de4ef86cfc
Hey all- I was tinkering with dccp recently and noticed that I BUG halted the kernel when I rmmod-ed the dccp module. The bug halt occured because the page that I passed to kfree failed the PageCompound and PageSlab test in the slub implementation of kfree. I tracked the problem down to the following set of events: 1) dccp, unlike all other uses of kmem_cache_create, allocates a string dynamically when registering a slab cache. This allocated string is freed when the cache is destroyed. 2) Normally, (1) is not an issue, but when Slub is in use, it is possible that caches are 'merged'. This process causes multiple caches of simmilar configuration to use the same cache data structure. When this happens, the new name of the cache is effectively dropped. 3) (2) results in kmem_cache_name returning an ambigous value (i.e. ccid_kmem_cache_destroy, which uses this fuction to retrieve the name pointer for freeing), is no longer guaranteed that the string it assigned is what is returned. 4) If such merge event occurs, ccid_kmem_cache_destroy frees the wrong pointer, which trips over the BUG in the slub implementation of kfree (since its likely not a slab allocation, but rather a pointer into the static string table section. So, what to do about this. At first blush this is pretty clearly a leak in the information that slub owns, and as such a slub bug. Unfortunately, theres no really good way to fix it, without exposing slub specific implementation details to the generic slab interface. Also, even if we could fix this in slub cleanly, I think the RCU free option would force us to do lots of string duplication, not only in slub, but in every slab allocator. As such, I'd like to propose this solution. Basically, I just move the storage for the kmem cache name to the ccid_operations structure. In so doing, we don't have to do the kstrdup or kfree when we allocate/free the various caches for dccp, and so we avoid the problem, by storing names with static memory, rather than heap, the way all other calls to kmem_cache_create do. I've tested this out myself here, and it solves the problem quite well. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
236 lines
7.5 KiB
C
236 lines
7.5 KiB
C
#ifndef _CCID_H
|
|
#define _CCID_H
|
|
/*
|
|
* net/dccp/ccid.h
|
|
*
|
|
* An implementation of the DCCP protocol
|
|
* Arnaldo Carvalho de Melo <acme@conectiva.com.br>
|
|
*
|
|
* CCID infrastructure
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*/
|
|
|
|
#include <net/sock.h>
|
|
#include <linux/compiler.h>
|
|
#include <linux/dccp.h>
|
|
#include <linux/list.h>
|
|
#include <linux/module.h>
|
|
|
|
#define CCID_MAX 255
|
|
|
|
struct tcp_info;
|
|
|
|
/**
|
|
* struct ccid_operations - Interface to Congestion-Control Infrastructure
|
|
*
|
|
* @ccid_id: numerical CCID ID (up to %CCID_MAX, cf. table 5 in RFC 4340, 10.)
|
|
* @ccid_ccmps: the CCMPS including network/transport headers (0 when disabled)
|
|
* @ccid_name: alphabetical identifier string for @ccid_id
|
|
* @ccid_hc_{r,t}x_slab: memory pool for the receiver/sender half-connection
|
|
* @ccid_hc_{r,t}x_obj_size: size of the receiver/sender half-connection socket
|
|
*
|
|
* @ccid_hc_{r,t}x_init: CCID-specific initialisation routine (before startup)
|
|
* @ccid_hc_{r,t}x_exit: CCID-specific cleanup routine (before destruction)
|
|
