mptcp: plug subflow context memory leak

When a MPTCP listener socket is closed with unaccepted children pending, the ULP release callback will be invoked, but nobody will call into __mptcp_close_ssk() on the corresponding subflow. As a consequence, at ULP release time, the 'disposable' flag will be cleared and the subflow context memory will be leaked. This change addresses the issue always freeing the context if the subflow is still in the accept queue at ULP release time. Additionally, this fixes an incorrect code reference in the related comment. Note: this fix leverages the changes introduced by the previous commit. Fixes: e16163b ("mptcp: refactor shutdown and close") Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
multipath-tcp · Dec 9, 2020 · 9910201 · 9910201
1 parent ae1cd5e
commit 9910201
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
@@ -1339,9 +1339,10 @@ static void subflow_ulp_release(struct sock *ssk)
  sk = ctx->conn;
  if (sk) {
  /* if the msk has been orphaned, keep the ctx
- * alive, will be freed by mptcp_done()
+ * alive, will be freed by __mptcp_close_ssk(),
+ * when the subflow is still unaccepted
  */
- release = ctx->disposable;
+ release = ctx->disposable || list_empty(&ctx->node);
  sock_put(sk);
  }