lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Mar 2013 02:21:35 -0700 (PDT) From: dormando <dormando@...ia.net> To: Eric Dumazet <eric.dumazet@...il.com> cc: Cong Wang <xiyou.wangcong@...il.com>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: BUG: IPv4: Attempt to release TCP socket in state 1 > On Sat, 2013-03-16 at 10:36 -0700, Eric Dumazet wrote: > > On Fri, 2013-03-15 at 00:19 +0100, Eric Dumazet wrote: > > > > > Thanks thats really useful, we might miss to increment socket refcount > > > in a timer setup. > > > > > > > Hmm, please add following debugging patch as well > > > > diff --git a/include/net/sock.h b/include/net/sock.h > > index 14f6e9d..fe7c8a6 100644 > > --- a/include/net/sock.h > > +++ b/include/net/sock.h > > @@ -530,7 +530,9 @@ static inline void sock_hold(struct sock *sk) > > */ > > static inline void __sock_put(struct sock *sk) > > { > > - atomic_dec(&sk->sk_refcnt); > > + int newref = atomic_dec_return(&sk->sk_refcnt); > > + > > + BUG_ON(newref <= 0); > > } > > > > static inline bool sk_del_node_init(struct sock *sk) > > diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c > > index 786d97a..a445e15 100644 > > --- a/net/ipv4/inet_connection_sock.c > > +++ b/net/ipv4/inet_connection_sock.c > > @@ -739,7 +739,7 @@ void inet_csk_prepare_forced_close(struct sock *sk) > > { > > /* sk_clone_lock locked the socket and set refcnt to 2 */ > > bh_unlock_sock(sk); > > - sock_put(sk); > > + __sock_put(sk); > > > > /* The below has to be done to allow calling inet_csk_destroy_sock */ > > sock_set_flag(sk, SOCK_DEAD); > > @@ -835,13 +835,13 @@ void inet_csk_listen_stop(struct sock *sk) > > * tcp_v4_destroy_sock(). > > */ > > tcp_sk(child)->fastopen_rsk = NULL; > > - sock_put(sk); > > + __sock_put(sk); > > } > > inet_csk_destroy_sock(child); > > > > bh_unlock_sock(child); > > local_bh_enable(); > > - sock_put(child); > > + __sock_put(child); > > > > Please don't include the last line : this should stay as > > sock_put(child); Hope you don't mind a screenshot: http://www.dormando.me/p/3.8.2-trace-crash.jpg (I put the patches on 3.8.2). box is on another continent so screenshot via IPMI is what I get. If this isn't enough or isn't right I'll try harder to get the trace logged, I guess? Thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists