From patchwork Sun Apr 15 00:44:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Soheil Hassas Yeganeh X-Patchwork-Id: 898216 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Dsxl7ial"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40Nt8F1Kjjz9s0x for ; Sun, 15 Apr 2018 10:45:00 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752098AbeDOAoz (ORCPT ); Sat, 14 Apr 2018 20:44:55 -0400 Received: from mail-qk0-f195.google.com ([209.85.220.195]:45052 "EHLO mail-qk0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751270AbeDOAoy (ORCPT ); Sat, 14 Apr 2018 20:44:54 -0400 Received: by mail-qk0-f195.google.com with SMTP id n139so13026421qke.11 for ; Sat, 14 Apr 2018 17:44:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=xX+LAvNJ3k1hDlB0i1iUm9kAHpyEPK6LWOnDjsMZxL4=; b=Dsxl7ialPoxpFxG95vg6qCSYC+Uu/Vn/2L9vgy2lZKflvy+qxJB7sie/0gJkfaOaDi TiIfs5ei5Vez+umOu3uNt7d8wQHJqa0+4MadNBvZukjAKV+56fTV80yacSZk0oH65wdG i36bS5weMk8JznFZ3/+GuPm3MLofETdi8UIWm2kptgUnmNVp74MdJ/pQs8aXAN5HlCRT N21rDJk3nLKmMEYOJCCOdzYPfdfjmka1zxvK8R50MoyUAKtGk9e1hBtwJON1Ky6FSwZu hLRIyP5tSiFPo2nJvcuExzZbOV7hg1EC8w8mZQ2BYhIk6TdFDzgOkzAdjRUPMMmTxwIF zwXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=xX+LAvNJ3k1hDlB0i1iUm9kAHpyEPK6LWOnDjsMZxL4=; b=FfFNBXpNp1wU0gg0MbVw0MOfuOSpIEe9oQ6OyfI2xd8AF51/otaYdskcyzSxdxjKQa Wz0cdgYGHFSEVEuZF109p2hw3kohk8umbdnccmp7rz8A1s5sCvxRXQp1/dvvxJz2QP43 4mJvNRD+LJKsdwokL/bAdpmqY0V9AAESy1s7mCFTfdNvQqpFdHyzEvK1XMPNNoRny4QT U3FQ6nv04UGdmSHrJF/FCZoRRla4NLxg/1STsgjapdvNUQkFNpcrYXiKBVpo6alkXLez sbvbJNXVk1ymAQs+7Ea/QQ7KF3oSS7iizc/ZUUYAhwwVVJjFEEgt3RLipTW/8ad8Z4w1 6m6g== X-Gm-Message-State: ALQs6tBy6gPmv4e78nkXndSNWJMYL6sFYkfyRC9pWsKEadb5S79je8/g TdJTpu71EtsqAdJktMfmWjc= X-Google-Smtp-Source: AIpwx4+N6B3OMJnk7M3ZR/VE0j+YKoTlGg8LM8UDjaLHcVrHCr8Jbvczq5Yz37p7+2Ez7FV2YbpMmw== X-Received: by 10.55.43.18 with SMTP id r18mr10982357qkh.152.1523753093871; Sat, 14 Apr 2018 17:44:53 -0700 (PDT) Received: from z.nyc.corp.google.com ([2620:0:1003:315:9c67:ffa0:44c0:d273]) by smtp.gmail.com with ESMTPSA id c20sm6902973qke.38.2018.04.14.17.44.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Apr 2018 17:44:53 -0700 (PDT) From: Soheil Hassas Yeganeh To: davem@davemloft.net, netdev@vger.kernel.org Cc: ycheng@google.com, ncardwell@google.com, subashab@codeaurora.org, hvtaifwkbgefbaei@gmail.com, Soheil Hassas Yeganeh , Eric Dumazet Subject: [PATCH net] tcp: clear tp->packets_out when purging write queue Date: Sat, 14 Apr 2018 20:44:46 -0400 Message-Id: <20180415004446.73081-1-soheil.kdev@gmail.com> X-Mailer: git-send-email 2.17.0.484.g0c8726318c-goog Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Soheil Hassas Yeganeh Clear tp->packets_out when purging the write queue, otherwise tcp_rearm_rto() mistakenly assumes TCP write queue is not empty. This results in NULL pointer dereference. Also, remove the redundant `tp->packets_out = 0` from tcp_disconnect(), since tcp_disconnect() calls tcp_write_queue_purge(). Fixes: a27fd7a8ed38 (tcp: purge write queue upon RST) Reported-by: Subash Abhinov Kasiviswanathan Reported-by: Sami Farin Tested-by: Sami Farin Signed-off-by: Eric Dumazet Signed-off-by: Soheil Hassas Yeganeh Acked-by: Yuchung Cheng Acked-by: Neal Cardwell --- net/ipv4/tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 4fa3f812b9ff8..9ce1c726185eb 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -2368,6 +2368,7 @@ void tcp_write_queue_purge(struct sock *sk) INIT_LIST_HEAD(&tcp_sk(sk)->tsorted_sent_queue); sk_mem_reclaim(sk); tcp_clear_all_retrans_hints(tcp_sk(sk)); + tcp_sk(sk)->packets_out = 0; } int tcp_disconnect(struct sock *sk, int flags) @@ -2417,7 +2418,6 @@ int tcp_disconnect(struct sock *sk, int flags) icsk->icsk_backoff = 0; tp->snd_cwnd = 2; icsk->icsk_probes_out = 0; - tp->packets_out = 0; tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; tp->snd_cwnd_cnt = 0; tp->window_clamp = 0;