Re: [PATCH v2] bpf: Fix sk_psock refcnt leak when receiving message

From: Daniel Borkmann
Date: Mon Apr 27 2020 - 17:22:10 EST

Next message: Joe Perches: "[PATCH V2] get_maintainer: Add email addresses from .yaml files"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 7/7] perf record: Introduce --switch-output-event"
In reply to: Jakub Sitnicki: "Re: [PATCH v2] bpf: Fix sk_psock refcnt leak when receiving message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/26/20 5:35 AM, Xiyu Yang wrote:

tcp_bpf_recvmsg() invokes sk_psock_get(), which returns a reference of
the specified sk_psock object to "psock" with increased refcnt.

When tcp_bpf_recvmsg() returns, local variable "psock" becomes invalid,
so the refcount should be decreased to keep refcount balanced.

The reference counting issue happens in several exception handling paths
of tcp_bpf_recvmsg(). When those error scenarios occur such as "flags"
includes MSG_ERRQUEUE, the function forgets to decrease the refcnt
increased by sk_psock_get(), causing a refcnt leak.

Fix this issue by calling sk_psock_put() or pulling up the error queue
read handling when those error scenarios occur.

Fixes: e7a5f1f1cd000 ("bpf/sockmap: Read psock ingress_msg before sk_receive_queue")
Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx>

Applied, thanks!

Next message: Joe Perches: "[PATCH V2] get_maintainer: Add email addresses from .yaml files"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 7/7] perf record: Introduce --switch-output-event"
In reply to: Jakub Sitnicki: "Re: [PATCH v2] bpf: Fix sk_psock refcnt leak when receiving message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]