From: Lorenzo Colitti <lorenzo@google.com>
To: netdev@vger.kernel.org
Cc: davem@davemloft.net, hannes@stressinduktion.org,
eric.dumazet@gmail.com, ek@google.com, tom@herbertland.com,
zenczykowski@gmail.com, Lorenzo Colitti <lorenzo@google.com>
Subject: [PATCH v5 4/4] net: diag: Support destroying TCP sockets.
Date: Tue, 15 Dec 2015 02:29:57 +0900 [thread overview]
Message-ID: <1450114197-73779-5-git-send-email-lorenzo@google.com> (raw)
In-Reply-To: <1450114197-73779-1-git-send-email-lorenzo@google.com>
This implements SOCK_DESTROY for TCP sockets. It causes all
blocking calls on the socket to fail fast with ECONNABORTED and
causes a protocol close of the socket. It informs the other end
of the connection by sending a RST, i.e., initiating a TCP ABORT
as per RFC 793. ECONNABORTED was chosen for consistency with
FreeBSD.
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
---
include/net/tcp.h | 4 ++++
net/ipv4/Kconfig | 13 +++++++++++++
net/ipv4/tcp.c | 34 ++++++++++++++++++++++++++++++++++
net/ipv4/tcp_diag.c | 19 +++++++++++++++++++
net/ipv4/tcp_ipv4.c | 3 +++
net/ipv6/tcp_ipv6.c | 3 +++
6 files changed, 76 insertions(+)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index f80e74c..505cef5 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -1170,6 +1170,10 @@ void tcp_set_state(struct sock *sk, int state);
void tcp_done(struct sock *sk);
+#if CONFIG_INET_DIAG_DESTROY
+int tcp_abort(struct sock *sk);
+#endif
+
static inline void tcp_sack_reset(struct tcp_options_received *rx_opt)
{
rx_opt->dsack = 0;
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 416dfa0..31c4496 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -436,6 +436,19 @@ config INET_UDP_DIAG
Support for UDP socket monitoring interface used by the ss tool.
If unsure, say Y.
+config INET_DIAG_DESTROY
+ bool "INET: allow privileged process to administratively close sockets"
+ depends on INET_DIAG && (IPV6 || IPV6=n)
+ default n
+ ---help---
+ Provides a SOCK_DESTROY operation that allows privileged processes
+ (e.g., a connection manager or a network administration tool such as
+ ss) to close sockets opened by other processes. Closing a socket in
+ this way interrupts any blocking read/writes/connect operations on
+ the socket and causes future socket calls to behave as if the socket
+ had been disconnected.
+ If unsure, say N.
+
menuconfig TCP_CONG_ADVANCED
bool "TCP: advanced congestion control"
---help---
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index c82cca1..fc5068d 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3080,6 +3080,40 @@ void tcp_done(struct sock *sk)
}
EXPORT_SYMBOL_GPL(tcp_done);
+#ifdef CONFIG_INET_DIAG_DESTROY
+int tcp_abort(struct sock *sk)
+{
+ if (!sk_fullsock(sk)) {
+ sock_gen_put(sk);
+ return -EOPNOTSUPP;
+ }
+
+ /* Don't race with userspace socket closes such as tcp_close. */
+ lock_sock(sk);
+
+ /* Don't race with BH socket closes such as inet_csk_listen_stop. */
+ local_bh_disable();
+ bh_lock_sock(sk);
+
+ if (!sock_flag(sk, SOCK_DEAD)) {
+ sk->sk_err = ECONNABORTED;
+ /* This barrier is coupled with smp_rmb() in tcp_poll() */
+ smp_wmb();
+ sk->sk_error_report(sk);
+ if (tcp_need_reset(sk->sk_state))
+ tcp_send_active_reset(sk, GFP_ATOMIC);
+ tcp_done(sk);
+ }
+
+ bh_unlock_sock(sk);
+ local_bh_enable();
+ release_sock(sk);
+ sock_put(sk);
+ return 0;
+}
+EXPORT_SYMBOL_GPL(tcp_abort);
+#endif
+
extern struct tcp_congestion_ops tcp_reno;
static __initdata unsigned long thash_entries;
diff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c
index b316040..8d435f17 100644
--- a/net/ipv4/tcp_diag.c
+++ b/net/ipv4/tcp_diag.c
@@ -10,6 +10,8 @@
*/
#include <linux/module.h>
+#include <linux/net.h>
