* [PATCH net-2.6] [RAW]: Raw socket leak.
@ 2008-05-30 13:43 Denis V. Lunev
2008-06-04 22:16 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Denis V. Lunev @ 2008-05-30 13:43 UTC (permalink / raw)
To: davem; +Cc: netdev, Denis V. Lunev
The program below just leaks the raw kernel socket
int main() {
int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
struct sockaddr_in addr;
memset(&addr, 0, sizeof(addr));
inet_aton("127.0.0.1", &addr.sin_addr);
addr.sin_family = AF_INET;
addr.sin_port = htons(2048);
sendto(fd, "a", 1, MSG_MORE, &addr, sizeof(addr));
return 0;
}
Corked packet is allocated via sock_wmalloc which holds the owner socket,
so one should uncork it and flush all pending data on close. Do this in the
same way as in UDP.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
---
net/ipv4/raw.c | 9 +++++++++
net/ipv6/raw.c | 9 +++++++++
2 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index fead049..e7e091d 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -608,6 +608,14 @@ static void raw_close(struct sock *sk, long timeout)
sk_common_release(sk);
}
+static int raw_destroy(struct sock *sk)
+{
+ lock_sock(sk);
+ ip_flush_pending_frames(sk);
+ release_sock(sk);
+ return 0;
+}
+
/* This gets rid of all the nasties in af_inet. -DaveM */
static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
{
@@ -820,6 +828,7 @@ struct proto raw_prot = {
.name = "RAW",
.owner = THIS_MODULE,
.close = raw_close,
+ .destroy = raw_destroy,
.connect = ip4_datagram_connect,
.disconnect = udp_disconnect,
.ioctl = raw_ioctl,
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 232e0dc..a9deade 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -1164,6 +1164,14 @@ static void rawv6_close(struct sock *sk, long timeout)
sk_common_release(sk);
}
+static int raw6_destroy(struct sock *sk)
+{
+ lock_sock(sk);
+ ip6_flush_pending_frames(sk);
+ release_sock(sk);
+ return 0;
+}
+
static int rawv6_init_sk(struct sock *sk)
{
struct raw6_sock *rp = raw6_sk(sk);
@@ -1187,6 +1195,7 @@ struct proto rawv6_prot = {
.name = "RAWv6",
.owner = THIS_MODULE,
.close = rawv6_close,
+ .destroy = raw6_destroy,
.connect = ip6_datagram_connect,
.disconnect = udp_disconnect,
.ioctl = rawv6_ioctl,
--
1.5.3.rc5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-2.6] [RAW]: Raw socket leak.
2008-05-30 13:43 [PATCH net-2.6] [RAW]: Raw socket leak Denis V. Lunev
@ 2008-06-04 22:16 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2008-06-04 22:16 UTC (permalink / raw)
To: den; +Cc: netdev
From: "Denis V. Lunev" <den@openvz.org>
Date: Fri, 30 May 2008 17:43:05 +0400
> The program below just leaks the raw kernel socket
>
> int main() {
> int fd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
> struct sockaddr_in addr;
>
> memset(&addr, 0, sizeof(addr));
> inet_aton("127.0.0.1", &addr.sin_addr);
> addr.sin_family = AF_INET;
> addr.sin_port = htons(2048);
> sendto(fd, "a", 1, MSG_MORE, &addr, sizeof(addr));
> return 0;
> }
>
> Corked packet is allocated via sock_wmalloc which holds the owner socket,
> so one should uncork it and flush all pending data on close. Do this in the
> same way as in UDP.
>
> Signed-off-by: Denis V. Lunev <den@openvz.org>
> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Applied, thanks Denis.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-06-04 22:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-05-30 13:43 [PATCH net-2.6] [RAW]: Raw socket leak Denis V. Lunev
2008-06-04 22:16 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).