提交 6482f554 编写于 作者: R Rémi Denis-Courmont 提交者: David S. Miller

Phonet: remove dangling pipe if an endpoint is closed early

Closing a pipe endpoint is not normally allowed by the Phonet pipe,
other than as a side after-effect of removing the pipe between two
endpoints. But there is no way to prevent Linux userspace processes
from being killed or suffering from bugs, so this can still happen.
We might as well forcefully close Phonet pipe endpoints then.

The cellular modem supports only a few existing pipes at a time. So we
really should not leak them. This change instructs the modem to destroy
the pipe if either of the pipe's endpoint (Linux socket) is closed too
early.
Signed-off-by: NRémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 7fedd7e5
...@@ -77,6 +77,11 @@ static inline struct pnpipehdr *pnp_hdr(struct sk_buff *skb) ...@@ -77,6 +77,11 @@ static inline struct pnpipehdr *pnp_hdr(struct sk_buff *skb)
#define MAX_PNPIPE_HEADER (MAX_PHONET_HEADER + 4) #define MAX_PNPIPE_HEADER (MAX_PHONET_HEADER + 4)
enum { enum {
PNS_PIPE_CREATE_REQ = 0x00,
PNS_PIPE_CREATE_RESP,
PNS_PIPE_REMOVE_REQ,
PNS_PIPE_REMOVE_RESP,
PNS_PIPE_DATA = 0x20, PNS_PIPE_DATA = 0x20,
PNS_PIPE_ALIGNED_DATA, PNS_PIPE_ALIGNED_DATA,
......
...@@ -620,6 +620,28 @@ static int pep_do_rcv(struct sock *sk, struct sk_buff *skb) ...@@ -620,6 +620,28 @@ static int pep_do_rcv(struct sock *sk, struct sk_buff *skb)
return err; return err;
} }
static int pipe_do_remove(struct sock *sk)
{
struct pep_sock *pn = pep_sk(sk);
struct pnpipehdr *ph;
struct sk_buff *skb;
skb = alloc_skb(MAX_PNPIPE_HEADER, GFP_KERNEL);
if (!skb)
return -ENOMEM;
skb_reserve(skb, MAX_PNPIPE_HEADER);
__skb_push(skb, sizeof(*ph));
skb_reset_transport_header(skb);
ph = pnp_hdr(skb);
ph->utid = 0;
ph->message_id = PNS_PIPE_REMOVE_REQ;
ph->pipe_handle = pn->pipe_handle;
ph->data[0] = PAD;
return pn_skb_send(sk, skb, &pipe_srv);
}
/* associated socket ceases to exist */ /* associated socket ceases to exist */
static void pep_sock_close(struct sock *sk, long timeout) static void pep_sock_close(struct sock *sk, long timeout)
{ {
...@@ -638,7 +660,10 @@ static void pep_sock_close(struct sock *sk, long timeout) ...@@ -638,7 +660,10 @@ static void pep_sock_close(struct sock *sk, long timeout)
sk_for_each_safe(sknode, p, n, &pn->ackq) sk_for_each_safe(sknode, p, n, &pn->ackq)
sk_del_node_init(sknode); sk_del_node_init(sknode);
sk->sk_state = TCP_CLOSE; sk->sk_state = TCP_CLOSE;
} } else if ((1 << sk->sk_state) & (TCPF_SYN_RECV|TCPF_ESTABLISHED))
/* Forcefully remove dangling Phonet pipe */
pipe_do_remove(sk);
ifindex = pn->ifindex; ifindex = pn->ifindex;
pn->ifindex = 0; pn->ifindex = 0;
release_sock(sk); release_sock(sk);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册