[mptcp-next] mptcp: plug subflow context memory leak

Message ID	8d57c51a359d2c3867b7a6712af4d431167ecb92.1607081800.git.pabeni@redhat.com
State	Accepted, archived
Commit	b89ebad43317efc6e6ec90403d2f3f43e93551b5
Delegated to:	Matthieu Baerts
Headers	show Return-Path: <mptcp-bounces@lists.01.org> Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=216.205.24.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=pabeni@redhat.com; receiver=<UNKNOWN> From: Paolo Abeni <pabeni@redhat.com> To: mptcp@lists.01.org Date: Fri, 4 Dec 2020 12:37:04 +0100 Message-Id: <8d57c51a359d2c3867b7a6712af4d431167ecb92.1607081800.git.pabeni@redhat.com> MIME-Version: 1.0 Message-ID-Hash: XLOYGMRZQOJYDNSQWL4F7XQ2LX4RWE7W Precedence: list Subject: [MPTCP] [PATCH mptcp-next] mptcp: plug subflow context memory leak Archived-At: <https://lists.01.org/hyperkitty/list/mptcp@lists.01.org/message/XLOYGMRZQOJYDNSQWL4F7XQ2LX4RWE7W/> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit
Series	[mptcp-next] mptcp: plug subflow context memory leak \| expand [mptcp-next] mptcp: plug subflow context memory leak

Message ID

8d57c51a359d2c3867b7a6712af4d431167ecb92.1607081800.git.pabeni@redhat.com

State

Accepted, archived

Commit

b89ebad43317efc6e6ec90403d2f3f43e93551b5

Delegated to:

Matthieu Baerts

Headers

show

Return-Path: <mptcp-bounces@lists.01.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.01.org
 (client-ip=2001:19d0:306:5::1; helo=ml01.01.org;
 envelope-from=mptcp-bounces@lists.01.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=gJ4ZDh9p;
	dkim-atps=neutral
Received: from ml01.01.org (ml01.01.org [IPv6:2001:19d0:306:5::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4CnW1t5QvYz9sPB
	for <incoming@patchwork.ozlabs.org>; Fri,  4 Dec 2020 22:38:57 +1100 (AEDT)
Received: from ml01.vlan13.01.org (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id A5E34100EBBC7;
	Fri,  4 Dec 2020 03:38:54 -0800 (PST)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=216.205.24.124;
 helo=us-smtp-delivery-124.mimecast.com; envelope-from=pabeni@redhat.com;
 receiver=<UNKNOWN> 
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by ml01.01.org (Postfix) with ESMTPS id 147E9100EBBC5
	for <mptcp@lists.01.org>; Fri,  4 Dec 2020 03:38:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1607081931;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2FQ3jfIMBULFaElCHZkxdG1B5fveXCU+uGWOaPsStYE=;
	b=gJ4ZDh9pyYonYyRXAhpWkCVmLfdbAZIyikz1qy74pyXO4E3b1zcFgmJRM6OBtcZXXTAAxC
	IZe2JRr0KxZJon5SPZ4uUL9xCWiHvydwwItTXljoJk5TiIWNA/ABiGwk7XiXUfx9FmJXpP
	hHGcK9mtuu2cVk+D2REDTlg2geEP2OE=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-185-8dVT2x43PImw_VHsVKSt4A-1; Fri, 04 Dec 2020 06:38:49 -0500
X-MC-Unique: 8dVT2x43PImw_VHsVKSt4A-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0983C107ACE8
	for <mptcp@lists.01.org>; Fri,  4 Dec 2020 11:38:49 +0000 (UTC)
Received: from gerbillo.redhat.com (ovpn-115-36.ams2.redhat.com
 [10.36.115.36])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5EA185C1D1
	for <mptcp@lists.01.org>; Fri,  4 Dec 2020 11:38:48 +0000 (UTC)
From: Paolo Abeni <pabeni@redhat.com>
To: mptcp@lists.01.org
Date: Fri,  4 Dec 2020 12:37:04 +0100
Message-Id: 
 <8d57c51a359d2c3867b7a6712af4d431167ecb92.1607081800.git.pabeni@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pabeni@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: XLOYGMRZQOJYDNSQWL4F7XQ2LX4RWE7W
X-Message-ID-Hash: XLOYGMRZQOJYDNSQWL4F7XQ2LX4RWE7W
X-MailFrom: pabeni@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.1.1
Precedence: list
Subject: [MPTCP] [PATCH mptcp-next] mptcp: plug subflow context memory leak
List-Id: Discussions regarding MPTCP upstreaming <mptcp.lists.01.org>
Archived-At: 
 <https://lists.01.org/hyperkitty/list/mptcp@lists.01.org/message/XLOYGMRZQOJYDNSQWL4F7XQ2LX4RWE7W/>
List-Archive: <https://lists.01.org/hyperkitty/list/mptcp@lists.01.org/>
List-Help: <mailto:mptcp-request@lists.01.org?subject=help>
List-Post: <mailto:mptcp@lists.01.org>
List-Subscribe: <mailto:mptcp-join@lists.01.org>
List-Unsubscribe: <mailto:mptcp-leave@lists.01.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Series

