mirror of
https://github.com/FEX-Emu/linux.git
synced 2025-01-22 01:58:42 +00:00
e337e24d66
If in either of the above functions inet_csk_route_child_sock() or __inet_inherit_port() fails, the newsk will not be freed: unreferenced object 0xffff88022e8a92c0 (size 1592): comm "softirq", pid 0, jiffies 4294946244 (age 726.160s) hex dump (first 32 bytes): 0a 01 01 01 0a 01 01 02 00 00 00 00 a7 cc 16 00 ................ 02 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff8153d190>] kmemleak_alloc+0x21/0x3e [<ffffffff810ab3e7>] kmem_cache_alloc+0xb5/0xc5 [<ffffffff8149b65b>] sk_prot_alloc.isra.53+0x2b/0xcd [<ffffffff8149b784>] sk_clone_lock+0x16/0x21e [<ffffffff814d711a>] inet_csk_clone_lock+0x10/0x7b [<ffffffff814ebbc3>] tcp_create_openreq_child+0x21/0x481 [<ffffffff814e8fa5>] tcp_v4_syn_recv_sock+0x3a/0x23b [<ffffffff814ec5ba>] tcp_check_req+0x29f/0x416 [<ffffffff814e8e10>] tcp_v4_do_rcv+0x161/0x2bc [<ffffffff814eb917>] tcp_v4_rcv+0x6c9/0x701 [<ffffffff814cea9f>] ip_local_deliver_finish+0x70/0xc4 [<ffffffff814cec20>] ip_local_deliver+0x4e/0x7f [<ffffffff814ce9f8>] ip_rcv_finish+0x1fc/0x233 [<ffffffff814cee68>] ip_rcv+0x217/0x267 [<ffffffff814a7bbe>] __netif_receive_skb+0x49e/0x553 [<ffffffff814a7cc3>] netif_receive_skb+0x50/0x82 This happens, because sk_clone_lock initializes sk_refcnt to 2, and thus a single sock_put() is not enough to free the memory. Additionally, things like xfrm, memcg, cookie_values,... may have been initialized. We have to free them properly. This is fixed by forcing a call to tcp_done(), ending up in inet_csk_destroy_sock, doing the final sock_put(). tcp_done() is necessary, because it ends up doing all the cleanup on xfrm, memcg, cookie_values, xfrm,... Before calling tcp_done, we have to set the socket to SOCK_DEAD, to force it entering inet_csk_destroy_sock. To avoid the warning in inet_csk_destroy_sock, inet_num has to be set to 0. As inet_csk_destroy_sock does a dec on orphan_count, we first have to increase it. Calling tcp_done() allows us to remove the calls to tcp_clear_xmit_timer() and tcp_cleanup_congestion_control(). A similar approach is taken for dccp by calling dccp_done(). This is in the kernel since 093d282321 (tproxy: fix hash locking issue when using port redirection in __inet_inherit_port()), thus since version >= 2.6.37. Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be> Signed-off-by: David S. Miller <davem@davemloft.net>
344 lines
11 KiB
C
344 lines
11 KiB
C
/*
|
|
* NET Generic infrastructure for INET connection oriented protocols.
|
|
*
|
|
* Definitions for inet_connection_sock
|
|
*
|
|
* Authors: Many people, see the TCP sources
|
|
*
|
|
* From code originally in TCP
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
#ifndef _INET_CONNECTION_SOCK_H
|
|
#define _INET_CONNECTION_SOCK_H
|
|
|
|
#include <linux/compiler.h>
|
|
#include <linux/string.h>
|
|
#include <linux/timer.h>
|
|
#include <linux/poll.h>
|
|
|
|
#include <net/inet_sock.h>
|
|
#include <net/request_sock.h>
|
|
|
|
#define INET_CSK_DEBUG 1
|
|
|
|
/* Cancel timers, when they are not required. */
|
|
#undef INET_CSK_CLEAR_TIMERS
|
|
|
|
struct inet_bind_bucket;
|
|
struct tcp_congestion_ops;
|
|
|
|
/*
|
|
* Pointers to address related TCP functions
|
|
* (i.e. things that depend on the address family)
|
|
*/
|
|
struct inet_connection_sock_af_ops {
|
|
int (*queue_xmit)(struct sk_buff *skb, struct flowi *fl);
|
|
