Eric Dumazet e0c8bccd40 net: stream: purge sk_error_queue in sk_stream_kill_queues() ... Changheon Lee reported TCP socket leaks, with a nice repro. It seems we leak TCP sockets with the following sequence: 1) SOF_TIMESTAMPING_TX_ACK is enabled on the socket. Each ACK will cook an skb put in error queue, from __skb_tstamp_tx(). __skb_tstamp_tx() is using skb_clone(), unless SOF_TIMESTAMPING_OPT_TSONLY was also requested. 2) If the application is also using MSG_ZEROCOPY, then we put in the error queue cloned skbs that had a struct ubuf_info attached to them. Whenever an struct ubuf_info is allocated, sock_zerocopy_alloc() does a sock_hold(). As long as the cloned skbs are still in sk_error_queue, socket refcount is kept elevated. 3) Application closes the socket, while error queue is not empty. Since tcp_close() no longer purges the socket error queue, we might end up with a TCP socket with at least one skb in error queue keeping the socket alive forever. This bug can be (ab)used to consume all kernel memory and freeze the host. We need to purge the error queue, with proper synchronization against concurrent writers. Fixes: 24bcbe1cc6 ("net: stream: don't purge sk_error_queue in sk_stream_kill_queues()") Reported-by: Changheon Lee <darklight2357@icloud.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2022-12-19 12:33:16 +00:00
..
6lowpan
9p	iov_iter work; most of that is about getting rid of	2022-12-12 18:29:54 -08:00
802	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
8021q	net: Remove the obsolte u64_stats_fetch_*_irq() users (net).	2022-10-28 20:13:54 -07:00
appletalk
atm	net/atm: fix proc_mpc_write incorrect return value	2022-10-15 11:08:36 +01:00
ax25	ax25: af_ax25: Remove unnecessary (void*) conversions	2022-11-16 13:31:03 +00:00
batman-adv	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
bluetooth	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
bpf	bpf-next-for-netdev	2022-12-12 11:27:42 -08:00
bpfilter
bridge	bridge: mcast: Support replacement of MDB port group entries	2022-12-12 15:33:37 -08:00
caif	net: caif: fix double disconnect client in chnl_net_open()	2022-11-14 10:51:13 +00:00
can	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
ceph	iov_iter work; most of that is about getting rid of	2022-12-12 18:29:54 -08:00
core	net: stream: purge sk_error_queue in sk_stream_kill_queues()	2022-12-19 12:33:16 +00:00
dcb	net: dcb: move getapptrust to separate function	2022-11-15 15:27:43 +01:00
dccp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-11-29 13:04:52 -08:00
dns_resolver
dsa	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-12-13 09:49:29 +01:00
ethernet	net: ethernet: use sysfs_emit() to instead of scnprintf()	2022-12-07 20:02:44 -08:00
ethtool	net_tstamp: add SOF_TIMESTAMPING_OPT_ID_TCP	2022-12-08 19:49:21 -08:00
hsr	hsr: Use a single struct for self_node.	2022-12-01 20:26:22 -08:00
ieee802154	Merge tag 'ieee802154-for-net-next-2022-12-05' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan-next	2022-12-07 17:33:26 -08:00
ife
ipv4	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
ipv6	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
iucv
kcm	kcm: close race conditions on sk_receive_queue	2022-11-15 12:42:26 +01:00
key	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next	2022-11-29 20:50:51 -08:00
l2tp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-11-29 13:04:52 -08:00
l3mdev
lapb
llc
mac80211	wireless-next patches for v6.2	2022-12-02 20:33:30 -08:00
mac802154	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-12-08 18:19:59 -08:00
mctp	mctp: Fix an error handling path in mctp_init()	2022-11-09 19:26:08 -08:00
mpls	net: Remove the obsolte u64_stats_fetch_*_irq() users (net).	2022-10-28 20:13:54 -07:00
mptcp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-12-13 09:49:29 +01:00
ncsi	net/ncsi: Silence runtime memcpy() false positive warning	2022-12-06 17:29:14 -08:00
netfilter	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf	2022-12-13 19:32:53 -08:00
netlabel
netlink	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
netrom
nfc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2022-12-08 18:19:59 -08:00
nsh
openvswitch	openvswitch: Fix flow lookup to use unmasked key	2022-12-16 10:33:07 +00:00
packet	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
phonet
psample
qrtr
rds	rds: remove redundant variable total_payload_len	2022-11-04 10:09:50 +00:00
rfkill
rose	rose: Fix NULL pointer dereference in rose_send_frame()	2022-11-02 11:57:30 +00:00
rxrpc	rxrpc: Fix the return value of rxrpc_new_incoming_call()	2022-12-19 09:51:31 +00:00
sched	net_sched: reject TCF_EM_SIMPLE case for complex ematch module	2022-12-19 09:43:18 +00:00
sctp	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
smc	use less confusing names for iov_iter direction initializers	2022-11-25 13:01:55 -05:00
strparser
sunrpc	NFS client updates for Linux 6.2	2022-12-13 08:44:41 -08:00
switchdev
tipc	iov_iter work; most of that is about getting rid of	2022-12-12 18:29:54 -08:00
tls	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
unix	unix: Fix race in SOCK_SEQPACKET's unix_dgram_sendmsg()	2022-12-15 11:35:18 +01:00
vmw_vsock	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
wireless	wireless-next patches for v6.2	2022-12-02 20:33:30 -08:00
x25	net/x25: Fix skb leak in x25_lapb_receive_frame()	2022-11-15 20:22:19 -08:00
xdp	bpf: Expand map key argument of bpf_redirect_map to u64	2022-11-15 09:00:27 -08:00
xfrm	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
compat.c	use less confusing names for iov_iter direction initializers	2022-11-25 13:01:55 -05:00
devres.c
Kconfig
Kconfig.debug	net: make NET_(DEV|NS)_REFCNT_TRACKER depend on NET	2022-09-20 14:23:56 -07:00
Makefile
socket.c	Networking changes for 6.2.	2022-12-13 15:47:48 -08:00
sysctl_net.c