xt_qtaguid: Fix kmemleak error in TIME_WAIT sockets
This reverts commit 4335ab13 ("xt_qtaguid: check xt_sock socket before releasing"). This commit causes kmemleak errors with the following trace - unreferenced object (size 184): comm "softirq", pid 0, jiffies 14724 (age 4906.640s) hex dump (first 32 bytes): 3d 6e f5 25 0a be 6e 8a c9 d8 bb c2 00 50 72 cb =n.%..n......Pr. 02 00 06 80 00 00 00 00 00 00 00 00 58 8a 42 c5 ............X.B. backtrace: inet_twsk_alloc+0x40/0x1e8 tcp_time_wait+0x48/0x1fc tcp_rcv_state_process+0xa74/0xc10 tcp_v4_do_rcv+0x2c8/0x338 tcp_v4_rcv+0x4f8/0x8fc ip_local_deliver_finish+0x130/0x2c0 ip_rcv_finish+0x2d0/0x348 __netif_receive_skb_core+0x710/0x7c4 netif_receive_skb_internal+0x60/0xac __rmnet_deliver_skb+0x1ec/0x3f8 __netif_receive_skb_core+0x588/0x7c4 process_backlog+0x90/0x14c net_rx_action+0xb4/0x234 __do_softirq+0x14c/0x370 irq_exit+0x84/0xe0 handle_IPI+0x120/0x354 This is because xt_qtaguid holds on to references incorrectly and never releases the slab cache even after the time wait socket timer expiry. inet_twsk_alloc TCP created tw atomic_read(&tw->tw_refcnt) 0, called from tcp_time_wait+0x48/0x1fc inet_twsk_alloc tw tw->tw_daddr 61.110.245.37 tw->tw_rcv_saddr 10.190.110.138 tw->tw_sport 29387 tw->tw_dport 20480 tcp_time_wait tw atomic_read(&tw->tw_refcnt) 3, called from tcp_rcv_state_process+0xa74/0xc10 tcp_time_wait inet_twsk_schedule tw atomic_read (&tw->tw_refcnt) 4, called from tcp_rcv_state_process+0xa74/0xc10 inet_twsk_put tw atomic_read(&tw->tw_refcnt) 4, called from tcp_time_wait+0x1b0/0x1fc xt_socket: xt_socket_get4_sk tw atomic_read(&tw->tw_refcnt) 4, called from qtaguid_mt+0x568/0x8bc xt_socket: xt_socket_get4_sk tw if (sk) atomic_read (&tw->tw_refcnt) 5, called from qtaguid_mt+0x568/0x8bc xt_socket: xt_socket_get4_sk tw atomic_read(&tw->tw_refcnt) 5, called from qtaguid_mt+0x568/0x8bc xt_socket: xt_socket_get4_sk tw if (sk) atomic_read (&tw->tw_refcnt) 6, called from qtaguid_mt+0x568/0x8bc xt_socket: xt_socket_get4_sk tw atomic_read(&tw->tw_refcnt) 6, called from qtaguid_mt+0x568/0x8bc xt_socket: xt_socket_get4_sk tw if (sk) atomic_read (&tw->tw_refcnt) 7, called from qtaguid_mt+0x568/0x8bc xt_socket: xt_socket_get4_sk tw atomic_read(&tw->tw_refcnt) 7, called from qtaguid_mt+0x568/0x8bc xt_socket: xt_socket_get4_sk tw if (sk) atomic_read (&tw->tw_refcnt) 8, called from qtaguid_mt+0x568/0x8bc xt_socket: xt_socket_get4_sk tw atomic_read(&tw->tw_refcnt) 8, called from qtaguid_mt+0x568/0x8bc xt_socket: xt_socket_get4_sk tw if (sk) atomic_read (&tw->tw_refcnt) 9, called from qtaguid_mt+0x568/0x8bc inet_twsk_put tw atomic_read(&tw->tw_refcnt) 9, called from tcp_v4_rcv+0x8e0/0x8fc tw_timer_handler tw atomic_read(&tw->tw_refcnt) 8, called from call_timer_fn+0x98/0x1e4 inet_twsk_kill tw atomic_read(&tw->tw_refcnt) 8, called from call_timer_fn+0x98/0x1e4 __sock_put tw atomic_read(&tw->tw_refcnt) 8, called from call_timer_fn+0x98/0x1e4 __sock_put tw atomic_read(&tw->tw_refcnt) 7, called from inet_twsk_kill+0x104/0x148 inet_twsk_put tw atomic_read(&tw->tw_refcnt) 6, called from call_timer_fn+0x98/0x1e4 CRs-Fixed: 1090436 Change-Id: Ib53c51baf351d851c33c196564be43508f531996 Signed-off-by:Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Loading
Please register or sign in to comment