summaryrefslogtreecommitdiffhomepage
path: root/pkg/seccomp
diff options
context:
space:
mode:
authorMithun Iyer <iyerm@google.com>2021-04-17 11:30:36 -0700
committergVisor bot <gvisor-bot@google.com>2021-04-17 11:32:17 -0700
commit9b4cc3d43bc79698762e1efa980148f12e8ad196 (patch)
tree15301debc1db874647b07f7b97a3d3a8256a96ee /pkg/seccomp
parent3b685753b4e9632ed8cde1ae284c79a9a14230b9 (diff)
Avoid ignoring incoming packet by demuxer on endpoint lookup failure
This fixes a race that occurs while the endpoint is being unregistered and the transport demuxer attempts to match the incoming packet to any endpoint. The race specifically occurs when the unregistration (and deletion of the endpoint) occurs, after a successful endpointsByNIC lookup and before the endpoints map is further looked up with ingress NICID of the packet. The fix is to notify the caller of lookup-with-NICID failure, so that the logic falls through to handling unknown destination packets. For TCP this can mean replying back with RST. The syscall test in this CL catches this race as the ACK completing the handshake could get silently dropped on a listener close, causing no RST sent to the peer and timing out the poll waiting for POLLHUP. Fixes #5850 PiperOrigin-RevId: 369023779
Diffstat (limited to 'pkg/seccomp')
0 files changed, 0 insertions, 0 deletions