tcp: Revert 'process defer accept as established' changes.

This reverts two changesets, ec3c0982a2dd1e671bad8e9d26c28dcba0039d87 ("[TCP]: TCP_DEFER_ACCEPT updates - process as established") and the follow-on bug fix 9ae27e0adbf471c7a6b80102e38e1d5a346b3b38 ("tcp: Fix slab corruption with ipv6 and tcp6fuzz"). This change causes several problems, first reported by Ingo Molnar as a distcc-over-loopback regression where connections were getting stuck. Ilpo Järvinen first spotted the locking problems. The new function added by this code, tcp_defer_accept_check(), only has the child socket locked, yet it is modifying state of the parent listening socket. Fixing that is non-trivial at best, because we can't simply just grab the parent listening socket lock at this point, because it would create an ABBA deadlock. The normal ordering is parent listening socket --> child socket, but this code path would require the reverse lock ordering. Next is a problem noticed by Vitaliy Gusev, he noted: ---------------------------------------- >--- a/net/ipv4/tcp_timer.c >+++ b/net/ipv4/tcp_timer.c >@@ -481,6 +481,11 @@ static void tcp_keepalive_timer (unsigned long data) > goto death; > } > >+ if (tp->defer_tcp_accept.request && sk->sk_state == TCP_ESTABLISHED) { >+ tcp_send_active_reset(sk, GFP_ATOMIC); >+ goto death; Here socket sk is not attached to listening socket's request queue. tcp_done() will not call inet_csk_destroy_sock() (and tcp_v4_destroy_sock() which should release this sk) as socket is not DEAD. Therefore socket sk will be lost for freeing. ---------------------------------------- Finally, Alexey Kuznetsov argues that there might not even be any real value or advantage to these new semantics even if we fix all of the bugs: ---------------------------------------- Hiding from accept() sockets with only out-of-order data only is the only thing which is impossible with old approach. Is this really so valuable? My opinion: no, this is nothing but a new loophole to consume memory without control. ---------------------------------------- So revert this thing for now. Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2008-06-12 19:31:35 -0400
committer: David S. Miller <davem@davemloft.net> 2008-06-12 19:34:35 -0400
commit: ec0a196626bd12e0ba108d7daa6d95a4fb25c2c5 (patch)
tree: 68d9c2923765e12853368e8edb27b241142e0c48 /net/ipv4/tcp_input.c
parent: f23d60de719e639690b2dc5c2d0e4243ff614b7a (diff)
1 files changed, 0 insertions, 45 deletions
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index eba873e9b560..cad73b7dfef0 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4541,49 +4541,6 @@ static void tcp_urg(struct sock *sk, struct sk_buff *skb, struct tcphdr *th)
        }
 }
-static int tcp_defer_accept_check(struct sock *sk)
-{
-        struct tcp_sock *tp = tcp_sk(sk);
-        if (tp->defer_tcp_accept.request) {
-                int queued_data =  tp->rcv_nxt - tp->copied_seq;
-                int hasfin =  !skb_queue_empty(&sk->sk_receive_queue) ?
