summaryrefslogtreecommitdiff
path: root/net/mptcp
diff options
context:
space:
mode:
authorPaolo Abeni <pabeni@redhat.com>2020-12-09 14:03:30 +0300
committerDavid S. Miller <davem@davemloft.net>2020-12-10 06:31:58 +0300
commit0597d0f8e030d1a5e64708b0f3233209a8b5d39e (patch)
treee7f5a62be4747f8cf38f273d1656303812f79750 /net/mptcp
parent5b950ff4331ddda6421b21a779ec23127e8e3eb8 (diff)
downloadlinux-0597d0f8e030d1a5e64708b0f3233209a8b5d39e.tar.xz
mptcp: plug subflow context memory leak
When a MPTCP listener socket is closed with unaccepted children pending, the ULP release callback will be invoked, but nobody will call into __mptcp_close_ssk() on the corresponding subflow. As a consequence, at ULP release time, the 'disposable' flag will be cleared and the subflow context memory will be leaked. This change addresses the issue always freeing the context if the subflow is still in the accept queue at ULP release time. Additionally, this fixes an incorrect code reference in the related comment. Note: this fix leverages the changes introduced by the previous commit. Fixes: e16163b6e2b7 ("mptcp: refactor shutdown and close") Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/mptcp')
-rw-r--r--net/mptcp/subflow.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index 9b5a966b0041..fefcaf497938 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -1339,9 +1339,10 @@ static void subflow_ulp_release(struct sock *ssk)
sk = ctx->conn;
if (sk) {
/* if the msk has been orphaned, keep the ctx
- * alive, will be freed by mptcp_done()
+ * alive, will be freed by __mptcp_close_ssk(),
+ * when the subflow is still unaccepted
*/
- release = ctx->disposable;
+ release = ctx->disposable || list_empty(&ctx->node);
sock_put(sk);
}