HomeFreeBSD

NULL out cc_data in pluggable TCP {cc}_cb_destroy

Description

NULL out cc_data in pluggable TCP {cc}_cb_destroy

When ABE was added (rS331214) to NewReno and leak fixed (rS333699) , it now has
a destructor (newreno_cb_destroy) for per connection state. Other congestion
controls may allocate and free cc_data on entry and exit, but the field is
never explicitly NULLed if moving back to NewReno which only internally
allocates stateful data (no entry contstructor) resulting in a situation where
newreno_cb_destory might be called on a junk pointer.

  • NULL out cc_data in the framework after calling {cc}_cb_destroy
  • free(9) checks for NULL so there is no need to perform not NULL checks before calling free.
  • Improve a comment about NewReno in tcp_ccalgounload

This is the result of a debugging session from Jason Wolfe, Jason Eggleston,
and mmacy@ and very helpful insight from lstewart@.

Submitted by: Kevin Bowling
Reviewed by: lstewart
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D16282

Details

Committed
mmacyJul 22 2018, 5:37 AM
Reviewer
lstewart
Differential Revision
D16282: NULL out cc_data in pluggable TCP {cc}_cb_destroy
Parents
rS336595: Skip the pftcl(8) tests if pf isn't loaded.
Branches
Unknown
Tags
Unknown