void (*send_check)(struct sock *sk, struct sk_buff *skb);
|
|
int (*rebuild_header)(struct sock *sk);
|
|
void (*sk_rx_dst_set)(struct sock *sk, const struct sk_buff *skb);
|
|
int (*conn_request)(struct sock *sk, struct sk_buff *skb);
|
|
struct sock *(*syn_recv_sock)(struct sock *sk, struct sk_buff *skb,
|
|
struct request_sock *req,
|
|
struct dst_entry *dst);
|
|
u16 net_header_len;
|
|
u16 net_frag_header_len;
|
|
u16 sockaddr_len;
|
|
int (*setsockopt)(struct sock *sk, int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
int (*getsockopt)(struct sock *sk, int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
#ifdef CONFIG_COMPAT
|
|
int (*compat_setsockopt)(struct sock *sk,
|
|
int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
int (*compat_getsockopt)(struct sock *sk,
|
|
int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
#endif
|
|
void (*addr2sockaddr)(struct sock *sk, struct sockaddr *);
|
|
int (*bind_conflict)(const struct sock *sk,
|
|
const struct inet_bind_bucket *tb, bool relax);
|
|
};
|
|
|
|
/** inet_connection_sock - INET connection oriented sock
|
|
*
|
|
* @icsk_accept_queue: FIFO of established children
|
|
* @icsk_bind_hash: Bind node
|
|
* @icsk_timeout: Timeout
|
|
* @icsk_retransmit_timer: Resend (no ack)
|
|
* @icsk_rto: Retransmit timeout
|
|
* @icsk_pmtu_cookie Last pmtu seen by socket
|
|
* @icsk_ca_ops Pluggable congestion control hook
|
|
* @icsk_af_ops Operations which are AF_INET{4,6} specific
|
|
* @icsk_ca_state: Congestion control state
|
|
* @icsk_retransmits: Number of unrecovered [RTO] timeouts
|
|
* @icsk_pending: Scheduled timer event
|
|
* @icsk_backoff: Backoff
|
|
* @icsk_syn_retries: Number of allowed SYN (or equivalent) retries
|
|
* @icsk_probes_out: unanswered 0 window probes
|
|
* @icsk_ext_hdr_len: Network protocol overhead (IP/IPv6 options)
|
|
* @icsk_ack: Delayed ACK control data
|
|
* @icsk_mtup; MTU probing control data
|
|
*/
|
|
struct inet_connection_sock {
|
|
/* inet_sock has to be the first member! */
|
|
struct inet_sock icsk_inet;
|
|
struct request_sock_queue icsk_accept_queue;
|
|
struct inet_bind_bucket *icsk_bind_hash;
|
|
unsigned long icsk_timeout;
|
|
struct timer_list icsk_retransmit_timer;
|
|
struct timer_list icsk_delack_timer;
|
|
__u32 icsk_rto;
|
|
__u32 icsk_pmtu_cookie;
|
|
const struct tcp_congestion_ops *icsk_ca_ops;
|
|
const struct inet_connection_sock_af_ops *icsk_af_ops;
|
|
unsigned int (*icsk_sync_mss)(struct sock *sk, u32 pmtu);
|
|
__u8 icsk_ca_state;
|
|
__u8 icsk_retransmits;
|
|
__u8 icsk_pending;
|
|
__u8 icsk_backoff;
|
|
__u8 icsk_syn_retries;
|
|
__u8 icsk_probes_out;
|
|
__u16 icsk_ext_hdr_len;
|
|
struct {
|
|
__u8 pending; /* ACK is pending */
|
|
__u8 quick; /* Scheduled number of quick acks */
|
|
__u8 pingpong; /* The session is interactive */
|
|
__u8 blocked; /* Delayed ACK was blocked by socket lock */
|
|
__u32 ato; /* Predicted tick of soft clock */
|
|
unsigned long timeout; /* Currently scheduled timeout */
|
|
__u32 lrcvtime; /* timestamp of last received data packet */
|
|
__u16 last_seg_size; /* Size of last incoming segment */
|
|
__u16 rcv_mss; /* MSS used for delayed ACK decisions */
|
|
} icsk_ack;
|
|
struct {
|
|
int enabled;
|
|
|
|
/* Range of MTUs to search */
|
|
int search_high;
|
|
int search_low;
|
|
|
|
/* Information on the current probe. */
|
|
int probe_size;
|
|
} icsk_mtup;
|
|
u32 icsk_ca_priv[16];
|
|
u32 icsk_user_timeout;
|
|