* @ccid_hc_rx_packet_recv: implements the HC-receiver side
|
|
* @ccid_hc_{r,t}x_parse_options: parsing routine for CCID/HC-specific options
|
|
* @ccid_hc_{r,t}x_insert_options: insert routine for CCID/HC-specific options
|
|
* @ccid_hc_tx_packet_recv: implements feedback processing for the HC-sender
|
|
* @ccid_hc_tx_send_packet: implements the sending part of the HC-sender
|
|
* @ccid_hc_tx_packet_sent: does accounting for packets in flight by HC-sender
|
|
* @ccid_hc_{r,t}x_get_info: INET_DIAG information for HC-receiver/sender
|
|
* @ccid_hc_{r,t}x_getsockopt: socket options specific to HC-receiver/sender
|
|
*/
|
|
struct ccid_operations {
|
|
unsigned char ccid_id;
|
|
__u32 ccid_ccmps;
|
|
const char *ccid_name;
|
|
struct kmem_cache *ccid_hc_rx_slab,
|
|
*ccid_hc_tx_slab;
|
|
char ccid_hc_rx_slab_name[32];
|
|
char ccid_hc_tx_slab_name[32];
|
|
__u32 ccid_hc_rx_obj_size,
|
|
ccid_hc_tx_obj_size;
|
|
/* Interface Routines */
|
|
int (*ccid_hc_rx_init)(struct ccid *ccid, struct sock *sk);
|
|
int (*ccid_hc_tx_init)(struct ccid *ccid, struct sock *sk);
|
|
void (*ccid_hc_rx_exit)(struct sock *sk);
|
|
void (*ccid_hc_tx_exit)(struct sock *sk);
|
|
void (*ccid_hc_rx_packet_recv)(struct sock *sk,
|
|
struct sk_buff *skb);
|
|
int (*ccid_hc_rx_parse_options)(struct sock *sk,
|
|
unsigned char option,
|
|
unsigned char len, u16 idx,
|
|
unsigned char* value);
|
|
int (*ccid_hc_rx_insert_options)(struct sock *sk,
|
|
struct sk_buff *skb);
|
|
void (*ccid_hc_tx_packet_recv)(struct sock *sk,
|
|
struct sk_buff *skb);
|
|
int (*ccid_hc_tx_parse_options)(struct sock *sk,
|
|
unsigned char option,
|
|
unsigned char len, u16 idx,
|
|
unsigned char* value);
|
|
int (*ccid_hc_tx_send_packet)(struct sock *sk,
|
|
struct sk_buff *skb);
|
|
void (*ccid_hc_tx_packet_sent)(struct sock *sk,
|
|
int more, unsigned int len);
|
|
void (*ccid_hc_rx_get_info)(struct sock *sk,
|
|
struct tcp_info *info);
|
|
void (*ccid_hc_tx_get_info)(struct sock *sk,
|
|
struct tcp_info *info);
|
|
int (*ccid_hc_rx_getsockopt)(struct sock *sk,
|
|
const int optname, int len,
|
|
u32 __user *optval,
|
|
int __user *optlen);
|
|
int (*ccid_hc_tx_getsockopt)(struct sock *sk,
|
|
const int optname, int len,
|
|
u32 __user *optval,
|
|
int __user *optlen);
|
|
};
|
|
|
|
extern struct ccid_operations ccid2_ops;
|
|
#ifdef CONFIG_IP_DCCP_CCID3
|
|
extern struct ccid_operations ccid3_ops;
|
|
#endif
|
|
|
|
extern int ccid_initialize_builtins(void);
|
|
extern void ccid_cleanup_builtins(void);
|
|
|
|
struct ccid {
|
|
struct ccid_operations *ccid_ops;
|
|
char ccid_priv[0];
|
|
};
|
|
|
|
static inline void *ccid_priv(const struct ccid *ccid)
|
|
{
|
|
return (void *)ccid->ccid_priv;
|
|
}
|
|
|
|
extern bool ccid_support_check(u8 const *ccid_array, u8 array_len);
|
|
extern int ccid_get_builtin_ccids(u8 **ccid_array, u8 *array_len);
|
|
extern int ccid_getsockopt_builtin_ccids(struct sock *sk, int len,
|
|
char __user *, int __user *);
|
|
|
|
extern struct ccid *ccid_new(const u8 id, struct sock *sk, bool rx);
|
|
|
|
static inline int ccid_get_current_rx_ccid(struct dccp_sock *dp)
|
|
{
|
|
struct ccid *ccid = dp->dccps_hc_rx_ccid;
|
|
|
|
if (ccid == NULL || ccid->ccid_ops == NULL)
|
|
return -1;
|
|
return ccid->ccid_ops->ccid_id;
|
|
}
|
|
|
|
static inline int ccid_get_current_tx_ccid(struct dccp_sock *dp)
|
|
{
|
|
struct ccid *ccid = dp->dccps_hc_tx_ccid;
|
|
|
|