-                        tcp_hdr((struct sk_buff *)
-                                sk->sk_receive_queue.prev)->fin : 0;
-                if (queued_data && hasfin)
-                        queued_data--;
-                if (queued_data &&
-                    tp->defer_tcp_accept.listen_sk->sk_state == TCP_LISTEN) {
-                        if (sock_flag(sk, SOCK_KEEPOPEN)) {
-                                inet_csk_reset_keepalive_timer(sk,
-                                                               keepalive_time_when(tp));
-                        } else {
-                                inet_csk_delete_keepalive_timer(sk);
-                        }
-                        inet_csk_reqsk_queue_add(
-                                tp->defer_tcp_accept.listen_sk,
-                                tp->defer_tcp_accept.request,
-                                sk);
-                        tp->defer_tcp_accept.listen_sk->sk_data_ready(
-                                tp->defer_tcp_accept.listen_sk, 0);
-                        sock_put(tp->defer_tcp_accept.listen_sk);
-                        sock_put(sk);
-                        tp->defer_tcp_accept.listen_sk = NULL;
-                        tp->defer_tcp_accept.request = NULL;
-                } else if (hasfin ||
-                           tp->defer_tcp_accept.listen_sk->sk_state != TCP_LISTEN) {
-                        tcp_reset(sk);
-                        return -1;
-                }
-        }
-        return 0;
-}
 static int tcp_copy_to_iovec(struct sock *sk, struct sk_buff *skb, int hlen)
 {
        struct tcp_sock *tp = tcp_sk(sk);
@@ -4944,8 +4901,6 @@ step5:
        tcp_data_snd_check(sk);
        tcp_ack_snd_check(sk);
-        tcp_defer_accept_check(sk);
        return 0;
 csum_error:
author	David S. Miller <davem@davemloft.net>	2008-06-12 19:31:35 -0400
committer	David S. Miller <davem@davemloft.net>	2008-06-12 19:34:35 -0400
commit	ec0a196626bd12e0ba108d7daa6d95a4fb25c2c5 (patch)
tree	68d9c2923765e12853368e8edb27b241142e0c48 /net/ipv4/tcp_input.c
parent	f23d60de719e639690b2dc5c2d0e4243ff614b7a (diff)

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index eba873e9b560..cad73b7dfef0 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c
@@ -4541,49 +4541,6 @@ static void tcp_urg(struct sock sk, struct sk_buff skb, struct tcphdr *th)
4541	}	4541	}
4542	}	4542	}
4543		4543
4544	static int tcp_defer_accept_check(struct sock *sk)
4545	{
4546	struct tcp_sock *tp = tcp_sk(sk);
4547
4548	if (tp->defer_tcp_accept.request) {
4549	int queued_data = tp->rcv_nxt - tp->copied_seq;
4550	int hasfin = !skb_queue_empty(&sk->sk_receive_queue) ?
4551	tcp_hdr((struct sk_buff *)
4552	sk->sk_receive_queue.prev)->fin : 0;
4553
4554	if (queued_data && hasfin)
4555	queued_data--;
4556
4557	if (queued_data &&
4558	tp->defer_tcp_accept.listen_sk->sk_state == TCP_LISTEN) {
4559	if (sock_flag(sk, SOCK_KEEPOPEN)) {
4560	inet_csk_reset_keepalive_timer(sk,
4561	keepalive_time_when(tp));
4562	} else {
4563	inet_csk_delete_keepalive_timer(sk);
4564	}
4565
4566	inet_csk_reqsk_queue_add(
4567	tp->defer_tcp_accept.listen_sk,
4568	tp->defer_tcp_accept.request,
4569	sk);
4570
4571	tp->defer_tcp_accept.listen_sk->sk_data_ready(
4572	tp->defer_tcp_accept.listen_sk, 0);
4573
4574	sock_put(tp->defer_tcp_accept.listen_sk);
4575	sock_put(sk);
4576	tp->defer_tcp_accept.listen_sk = NULL;
4577	tp->defer_tcp_accept.request = NULL;
4578	} else if (hasfin \|\|
4579	tp->defer_tcp_accept.listen_sk->sk_state != TCP_LISTEN) {
4580	tcp_reset(sk);
4581	return -1;
4582	}
4583	}
4584	return 0;
4585	}
4586
4587	static int tcp_copy_to_iovec(struct sock sk, struct sk_buff skb, int hlen)	4544	static int tcp_copy_to_iovec(struct sock sk, struct sk_buff skb, int hlen)
4588	{	4545	{
4589	struct tcp_sock *tp = tcp_sk(sk);	4546	struct tcp_sock *tp = tcp_sk(sk);
@@ -4944,8 +4901,6 @@ step5:
4944		4901
4945	tcp_data_snd_check(sk);	4902	tcp_data_snd_check(sk);
4946	tcp_ack_snd_check(sk);	4903	tcp_ack_snd_check(sk);
4947
4948	tcp_defer_accept_check(sk);
4949	return 0;	4904	return 0;
4950		4905
4951	csum_error:	4906	csum_error: