From patchwork Sun Apr 15 00:45:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Soheil Hassas Yeganeh X-Patchwork-Id: 898217 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="PmekfjaV"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40Nt8v6jZKz9s0x for ; Sun, 15 Apr 2018 10:45:35 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752124AbeDOApd (ORCPT ); Sat, 14 Apr 2018 20:45:33 -0400 Received: from mail-qt0-f193.google.com ([209.85.216.193]:42652 "EHLO mail-qt0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751270AbeDOApc (ORCPT ); Sat, 14 Apr 2018 20:45:32 -0400 Received: by mail-qt0-f193.google.com with SMTP id j3so11822644qtn.9 for ; Sat, 14 Apr 2018 17:45:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=6nL/RfvhHL0XDW978DuEm/e0jdaqR4YyljvZYU4L7yo=; b=PmekfjaV3kJuKUB5SyBejqyGhBvYycL/QPYztSCW91URNkwh0MUaWGkxvbS9I3nDUN hImxJUJ+bKv8kFXEJWuqayxc1QscVIfaOQDX8onUqqasVnBEb52UpU79PRYiUynn3SyP l7ObS8EfUMKJJpFu76S6pwiRpaEGc5XmuRSGZgKb7kB0M15L1yoIya6o+y6mIoMCEzAj BJfU1QoVTL1BfOgxJETIk87NFKAcbHEjv5n32CU+sxB9Nd5eKbb10wa26xzzONeWf2nm qsZoTwVgD2M8xEjPhRvd9bWsGOTR2cYydbYTNPwZ+O8aerQJ+K17OR8NES/yF4IWOjj2 PDSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=6nL/RfvhHL0XDW978DuEm/e0jdaqR4YyljvZYU4L7yo=; b=YffZiubrLACa/2wQXRyN7NAc24S6mScHBnP0SBkOwwPL/BLlLTWdRbVLJvqBB06SlY BnNdxy183ZfEhrQJVlDiIVVvMj4SYtFOG4PIX/Lezuk1fkjQafQeOJY/jjoLbuCJS1r/ p/BC4uupKcVTgjMTtnhC36Tee0PA5IVByoJqcSF8fJji9FvlJvKHl+OWaGVGDcr9Lj8h C8xMtEO+qPL2rRMSnjTt2z5n2BQrB2oGVpZHe3iyAH6R0NoV3PwG/hTDynPOycVmw3o8 rL4w2XBdDDYD1oajviZtOR20LsdaMy3lRMwJ19rm4ZJJUfYGX2bJtBlw8bKWNUmZl43t GZiQ== X-Gm-Message-State: ALQs6tBDEKL5xZF+I84MfpOFFNhW4FV63/ZYGw66eDWYPGcnjsh0jKjP bZ4TaOZ+kNKSHUGQNqQVfvrkJ2Q9 X-Google-Smtp-Source: AIpwx4/lKuxxRu1dm3XgqnnddVSwkLwozwf/xSvx+9eqwrj6l3BHdwISdKTxLD7MgH/rgCH7A4UgeA== X-Received: by 10.237.38.101 with SMTP id z92mr9414076qtc.303.1523753131691; Sat, 14 Apr 2018 17:45:31 -0700 (PDT) Received: from z.nyc.corp.google.com ([2620:0:1003:315:9c67:ffa0:44c0:d273]) by smtp.gmail.com with ESMTPSA id m187sm7142379qkd.36.2018.04.14.17.45.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Apr 2018 17:45:31 -0700 (PDT) From: Soheil Hassas Yeganeh To: davem@davemloft.net, netdev@vger.kernel.org Cc: ycheng@google.com, ncardwell@google.com, subashab@codeaurora.org, hvtaifwkbgefbaei@gmail.com, Soheil Hassas Yeganeh , Eric Dumazet Subject: [PATCH linux-stable-4.14] tcp: clear tp->packets_out when purging write queue Date: Sat, 14 Apr 2018 20:45:20 -0400 Message-Id: <20180415004520.73294-1-soheil.kdev@gmail.com> X-Mailer: git-send-email 2.17.0.484.g0c8726318c-goog Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Soheil Hassas Yeganeh Clear tp->packets_out when purging the write queue, otherwise tcp_rearm_rto() mistakenly assumes TCP write queue is not empty. This results in NULL pointer dereference. Also, remove the redundant `tp->packets_out = 0` from tcp_disconnect(), since tcp_disconnect() calls tcp_write_queue_purge(). Fixes: a27fd7a8ed38 (tcp: purge write queue upon RST) Reported-by: Subash Abhinov Kasiviswanathan Reported-by: Sami Farin Tested-by: Sami Farin Signed-off-by: Eric Dumazet Signed-off-by: Soheil Hassas Yeganeh Acked-by: Yuchung Cheng Acked-by: Neal Cardwell --- include/net/tcp.h | 1 + net/ipv4/tcp.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index d323d4fa742ca..fb653736f3353 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -1616,6 +1616,7 @@ static inline void tcp_write_queue_purge(struct sock *sk) sk_mem_reclaim(sk); tcp_clear_all_retrans_hints(tcp_sk(sk)); tcp_init_send_head(sk); + tcp_sk(sk)->packets_out = 0; } static inline struct sk_buff *tcp_write_queue_head(const struct sock *sk) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 38b9a6276a9de..4dda8d301802e 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -2354,7 +2354,6 @@ int tcp_disconnect(struct sock *sk, int flags) icsk->icsk_backoff = 0; tp->snd_cwnd = 2; icsk->icsk_probes_out = 0; - tp->packets_out = 0; tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; tp->snd_cwnd_cnt = 0; tp->window_clamp = 0;