if (ccid == NULL || ccid->ccid_ops == NULL)
|
|
return -1;
|
|
return ccid->ccid_ops->ccid_id;
|
|
}
|
|
|
|
extern void ccid_hc_rx_delete(struct ccid *ccid, struct sock *sk);
|
|
extern void ccid_hc_tx_delete(struct ccid *ccid, struct sock *sk);
|
|
|
|
static inline int ccid_hc_tx_send_packet(struct ccid *ccid, struct sock *sk,
|
|
struct sk_buff *skb)
|
|
{
|
|
int rc = 0;
|
|
if (ccid->ccid_ops->ccid_hc_tx_send_packet != NULL)
|
|
rc = ccid->ccid_ops->ccid_hc_tx_send_packet(sk, skb);
|
|
return rc;
|
|
}
|
|
|
|
static inline void ccid_hc_tx_packet_sent(struct ccid *ccid, struct sock *sk,
|
|
int more, unsigned int len)
|
|
{
|
|
if (ccid->ccid_ops->ccid_hc_tx_packet_sent != NULL)
|
|
ccid->ccid_ops->ccid_hc_tx_packet_sent(sk, more, len);
|
|
}
|
|
|
|
static inline void ccid_hc_rx_packet_recv(struct ccid *ccid, struct sock *sk,
|
|
struct sk_buff *skb)
|
|
{
|
|
if (ccid->ccid_ops->ccid_hc_rx_packet_recv != NULL)
|
|
ccid->ccid_ops->ccid_hc_rx_packet_recv(sk, skb);
|
|
}
|
|
|
|
static inline void ccid_hc_tx_packet_recv(struct ccid *ccid, struct sock *sk,
|
|
struct sk_buff *skb)
|
|
{
|
|
if (ccid->ccid_ops->ccid_hc_tx_packet_recv != NULL)
|
|
ccid->ccid_ops->ccid_hc_tx_packet_recv(sk, skb);
|
|
}
|
|
|
|
static inline int ccid_hc_tx_parse_options(struct ccid *ccid, struct sock *sk,
|
|
unsigned char option,
|
|
unsigned char len, u16 idx,
|
|
unsigned char* value)
|
|
{
|
|
int rc = 0;
|
|
if (ccid->ccid_ops->ccid_hc_tx_parse_options != NULL)
|
|
rc = ccid->ccid_ops->ccid_hc_tx_parse_options(sk, option, len, idx,
|
|
value);
|
|
return rc;
|
|
}
|
|
|
|
static inline int ccid_hc_rx_parse_options(struct ccid *ccid, struct sock *sk,
|
|
unsigned char option,
|
|
unsigned char len, u16 idx,
|
|
unsigned char* value)
|
|
{
|
|
int rc = 0;
|
|
if (ccid->ccid_ops->ccid_hc_rx_parse_options != NULL)
|
|
rc = ccid->ccid_ops->ccid_hc_rx_parse_options(sk, option, len, idx, value);
|
|
return rc;
|
|
}
|
|
|
|
static inline int ccid_hc_rx_insert_options(struct ccid *ccid, struct sock *sk,
|
|
struct sk_buff *skb)
|
|
{
|
|
if (ccid->ccid_ops->ccid_hc_rx_insert_options != NULL)
|
|
return ccid->ccid_ops->ccid_hc_rx_insert_options(sk, skb);
|
|
return 0;
|
|
}
|
|
|
|
static inline void ccid_hc_rx_get_info(struct ccid *ccid, struct sock *sk,
|
|
struct tcp_info *info)
|
|
{
|
|
if (ccid->ccid_ops->ccid_hc_rx_get_info != NULL)
|
|
ccid->ccid_ops->ccid_hc_rx_get_info(sk, info);
|
|
}
|
|
|
|
static inline void ccid_hc_tx_get_info(struct ccid *ccid, struct sock *sk,
|
|
struct tcp_info *info)
|
|
{
|
|
if (ccid->ccid_ops->ccid_hc_tx_get_info != NULL)
|
|
ccid->ccid_ops->ccid_hc_tx_get_info(sk, info);
|
|
}
|
|
|
|
static inline int ccid_hc_rx_getsockopt(struct ccid *ccid, struct sock *sk,
|
|
const int optname, int len,
|
|
u32 __user *optval, int __user *optlen)
|
|
{
|
|
int rc = -ENOPROTOOPT;
|
|
if (ccid->ccid_ops->ccid_hc_rx_getsockopt != NULL)
|
|
rc = ccid->ccid_ops->ccid_hc_rx_getsockopt(sk, optname, len,
|
|
optval, optlen);
|
|
return rc;
|
|
}
|
|
|
|
static inline int ccid_hc_tx_getsockopt(struct ccid *ccid, struct sock *sk,
|
|
const int optname, int len,
|
|
u32 __user *optval, int __user *optlen)
|
|
{
|
|
int rc = -ENOPROTOOPT;
|
|
if (ccid->ccid_ops->ccid_hc_tx_getsockopt != NULL)
|
|
rc = ccid->ccid_ops->ccid_hc_tx_getsockopt(sk, optname, len,
|
|
optval, optlen);
|
|
return rc;
|
|
}
|
|
#endif /* _CCID_H */
|