+#include <linux/sock_diag.h>
#include <linux/inet_diag.h>
#include <linux/tcp.h>
@@ -46,12 +48,29 @@ static int tcp_diag_dump_one(struct sk_buff *in_skb, const struct nlmsghdr *nlh,
return inet_diag_dump_one_icsk(&tcp_hashinfo, in_skb, nlh, req);
}
+#ifdef CONFIG_INET_DIAG_DESTROY
+static int tcp_diag_destroy(struct sk_buff *in_skb,
+ const struct inet_diag_req_v2 *req)
+{
+ struct net *net = sock_net(in_skb->sk);
+ struct sock *sk = inet_diag_find_one_icsk(net, &tcp_hashinfo, req);
+
+ if (IS_ERR(sk))
+ return PTR_ERR(sk);
+
+ return sock_diag_destroy(sk);
+}
+#endif
+
static const struct inet_diag_handler tcp_diag_handler = {
.dump = tcp_diag_dump,
.dump_one = tcp_diag_dump_one,
.idiag_get_info = tcp_diag_get_info,
.idiag_type = IPPROTO_TCP,
.idiag_info_size = sizeof(struct tcp_info),
+#ifdef CONFIG_INET_DIAG_DESTROY
+ .destroy = tcp_diag_destroy,
+#endif
};
static int __init tcp_diag_init(void)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index db00343..5e28bf1 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2342,6 +2342,9 @@ struct proto tcp_prot = {
.destroy_cgroup = tcp_destroy_cgroup,
.proto_cgroup = tcp_proto_cgroup,
#endif
+#ifdef CONFIG_INET_DIAG_DESTROY
+ .diag_destroy = tcp_abort,
+#endif
};
EXPORT_SYMBOL(tcp_prot);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index c16e3fb..289c5db 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1890,6 +1890,9 @@ struct proto tcpv6_prot = {
.proto_cgroup = tcp_proto_cgroup,
#endif
.clear_sk = tcp_v6_clear_sk,
+#ifdef CONFIG_INET_DIAG_DESTROY
+ .diag_destroy = tcp_abort,
+#endif
};
static const struct inet6_protocol tcpv6_protocol = {
--
2.6.0.rc2.230.g3dd15c0
next prev parent reply other threads:[~2015-12-14 17:30 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-18 1:43 Add a SOCK_DESTROY operation to close sockets from userspace Lorenzo Colitti
2015-11-18 1:43 ` [PATCH 1/4] net: diag: split inet_diag_dump_one_icsk into two Lorenzo Colitti
2015-11-18 1:43 ` [PATCH 2/4] net: diag: Add the ability to destroy a socket from userspace Lorenzo Colitti
2015-11-18 1:43 ` [PATCH 3/4] net: diag: Support SOCK_DESTROY for inet sockets Lorenzo Colitti
2015-11-18 1:43 ` [PATCH 4/4] net: diag: Support destroying TCP sockets Lorenzo Colitti
2015-11-18 3:43 ` kbuild test robot
2015-11-18 4:46 ` Lorenzo Colitti
2015-11-18 4:25 ` kbuild test robot
2015-11-18 3:27 ` Add a SOCK_DESTROY operation to close sockets from userspace Stephen Hemminger
[not found] ` <CAAedzxqiXnKzCyevNipNnXEc_+TEjnVphLfseTo4ykZ8SAVt_w@mail.gmail.com>
2015-11-18 3:36 ` Erik Kline
2015-11-18 3:57 ` Maciej Żenczykowski
2015-11-18 11:56 ` David Laight
2015-11-18 4:04 ` Eric Dumazet
2015-11-18 10:19 ` Hannes Frederic Sowa
2015-11-18 10:47 ` Lorenzo Colitti
2015-11-18 11:19 ` Hannes Frederic Sowa
2015-11-18 12:54 ` Eric Dumazet
2015-11-18 13:04 ` Lorenzo Colitti
2015-11-18 13:31 ` Hannes Frederic Sowa
2015-11-18 14:45 ` Lorenzo Colitti
2015-11-18 14:56 ` Hannes Frederic Sowa
2015-11-18 15:16 ` Eric Dumazet
2015-11-18 15:32 ` Hannes Frederic Sowa
2015-11-18 15:33 ` Hannes Frederic Sowa
2015-11-18 20:35 ` David Miller
2015-11-18 20:43 ` Hannes Frederic Sowa
2015-11-19 3:49 ` David Miller
2015-11-19 5:12 ` Tom Herbert
2015-11-19 15:54 ` Hannes Frederic Sowa
2015-11-19 23:54 ` Maciej Żenczykowski
2015-11-19 5:13 ` Lorenzo Colitti
2015-11-19 5:53 ` David Miller
2015-11-19 7:19 ` Maciej Żenczykowski
2015-11-19 15:48 ` David Miller
2015-11-19 16:19 ` Eric Dumazet
2015-11-19 16:33 ` David Miller
2015-11-19 16:43 ` Eric Dumazet
2015-11-19 16:50 ` David Miller
2015-11-19 16:47 ` Eric Dumazet
2015-11-19 17:02 ` David Miller
2015-11-19 17:44 ` Eric Dumazet
2015-11-19 22:55 ` Lorenzo Colitti
