lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 16 Mar 2013 10:44:45 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: dormando <dormando@...ia.net> Cc: Cong Wang <xiyou.wangcong@...il.com>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: BUG: IPv4: Attempt to release TCP socket in state 1 On Sat, 2013-03-16 at 10:36 -0700, Eric Dumazet wrote: > On Fri, 2013-03-15 at 00:19 +0100, Eric Dumazet wrote: > > > Thanks thats really useful, we might miss to increment socket refcount > > in a timer setup. > > > > Hmm, please add following debugging patch as well > > diff --git a/include/net/sock.h b/include/net/sock.h > index 14f6e9d..fe7c8a6 100644 > --- a/include/net/sock.h > +++ b/include/net/sock.h > @@ -530,7 +530,9 @@ static inline void sock_hold(struct sock *sk) > */ > static inline void __sock_put(struct sock *sk) > { > - atomic_dec(&sk->sk_refcnt); > + int newref = atomic_dec_return(&sk->sk_refcnt); > + > + BUG_ON(newref <= 0); > } > > static inline bool sk_del_node_init(struct sock *sk) > diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c > index 786d97a..a445e15 100644 > --- a/net/ipv4/inet_connection_sock.c > +++ b/net/ipv4/inet_connection_sock.c > @@ -739,7 +739,7 @@ void inet_csk_prepare_forced_close(struct sock *sk) > { > /* sk_clone_lock locked the socket and set refcnt to 2 */ > bh_unlock_sock(sk); > - sock_put(sk); > + __sock_put(sk); > > /* The below has to be done to allow calling inet_csk_destroy_sock */ > sock_set_flag(sk, SOCK_DEAD); > @@ -835,13 +835,13 @@ void inet_csk_listen_stop(struct sock *sk) > * tcp_v4_destroy_sock(). > */ > tcp_sk(child)->fastopen_rsk = NULL; > - sock_put(sk); > + __sock_put(sk); > } > inet_csk_destroy_sock(child); > > bh_unlock_sock(child); > local_bh_enable(); > - sock_put(child); > + __sock_put(child); > Please don't include the last line : this should stay as sock_put(child); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists