net: tcp: deal with listen sockets properly in tcp_abort.

When closing a listen socket, tcp_abort currently calls
tcp_done without clearing the request queue. If the socket has a
child socket that is established but not yet accepted, the child
socket is then left without a parent, causing a leak.

Fix this by setting the socket state to TCP_CLOSE and calling
inet_csk_listen_stop with the socket lock held, like tcp_close
does.

Tested using net_test. With this patch, calling SOCK_DESTROY on a
listen socket that has an established but not yet accepted child
socket results in the parent and the child being closed, such
that they no longer appear in sock_diag dumps.

[cherry-pick of net-next 2010b93e9317cc12acd20c4aed385af7f9d1681e]

Change-Id: I0555a142f11d8b36362ffd7c8ef4a5ecae8987c9
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 6d06fbf6654fbea698828a12d70be931bd4bc77b..7c0465202cc5191b51298a8b6a9eb591898fb437 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3120,6 +3120,11 @@ int tcp_abort(struct sock *sk, int err)
        /* Don't race with userspace socket closes such as tcp_close. */
        lock_sock(sk);
 
+       if (sk->sk_state == TCP_LISTEN) {
+               tcp_set_state(sk, TCP_CLOSE);
+               inet_csk_listen_stop(sk);
+       }
+
        /* Don't race with BH socket closes such as inet_csk_listen_stop. */
        local_bh_disable();
        bh_lock_sock(sk);