diff options
| author | Wei Wang <weiwan@google.com> | 2017-04-25 20:38:02 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-04-26 14:58:32 -0400 |
| commit | c1201444075009507a6818de6518e2822b9a87c8 (patch) | |
| tree | 15df9f7c9f473cd0ff8887653b2e01fbaebbc7e0 /net | |
| parent | 199ab00f3cdb6f154ea93fa76fd80192861a821d (diff) | |
tcp: memset ca_priv data to 0 properly
Always zero out ca_priv data in tcp_assign_congestion_control() so that
ca_priv data is cleared out during socket creation.
Also always zero out ca_priv data in tcp_reinit_congestion_control() so
that when cc algorithm is changed, ca_priv data is cleared out as well.
We should still zero out ca_priv data even in TCP_CLOSE state because
user could call connect() on AF_UNSPEC to disconnect the socket and
leave it in TCP_CLOSE state and later call setsockopt() to switch cc
algorithm on this socket.
Fixes: 2b0a8c9ee ("tcp: add CDG congestion control")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/tcp_cong.c | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c index 79c4817abc94..6e3c512054a6 100644 --- a/net/ipv4/tcp_cong.c +++ b/net/ipv4/tcp_cong.c | |||
| @@ -168,12 +168,8 @@ void tcp_assign_congestion_control(struct sock *sk) | |||
| 168 | } | 168 | } |
| 169 | out: | 169 | out: |
| 170 | rcu_read_unlock(); | 170 | rcu_read_unlock(); |
| 171 | memset(icsk->icsk_ca_priv, 0, sizeof(icsk->icsk_ca_priv)); | ||
| 171 | 172 | ||
| 172 | /* Clear out private data before diag gets it and | ||
| 173 | * the ca has not been initialized. | ||
| 174 | */ | ||
| 175 | if (ca->get_info) | ||
| 176 | memset(icsk->icsk_ca_priv, 0, sizeof(icsk->icsk_ca_priv)); | ||
| 177 | if (ca->flags & TCP_CONG_NEEDS_ECN) | 173 | if (ca->flags & TCP_CONG_NEEDS_ECN) |
| 178 | INET_ECN_xmit(sk); | 174 | INET_ECN_xmit(sk); |
| 179 | else | 175 | else |
| @@ -200,11 +196,10 @@ static void tcp_reinit_congestion_control(struct sock *sk, | |||
| 200 | tcp_cleanup_congestion_control(sk); | 196 | tcp_cleanup_congestion_control(sk); |
| 201 | icsk->icsk_ca_ops = ca; | 197 | icsk->icsk_ca_ops = ca; |
| 202 | icsk->icsk_ca_setsockopt = 1; | 198 | icsk->icsk_ca_setsockopt = 1; |
| 199 | memset(icsk->icsk_ca_priv, 0, sizeof(icsk->icsk_ca_priv)); | ||
| 203 | 200 | ||
| 204 | if (sk->sk_state != TCP_CLOSE) { | 201 | if (sk->sk_state != TCP_CLOSE) |
| 205 | memset(icsk->icsk_ca_priv, 0, sizeof(icsk->icsk_ca_priv)); | ||
| 206 | tcp_init_congestion_control(sk); | 202 | tcp_init_congestion_control(sk); |
| 207 | } | ||
| 208 | } | 203 | } |
| 209 | 204 | ||
| 210 | /* Manage refcounts on socket close. */ | 205 | /* Manage refcounts on socket close. */ |