Commit 466dfcd1 authored by Wei Wang's avatar Wei Wang Committed by Greg Kroah-Hartman

tcp: memset ca_priv data to 0 properly

[ Upstream commit c1201444 ]

Always zero out ca_priv data in tcp_assign_congestion_control() so that
ca_priv data is cleared out during socket creation.
Also always zero out ca_priv data in tcp_reinit_congestion_control() so
that when cc algorithm is changed, ca_priv data is cleared out as well.
We should still zero out ca_priv data even in TCP_CLOSE state because
user could call connect() on AF_UNSPEC to disconnect the socket and
leave it in TCP_CLOSE state and later call setsockopt() to switch cc
algorithm on this socket.

Fixes: 2b0a8c9e ("tcp: add CDG congestion control")
Reported-by: default avatarAndrey Konovalov  <andreyknvl@google.com>
Signed-off-by: default avatarWei Wang <weiwan@google.com>
Acked-by: default avatarEric Dumazet <edumazet@google.com>
Acked-by: default avatarYuchung Cheng <ycheng@google.com>
Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 04630e2e
...@@ -168,12 +168,8 @@ void tcp_assign_congestion_control(struct sock *sk) ...@@ -168,12 +168,8 @@ void tcp_assign_congestion_control(struct sock *sk)
} }
out: out:
rcu_read_unlock(); rcu_read_unlock();
memset(icsk->icsk_ca_priv, 0, sizeof(icsk->icsk_ca_priv));
/* Clear out private data before diag gets it and
* the ca has not been initialized.
*/
if (ca->get_info)
memset(icsk->icsk_ca_priv, 0, sizeof(icsk->icsk_ca_priv));
if (ca->flags & TCP_CONG_NEEDS_ECN) if (ca->flags & TCP_CONG_NEEDS_ECN)
INET_ECN_xmit(sk); INET_ECN_xmit(sk);
else else
...@@ -200,11 +196,10 @@ static void tcp_reinit_congestion_control(struct sock *sk, ...@@ -200,11 +196,10 @@ static void tcp_reinit_congestion_control(struct sock *sk,
tcp_cleanup_congestion_control(sk); tcp_cleanup_congestion_control(sk);
icsk->icsk_ca_ops = ca; icsk->icsk_ca_ops = ca;
icsk->icsk_ca_setsockopt = 1; icsk->icsk_ca_setsockopt = 1;
memset(icsk->icsk_ca_priv, 0, sizeof(icsk->icsk_ca_priv));
if (sk->sk_state != TCP_CLOSE) { if (sk->sk_state != TCP_CLOSE)
memset(icsk->icsk_ca_priv, 0, sizeof(icsk->icsk_ca_priv));
tcp_init_congestion_control(sk); tcp_init_congestion_control(sk);
}
} }
/* Manage refcounts on socket close. */ /* Manage refcounts on socket close. */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment