diff options
| author | Ying Xue <ying.xue@windriver.com> | 2015-11-22 02:46:05 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-11-23 23:45:15 -0500 |
| commit | f4195d1eac954a67adf112dd53404560cc55b942 (patch) | |
| tree | 24c560dbc1ff6913630583db925d07ae292f55b1 /net | |
| parent | 3c25a860d17b7378822f35d8c9141db9507e3beb (diff) | |
tipc: avoid packets leaking on socket receive queue
Even if we drain receive queue thoroughly in tipc_release() after tipc
socket is removed from rhashtable, it is possible that some packets
are in flight because some CPU runs receiver and did rhashtable lookup
before we removed socket. They will achieve receive queue, but nobody
delete them at all. To avoid this leak, we register a private socket
destructor to purge receive queue, meaning releasing packets pending
on receive queue will be delayed until the last reference of tipc
socket will be released.
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/tipc/socket.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 552dbaba9cf3..b53246fb0412 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c | |||
| @@ -105,6 +105,7 @@ struct tipc_sock { | |||
| 105 | static int tipc_backlog_rcv(struct sock *sk, struct sk_buff *skb); | 105 | static int tipc_backlog_rcv(struct sock *sk, struct sk_buff *skb); |
| 106 | static void tipc_data_ready(struct sock *sk); | 106 | static void tipc_data_ready(struct sock *sk); |
| 107 | static void tipc_write_space(struct sock *sk); | 107 | static void tipc_write_space(struct sock *sk); |
| 108 | static void tipc_sock_destruct(struct sock *sk); | ||
| 108 | static int tipc_release(struct socket *sock); | 109 | static int tipc_release(struct socket *sock); |
| 109 | static int tipc_accept(struct socket *sock, struct socket *new_sock, int flags); | 110 | static int tipc_accept(struct socket *sock, struct socket *new_sock, int flags); |
| 110 | static int tipc_wait_for_sndmsg(struct socket *sock, long *timeo_p); | 111 | static int tipc_wait_for_sndmsg(struct socket *sock, long *timeo_p); |
| @@ -381,6 +382,7 @@ static int tipc_sk_create(struct net *net, struct socket *sock, | |||
| 381 | sk->sk_rcvbuf = sysctl_tipc_rmem[1]; | 382 | sk->sk_rcvbuf = sysctl_tipc_rmem[1]; |
| 382 | sk->sk_data_ready = tipc_data_ready; | 383 | sk->sk_data_ready = tipc_data_ready; |
| 383 | sk->sk_write_space = tipc_write_space; | 384 | sk->sk_write_space = tipc_write_space; |
| 385 | sk->sk_destruct = tipc_sock_destruct; | ||
| 384 | tsk->conn_timeout = CONN_TIMEOUT_DEFAULT; | 386 | tsk->conn_timeout = CONN_TIMEOUT_DEFAULT; |
| 385 | tsk->sent_unacked = 0; | 387 | tsk->sent_unacked = 0; |
| 386 | atomic_set(&tsk->dupl_rcvcnt, 0); | 388 | atomic_set(&tsk->dupl_rcvcnt, 0); |
| @@ -470,9 +472,6 @@ static int tipc_release(struct socket *sock) | |||
| 470 | tipc_node_remove_conn(net, dnode, tsk->portid); | 472 | tipc_node_remove_conn(net, dnode, tsk->portid); |
| 471 | } | 473 | } |
| 472 | 474 | ||
| 473 | /* Discard any remaining (connection-based) messages in receive queue */ | ||
| 474 | __skb_queue_purge(&sk->sk_receive_queue); | ||
| 475 | |||
| 476 | /* Reject any messages that accumulated in backlog queue */ | 475 | /* Reject any messages that accumulated in backlog queue */ |
| 477 | sock->state = SS_DISCONNECTING; | 476 | sock->state = SS_DISCONNECTING; |
| 478 | release_sock(sk); | 477 | release_sock(sk); |
| @@ -1515,6 +1514,11 @@ static void tipc_data_ready(struct sock *sk) | |||
| 1515 | rcu_read_unlock(); | 1514 | rcu_read_unlock(); |
| 1516 | } | 1515 | } |
| 1517 | 1516 | ||
| 1517 | static void tipc_sock_destruct(struct sock *sk) | ||
| 1518 | { | ||
| 1519 | __skb_queue_purge(&sk->sk_receive_queue); | ||
| 1520 | } | ||
| 1521 | |||
| 1518 | /** | 1522 | /** |
| 1519 | * filter_connect - Handle all incoming messages for a connection-based socket | 1523 | * filter_connect - Handle all incoming messages for a connection-based socket |
| 1520 | * @tsk: TIPC socket | 1524 | * @tsk: TIPC socket |