tcp: fix memleak when tcp internal pacing is used
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4S8PN CVE: NA -------------------------------- The sock_hold() in tcp_internal_pacing() is expected to pair with sock_put() in tcp_pace_kick(). But in some path tcp_internal_pacing() is called without checking if pacing timer is already armed, causing sock_hold() to be called one more time and tcp sock can't be released. As Neal pointed out, this could happen from some of the retransmission code paths that don't use tcp_xmit_retransmit_queue(), such as tcp_retransmit_timer() and tcp_send_loss_probe(). The fix is provided by Eric, it extends the timer to cover all these points that Neal mentioned. Following is the reproduce procedure provided by Jason: 0) cat /proc/slabinfo | grep TCP 1) switch net.ipv4.tcp_congestion_control to bbr 2) using wrk tool something like that to send packages 3) using tc to increase the delay and loss to simulate the RTO case. 4) cat /proc/slabinfo | grep TCP 5) kill the wrk command and observe the number of objects and slabs in TCP. 6) at last, you could notice that the number would not decrease. Link: https://lore.kernel.org/all/CANn89i+7-wE4xr5D9DpH+N-xkL1SB8oVghCKgz+CT5eG1ODQhA@mail.gmail.com/ Signed-off-by:Zhang Changzhong <zhangchangzhong@huawei.com> Reviewed-by:
Loading
Please sign in to comment