#define ICSK_CA_PRIV_SIZE (16 * sizeof(u32))
|
|
};
|
|
|
|
#define ICSK_TIME_RETRANS 1 /* Retransmit timer */
|
|
#define ICSK_TIME_DACK 2 /* Delayed ack timer */
|
|
#define ICSK_TIME_PROBE0 3 /* Zero window probe timer */
|
|
|
|
static inline struct inet_connection_sock *inet_csk(const struct sock *sk)
|
|
{
|
|
return (struct inet_connection_sock *)sk;
|
|
}
|
|
|
|
static inline void *inet_csk_ca(const struct sock *sk)
|
|
{
|
|
return (void *)inet_csk(sk)->icsk_ca_priv;
|
|
}
|
|
|
|
extern struct sock *inet_csk_clone_lock(const struct sock *sk,
|
|
const struct request_sock *req,
|
|
const gfp_t priority);
|
|
|
|
enum inet_csk_ack_state_t {
|
|
ICSK_ACK_SCHED = 1,
|
|
ICSK_ACK_TIMER = 2,
|
|
ICSK_ACK_PUSHED = 4,
|
|
ICSK_ACK_PUSHED2 = 8
|
|
};
|
|
|
|
extern void inet_csk_init_xmit_timers(struct sock *sk,
|
|
void (*retransmit_handler)(unsigned long),
|
|
void (*delack_handler)(unsigned long),
|
|
void (*keepalive_handler)(unsigned long));
|
|
extern void inet_csk_clear_xmit_timers(struct sock *sk);
|
|
|
|
static inline void inet_csk_schedule_ack(struct sock *sk)
|
|
{
|
|
inet_csk(sk)->icsk_ack.pending |= ICSK_ACK_SCHED;
|
|
}
|
|
|
|
static inline int inet_csk_ack_scheduled(const struct sock *sk)
|
|
{
|
|
return inet_csk(sk)->icsk_ack.pending & ICSK_ACK_SCHED;
|
|
}
|
|
|
|
static inline void inet_csk_delack_init(struct sock *sk)
|
|
{
|
|
memset(&inet_csk(sk)->icsk_ack, 0, sizeof(inet_csk(sk)->icsk_ack));
|
|
}
|
|
|
|
extern void inet_csk_delete_keepalive_timer(struct sock *sk);
|
|
extern void inet_csk_reset_keepalive_timer(struct sock *sk, unsigned long timeout);
|
|
|
|
#ifdef INET_CSK_DEBUG
|
|
extern const char inet_csk_timer_bug_msg[];
|
|
#endif
|
|
|
|
static inline void inet_csk_clear_xmit_timer(struct sock *sk, const int what)
|
|
{
|
|
struct inet_connection_sock *icsk = inet_csk(sk);
|
|
|
|
if (what == ICSK_TIME_RETRANS || what == ICSK_TIME_PROBE0) {
|
|
icsk->icsk_pending = 0;
|
|
#ifdef INET_CSK_CLEAR_TIMERS
|
|
sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
|
|
#endif
|
|
} else if (what == ICSK_TIME_DACK) {
|
|
icsk->icsk_ack.blocked = icsk->icsk_ack.pending = 0;
|
|
#ifdef INET_CSK_CLEAR_TIMERS
|
|
sk_stop_timer(sk, &icsk->icsk_delack_timer);
|
|
#endif
|
|
}
|
|
#ifdef INET_CSK_DEBUG
|
|
else {
|
|
pr_debug("%s", inet_csk_timer_bug_msg);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* Reset the retransmission timer
|
|
*/
|
|
static inline void inet_csk_reset_xmit_timer(struct sock *sk, const int what,
|
|
unsigned long when,
|
|
const unsigned long max_when)
|
|
{
|
|
struct inet_connection_sock *icsk = inet_csk(sk);
|
|
|
|
if (when > max_when) {
|
|
#ifdef INET_CSK_DEBUG
|
|
pr_debug("reset_xmit_timer: sk=%p %d when=0x%lx, caller=%p\n",
|
|
sk, what, when, current_text_addr());
|
|
#endif
|
|
when = max_when;
|
|
}
|
|
|
|
if (what == ICSK_TIME_RETRANS || what == ICSK_TIME_PROBE0) {
|
|
icsk->icsk_pending = what;
|
|
icsk->icsk_timeout = jiffies + when;
|
|
sk_reset_timer(sk, &icsk->icsk_retransmit_timer, icsk->icsk_timeout);
|
|
} else if (what == ICSK_TIME_DACK) {
|
|
icsk->icsk_ack.pending |= ICSK_ACK_TIMER;
|
|
icsk->icsk_ack.timeout = jiffies + when;
|
|
sk_reset_timer(sk, &icsk->icsk_delack_timer, icsk->icsk_ack.timeout);
|
|
}
|
|
#ifdef INET_CSK_DEBUG
|
|
else {
|
|
pr_debug("%s", inet_csk_timer_bug_msg);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
extern struct sock *inet_csk_accept(struct sock *sk, int flags, int *err);
