diff options
author | Denis V. Lunev <den@openvz.org> | 2008-06-04 18:16:12 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-06-04 18:16:12 -0400 |
commit | 22dd485022f3d0b162ceb5e67d85de7c3806aa20 (patch) | |
tree | b96ff526ef0e7fe161eecdaa9edf999e3c3a4791 | |
parent | 199f7d24ae59894243687a234a909f44a8724506 (diff) |
raw: Raw socket leak.
The program below just leaks the raw kernel socket
int main() {
int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
struct sockaddr_in addr;
memset(&addr, 0, sizeof(addr));
inet_aton("127.0.0.1", &addr.sin_addr);
addr.sin_family = AF_INET;
addr.sin_port = htons(2048);
sendto(fd, "a", 1, MSG_MORE, &addr, sizeof(addr));
return 0;
}
Corked packet is allocated via sock_wmalloc which holds the owner socket,
so one should uncork it and flush all pending data on close. Do this in the
same way as in UDP.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/raw.c | 9 | ||||
-rw-r--r-- | net/ipv6/raw.c | 9 |
2 files changed, 18 insertions, 0 deletions
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index fead049daf43..e7e091d365ff 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c | |||
@@ -608,6 +608,14 @@ static void raw_close(struct sock *sk, long timeout) | |||
608 | sk_common_release(sk); | 608 | sk_common_release(sk); |
609 | } | 609 | } |
610 | 610 | ||
611 | static int raw_destroy(struct sock *sk) | ||
612 | { | ||
613 | lock_sock(sk); | ||
614 | ip_flush_pending_frames(sk); | ||
615 | release_sock(sk); | ||
616 | return 0; | ||
617 | } | ||
618 | |||
611 | /* This gets rid of all the nasties in af_inet. -DaveM */ | 619 | /* This gets rid of all the nasties in af_inet. -DaveM */ |
612 | static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) | 620 | static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
613 | { | 621 | { |
@@ -820,6 +828,7 @@ struct proto raw_prot = { | |||
820 | .name = "RAW", | 828 | .name = "RAW", |
821 | .owner = THIS_MODULE, | 829 | .owner = THIS_MODULE, |
822 | .close = raw_close, | 830 | .close = raw_close, |
831 | .destroy = raw_destroy, | ||
823 | .connect = ip4_datagram_connect, | 832 | .connect = ip4_datagram_connect, |
824 | .disconnect = udp_disconnect, | 833 | .disconnect = udp_disconnect, |
825 | .ioctl = raw_ioctl, | 834 | .ioctl = raw_ioctl, |
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index 603df76e0522..8fee9a15b2d3 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c | |||
@@ -1164,6 +1164,14 @@ static void rawv6_close(struct sock *sk, long timeout) | |||
1164 | sk_common_release(sk); | 1164 | sk_common_release(sk); |
1165 | } | 1165 | } |
1166 | 1166 | ||
1167 | static int raw6_destroy(struct sock *sk) | ||
1168 | { | ||
1169 | lock_sock(sk); | ||
1170 | ip6_flush_pending_frames(sk); | ||
1171 | release_sock(sk); | ||
1172 | return 0; | ||
1173 | } | ||
1174 | |||
1167 | static int rawv6_init_sk(struct sock *sk) | 1175 | static int rawv6_init_sk(struct sock *sk) |
1168 | { | 1176 | { |
1169 | struct raw6_sock *rp = raw6_sk(sk); | 1177 | struct raw6_sock *rp = raw6_sk(sk); |
@@ -1187,6 +1195,7 @@ struct proto rawv6_prot = { | |||
1187 | .name = "RAWv6", | 1195 | .name = "RAWv6", |
1188 | .owner = THIS_MODULE, | 1196 | .owner = THIS_MODULE, |
1189 | .close = rawv6_close, | 1197 | .close = rawv6_close, |
1198 | .destroy = raw6_destroy, | ||
1190 | .connect = ip6_datagram_connect, | 1199 | .connect = ip6_datagram_connect, |
1191 | .disconnect = udp_disconnect, | 1200 | .disconnect = udp_disconnect, |
1192 | .ioctl = rawv6_ioctl, | 1201 | .ioctl = rawv6_ioctl, |