2015-11-19 17:08 ` Hannes Frederic Sowa
2015-11-19 17:38 ` Tom Herbert
2015-11-19 18:09 ` David Miller
2015-11-19 18:27 ` Hannes Frederic Sowa
2015-11-19 23:02 ` Hannes Frederic Sowa
2015-11-19 23:47 ` Lorenzo Colitti
2015-11-19 22:33 ` Lorenzo Colitti
2015-11-19 22:38 ` Hannes Frederic Sowa
2015-11-19 23:24 ` Tom Herbert
2015-11-19 21:29 ` Tom Herbert
2015-11-19 21:41 ` Eric Dumazet
2015-11-19 21:53 ` Hannes Frederic Sowa
2015-11-19 22:04 ` Eric Dumazet
2015-11-19 22:09 ` Hannes Frederic Sowa
2015-11-19 22:15 ` Eric Dumazet
2015-11-19 22:31 ` Hannes Frederic Sowa
2015-11-19 22:36 ` Eric Dumazet
2015-11-19 21:53 ` Tom Herbert
2015-11-19 22:07 ` Eric Dumazet
2015-11-19 22:14 ` Tom Herbert
2015-11-19 22:33 ` Eric Dumazet
2015-11-20 0:04 ` Tom Herbert
2015-11-20 0:09 ` Lorenzo Colitti
2015-11-20 0:15 ` Tom Herbert
2015-11-20 2:25 ` Maciej Żenczykowski
2015-12-01 2:32 ` Lorenzo Colitti
2015-12-01 2:32 ` [PATCH v3 1/4] net: diag: split inet_diag_dump_one_icsk into two Lorenzo Colitti
2015-12-01 2:32 ` [PATCH v3 2/4] net: diag: Add the ability to destroy a socket from userspace Lorenzo Colitti
2015-12-01 2:32 ` [PATCH v3 3/4] net: diag: Support SOCK_DESTROY for inet sockets Lorenzo Colitti
2015-12-01 2:32 ` [PATCH v3 4/4] net: diag: Support destroying TCP sockets Lorenzo Colitti
2015-12-01 6:23 ` kbuild test robot
2015-12-01 7:12 ` Lorenzo Colitti
2015-12-01 2:53 ` Add a SOCK_DESTROY operation to close sockets from userspace Tom Herbert
2015-12-02 15:18 ` Lorenzo Colitti
2015-12-02 16:12 ` Tom Herbert
2015-12-02 16:30 ` Lorenzo Colitti
2015-12-02 17:09 ` Tom Herbert
2015-12-14 17:29 ` Lorenzo Colitti
2015-12-14 17:29 ` [PATCH v5 1/4] net: diag: Add the ability to destroy a socket Lorenzo Colitti
2015-12-14 17:29 ` [PATCH v5 2/4] net: diag: split inet_diag_dump_one_icsk into two Lorenzo Colitti
2015-12-14 17:29 ` [PATCH v5 3/4] net: diag: Support SOCK_DESTROY for inet sockets Lorenzo Colitti
2015-12-14 17:29 ` Lorenzo Colitti [this message]
2015-12-14 17:51 ` [PATCH v5 4/4] net: diag: Support destroying TCP sockets kbuild test robot
2015-12-14 17:52 ` Tom Herbert
2015-12-14 18:03 ` Eric Dumazet
2015-12-14 19:37 ` David Miller
2015-12-15 17:17 ` [PATCH v5 4/4] net: diag: Support destroying TCP socketsr Lorenzo Colitti
2015-12-15 17:17 ` [PATCH v6 1/4] net: diag: split inet_diag_dump_one_icsk into two Lorenzo Colitti
2015-12-15 17:44 ` Eric Dumazet
2015-12-15 17:17 ` [PATCH v6 2/4] net: diag: Add the ability to destroy a socket Lorenzo Colitti
2015-12-15 17:44 ` Eric Dumazet
2015-12-15 17:17 ` [PATCH v6 3/4] net: diag: Support SOCK_DESTROY for inet sockets Lorenzo Colitti
2015-12-15 17:45 ` Eric Dumazet
2015-12-15 17:17 ` [PATCH v6 4/4] net: diag: Support destroying TCP sockets Lorenzo Colitti
2015-12-15 17:46 ` Eric Dumazet
2015-12-15 18:36 ` [PATCH v5 4/4] net: diag: Support destroying TCP socketsr Maciej Żenczykowski
2015-12-15 18:46 ` Rustad, Mark D
2015-12-15 18:38 ` David Miller
2015-11-20 0:12 ` Add a SOCK_DESTROY operation to close sockets from userspace Maciej Żenczykowski
2015-11-20 0:19 ` Lorenzo Colitti
2015-11-20 0:55 ` David Miller
2015-11-20 1:00 ` Maciej Żenczykowski
2015-11-20 1:55 ` Lorenzo Colitti
2015-11-20 16:51 ` David Ahern
2015-11-18 3:56 ` Tom Herbert
2015-11-18 4:23 ` Lorenzo Colitti
2015-11-18 4:31 ` Tom Herbert
2015-11-18 10:12 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1450114197-73779-5-git-send-email-lorenzo@google.com \
--to=lorenzo@google.com \
--cc=davem@davemloft.net \
--cc=ek@google.com \
--cc=eric.dumazet@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=netdev@vger.kernel.org \
--cc=tom@herbertland.com \
--cc=zenczykowski@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).