|
|
|
|
extern struct request_sock *inet_csk_search_req(const struct sock *sk,
|
|
struct request_sock ***prevp,
|
|
const __be16 rport,
|
|
const __be32 raddr,
|
|
const __be32 laddr);
|
|
extern int inet_csk_bind_conflict(const struct sock *sk,
|
|
const struct inet_bind_bucket *tb, bool relax);
|
|
extern int inet_csk_get_port(struct sock *sk, unsigned short snum);
|
|
|
|
extern struct dst_entry* inet_csk_route_req(struct sock *sk,
|
|
struct flowi4 *fl4,
|
|
const struct request_sock *req);
|
|
extern struct dst_entry* inet_csk_route_child_sock(struct sock *sk,
|
|
struct sock *newsk,
|
|
const struct request_sock *req);
|
|
|
|
static inline void inet_csk_reqsk_queue_add(struct sock *sk,
|
|
struct request_sock *req,
|
|
struct sock *child)
|
|
{
|
|
reqsk_queue_add(&inet_csk(sk)->icsk_accept_queue, req, sk, child);
|
|
}
|
|
|
|
extern void inet_csk_reqsk_queue_hash_add(struct sock *sk,
|
|
struct request_sock *req,
|
|
unsigned long timeout);
|
|
|
|
static inline void inet_csk_reqsk_queue_removed(struct sock *sk,
|
|
struct request_sock *req)
|
|
{
|
|
if (reqsk_queue_removed(&inet_csk(sk)->icsk_accept_queue, req) == 0)
|
|
inet_csk_delete_keepalive_timer(sk);
|
|
}
|
|
|
|
static inline void inet_csk_reqsk_queue_added(struct sock *sk,
|
|
const unsigned long timeout)
|
|
{
|
|
if (reqsk_queue_added(&inet_csk(sk)->icsk_accept_queue) == 0)
|
|
inet_csk_reset_keepalive_timer(sk, timeout);
|
|
}
|
|
|
|
static inline int inet_csk_reqsk_queue_len(const struct sock *sk)
|
|
{
|
|
return reqsk_queue_len(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline int inet_csk_reqsk_queue_young(const struct sock *sk)
|
|
{
|
|
return reqsk_queue_len_young(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline int inet_csk_reqsk_queue_is_full(const struct sock *sk)
|
|
{
|
|
return reqsk_queue_is_full(&inet_csk(sk)->icsk_accept_queue);
|
|
}
|
|
|
|
static inline void inet_csk_reqsk_queue_unlink(struct sock *sk,
|
|
struct request_sock *req,
|
|
struct request_sock **prev)
|
|
{
|
|
reqsk_queue_unlink(&inet_csk(sk)->icsk_accept_queue, req, prev);
|
|
}
|
|
|
|
static inline void inet_csk_reqsk_queue_drop(struct sock *sk,
|
|
struct request_sock *req,
|
|
struct request_sock **prev)
|
|
{
|
|
inet_csk_reqsk_queue_unlink(sk, req, prev);
|
|
inet_csk_reqsk_queue_removed(sk, req);
|
|
reqsk_free(req);
|
|
}
|
|
|
|
extern void inet_csk_reqsk_queue_prune(struct sock *parent,
|
|
const unsigned long interval,
|
|
const unsigned long timeout,
|
|
const unsigned long max_rto);
|
|
|
|
extern void inet_csk_destroy_sock(struct sock *sk);
|
|
extern void inet_csk_prepare_forced_close(struct sock *sk);
|
|
|
|
/*
|
|
* LISTEN is a special case for poll..
|
|
*/
|
|
static inline unsigned int inet_csk_listen_poll(const struct sock *sk)
|
|
{
|
|
return !reqsk_queue_empty(&inet_csk(sk)->icsk_accept_queue) ?
|
|
(POLLIN | POLLRDNORM) : 0;
|
|
}
|
|
|
|
extern int inet_csk_listen_start(struct sock *sk, const int nr_table_entries);
|
|
extern void inet_csk_listen_stop(struct sock *sk);
|
|
|
|
extern void inet_csk_addr2sockaddr(struct sock *sk, struct sockaddr *uaddr);
|
|
|
|
extern int inet_csk_compat_getsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
extern int inet_csk_compat_setsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
|
|
extern struct dst_entry *inet_csk_update_pmtu(struct sock *sk, u32 mtu);
|
|
#endif /* _INET_CONNECTION_SOCK_H */
|