listener's bpf_sock_ops_cb_flags via
> sk_clone_lock(). If its setup fails in tcp_v4_syn_recv_sock() /
> tcp_v6_syn_recv_sock(), the child is freed through put_and_exit, where
> inet_csk_prepare_forced_close() drops the socket lock and tcp_done() runs
> without it.
>
> If BPF_SOCK_OPS_STATE_CB_FLAG was inherited, tcp_done() -> tcp_set_state()
> calls tcp_call_bpf(), which expects the lock and trips sock_owned_by_me():

...

Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>