CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	mmacy <mmacy@FreeBSD.org>
	Sun, 22 Jul 2018 05:37:58 +0000 (05:37 +0000)
committer	mmacy <mmacy@FreeBSD.org>
	Sun, 22 Jul 2018 05:37:58 +0000 (05:37 +0000)
commit	6fcaec6a10be029749b77607ed08c1a72cb1c30e
tree	d3ed46f02f41c98c0bcd819289573495c9705de0	tree \| snapshot
parent	db69ec66356a6aa3a00248c4e9d58919c97fd180	commit \| diff

NULL out cc_data in pluggable TCP {cc}_cb_destroy

When ABE was added (rS331214) to NewReno and leak fixed (rS333699) , it now has
a destructor (newreno_cb_destroy) for per connection state. Other congestion
controls may allocate and free cc_data on entry and exit, but the field is
never explicitly NULLed if moving back to NewReno which only internally
allocates stateful data (no entry contstructor) resulting in a situation where
newreno_cb_destory might be called on a junk pointer.

-    NULL out cc_data in the framework after calling {cc}_cb_destroy
-    free(9) checks for NULL so there is no need to perform not NULL checks
     before calling free.
-    Improve a comment about NewReno in tcp_ccalgounload

This is the result of a debugging session from Jason Wolfe, Jason Eggleston,
and mmacy@ and very helpful insight from lstewart@.

Submitted by: Kevin Bowling
Reviewed by: lstewart
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D16282

sys/netinet/cc/cc_chd.c		diff \| blob \| history
sys/netinet/cc/cc_cubic.c		diff \| blob \| history
sys/netinet/cc/cc_dctcp.c		diff \| blob \| history
sys/netinet/cc/cc_htcp.c		diff \| blob \| history
sys/netinet/cc/cc_newreno.c		diff \| blob \| history
sys/netinet/cc/cc_vegas.c		diff \| blob \| history
sys/netinet/tcp_subr.c		diff \| blob \| history
sys/netinet/tcp_usrreq.c		diff \| blob \| history