[mptcp-next] mptcp: plug subflow context memory leak | expand

Commit Message

Paolo Abeni Dec. 4, 2020, 11:37 a.m. UTC

When a MPTCP listener socket is closed with unaccepted
children pending, the ULP release callback will be invoked,
but nobody will call into __mptcp_close_ssk() on the
corresponding subflow.

As a consequence, at ULP release time, the 'disposable' flag
will be cleared and the subflow context memory will be leaked.

This change addresses the issue always freeing the context if
the subflow is still in the accept queue at ULP release time.

Additionally, this fixes an incorrect code reference in the
related comment.

Note: this fix leverages the changes introduced by the previous
commit.

Fixes: e16163b6e2b7 ("mptcp: refactor shutdown and close")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
Note: I plan to push this upstream together with:

mptcp: link MPC subflow into msk only after accept

since this depends on the above changes, as note in the commit
message.

This closes for me at one of the splat reported in issues/108.
I could not reproduce the others. @Christoph could you please
give it a spin?
---
 net/mptcp/subflow.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Matthieu Baerts Dec. 4, 2020, 4:46 p.m. UTC | #1

Hi Paolo,

On 04/12/2020 12:37, Paolo Abeni wrote:
> When a MPTCP listener socket is closed with unaccepted
> children pending, the ULP release callback will be invoked,
> but nobody will call into __mptcp_close_ssk() on the
> corresponding subflow.
> 
> As a consequence, at ULP release time, the 'disposable' flag
> will be cleared and the subflow context memory will be leaked.
> 
> This change addresses the issue always freeing the context if
> the subflow is still in the accept queue at ULP release time.
> 
> Additionally, this fixes an incorrect code reference in the
> related comment.
> 
> Note: this fix leverages the changes introduced by the previous
> commit.
> 
> Fixes: e16163b6e2b7 ("mptcp: refactor shutdown and close")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>

Thank you for this patch!

- b89ebad43317: mptcp: plug subflow context memory leak
- Results: 3df24f8e9d36..7ca534d9bde5

Tests + export are in progress!

Cheers,
Matt

diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index fe3bc73aa39d..2e111f039ecc 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -1334,9 +1334,10 @@  static void subflow_ulp_release(struct sock *ssk)
 	sk = ctx->conn;
 	if (sk) {
 		/* if the msk has been orphaned, keep the ctx
-		 * alive, will be freed by mptcp_done()
+		 * alive, will be freed by __mptcp_close_ssk(),
+		 * when the subflow is still unaccepted
 		 */
-		release = ctx->disposable;
+		release = ctx->disposable || list_empty(&ctx->node);
 		sock_put(sk);
 	}

[mptcp-next] mptcp: plug subflow context memory leak

Commit Message

Comments

Patch