Page MenuHomeFreeBSD
Differential D54157

splice: Fix leaks that can happen when initiating a splice
ClosedPublic
Actions

Authored by gallatin on Tue, Dec 9, 8:32 PM.

Details

Reviewers
markj
glebius
Commits
rGa837d1fe49e0: splice: Fix leaks that can happen when initiating a splice
Summary

When so_unsplice() is called on a socket that is is starting to be spliced spliced (state == SPLICE_INIT), it gives up and does nothing.
This causes leaked socket reference counts, leading to leaked tcpcb / inpcbs and elevated numbers of connections
stuck in the CLOSED state. This happens when so_splice() fails and tries to tear down its state using so_unsplice.
Fixed by changing the state to SPLICE_EXCEPTION so that so_unsplice() can succeed when called.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

gallatin created this revision.Tue, Dec 9, 8:32 PM
Herald added subscribers: olce, imp. · View Herald TranscriptTue, Dec 9, 8:32 PM
gallatin requested review of this revision.Tue, Dec 9, 8:32 PM
gallatin updated this revision to Diff 167805.Tue, Dec 9, 8:41 PM
gallatin edited the summary of this revision. (Show Details)

Remove changes to the so_unsplice() path on SPLICE_INIT splices.. @markj correctly pointed out that codepath is not a problem.

markj added a comment.Tue, Dec 9, 8:45 PM

Looks good, thanks. This should be Fixes: c0c5d01e5374 ("so_splice: Synchronize so_unsplice() with so_splice()")

markj accepted this revision.Tue, Dec 9, 8:50 PM
This revision is now accepted and ready to land.Tue, Dec 9, 8:50 PM
gallatin updated this revision to Diff 167806.Tue, Dec 9, 10:05 PM
  • realized that so_unsplice can be called with an so2 that's already been recycled when its called via so_splice(), since we don't hold a reference. So ensure we null out sp_dest and deal with a NULL so2 in so_unsplice
This revision now requires review to proceed.Tue, Dec 9, 10:05 PM
markj accepted this revision.Tue, Dec 9, 10:08 PM
This revision is now accepted and ready to land.Tue, Dec 9, 10:08 PM
Closed by commit rGa837d1fe49e0: splice: Fix leaks that can happen when initiating a splice (authored by gallatin). · Explain WhyTue, Dec 9, 10:20 PM
This revision was automatically updated to reflect the committed changes.
gallatin added a commit: rGa837d1fe49e0: splice: Fix leaks that can happen when initiating a splice.

Revision Contents
Changeset List

PathSize
sys/
kern/
44 lines

Diff 167807

View Options

sys/kern/uipc_socket.c

Loading...