aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDenis V. Lunev <den@openvz.org>2008-06-04 18:16:12 -0400
committerDavid S. Miller <davem@davemloft.net>2008-06-04 18:16:12 -0400
commit22dd485022f3d0b162ceb5e67d85de7c3806aa20 (patch)
treeb96ff526ef0e7fe161eecdaa9edf999e3c3a4791
parent199f7d24ae59894243687a234a909f44a8724506 (diff)
raw: Raw socket leak.
The program below just leaks the raw kernel socket int main() { int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP); struct sockaddr_in addr; memset(&addr, 0, sizeof(addr)); inet_aton("127.0.0.1", &addr.sin_addr); addr.sin_family = AF_INET; addr.sin_port = htons(2048); sendto(fd, "a", 1, MSG_MORE, &addr, sizeof(addr)); return 0; } Corked packet is allocated via sock_wmalloc which holds the owner socket, so one should uncork it and flush all pending data on close. Do this in the same way as in UDP. Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/raw.c9
-rw-r--r--net/ipv6/raw.c9
2 files changed, 18 insertions, 0 deletions
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index fead049daf43..e7e091d365ff 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -608,6 +608,14 @@ static void raw_close(struct sock *sk, long timeout)
608 sk_common_release(sk); 608 sk_common_release(sk);
609} 609}
610 610
611static int raw_destroy(struct sock *sk)
612{
613 lock_sock(sk);
614 ip_flush_pending_frames(sk);
615 release_sock(sk);
616 return 0;
617}
618
611/* This gets rid of all the nasties in af_inet. -DaveM */ 619/* This gets rid of all the nasties in af_inet. -DaveM */
612static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) 620static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
613{ 621{
@@ -820,6 +828,7 @@ struct proto raw_prot = {
820 .name = "RAW", 828 .name = "RAW",
821 .owner = THIS_MODULE, 829 .owner = THIS_MODULE,
822 .close = raw_close, 830 .close = raw_close,
831 .destroy = raw_destroy,
823 .connect = ip4_datagram_connect, 832 .connect = ip4_datagram_connect,
824 .disconnect = udp_disconnect, 833 .disconnect = udp_disconnect,
825 .ioctl = raw_ioctl, 834 .ioctl = raw_ioctl,
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 603df76e0522..8fee9a15b2d3 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -1164,6 +1164,14 @@ static void rawv6_close(struct sock *sk, long timeout)
1164 sk_common_release(sk); 1164 sk_common_release(sk);
1165} 1165}
1166 1166
1167static int raw6_destroy(struct sock *sk)
1168{
1169 lock_sock(sk);
1170 ip6_flush_pending_frames(sk);
1171 release_sock(sk);
1172 return 0;
1173}
1174
1167static int rawv6_init_sk(struct sock *sk) 1175static int rawv6_init_sk(struct sock *sk)
1168{ 1176{
1169 struct raw6_sock *rp = raw6_sk(sk); 1177 struct raw6_sock *rp = raw6_sk(sk);
@@ -1187,6 +1195,7 @@ struct proto rawv6_prot = {
1187 .name = "RAWv6", 1195 .name = "RAWv6",
1188 .owner = THIS_MODULE, 1196 .owner = THIS_MODULE,
1189 .close = rawv6_close, 1197 .close = rawv6_close,
1198 .destroy = raw6_destroy,
1190 .connect = ip6_datagram_connect, 1199 .connect = ip6_datagram_connect,
1191 .disconnect = udp_disconnect, 1200 .disconnect = udp_disconnect,
1192 .ioctl = rawv6_ioctl, 1201 .ioctl = rawv6_ioctl,