From: Sowmini Varadhan Date: Thu, 15 Jun 2017 18:28:55 +0000 (-0700) Subject: rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one X-Git-Tag: MMI-PSA29.97-13-9~5285^2~166^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=10beea7d7408d0b1c9208757f445c5c710239e0e;p=GitHub%2FMotorolaMobilityLLC%2Fkernel-slsi.git rds: tcp: Set linger when rejecting an incoming conn in rds_tcp_accept_one Each time we get an incoming SYN to the RDS_TCP_PORT, the TCP layer accepts the connection and then the rds_tcp_accept_one() callback is invoked to process the incoming connection. rds_tcp_accept_one() may reject the incoming syn for a number of reasons, e.g., commit 1a0e100fb2c9 ("RDS: TCP: Force every connection to be initiated by numerically smaller IP address"), or because we are getting spammed by a malicious node that is triggering a flood of connection attempts to RDS_TCP_PORT. If the incoming syn is rejected, no data would have been sent on the TCP socket, and we do not need to be in TIME_WAIT state, so we set linger on the TCP socket before closing, thereby closing the socket efficiently with a RST. Signed-off-by: Sowmini Varadhan Tested-by: Imanti Mendez Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller --- diff --git a/net/rds/tcp_listen.c b/net/rds/tcp_listen.c index f9c6312be841..df291ac245d6 100644 --- a/net/rds/tcp_listen.c +++ b/net/rds/tcp_listen.c @@ -112,6 +112,17 @@ struct rds_tcp_connection *rds_tcp_accept_one_path(struct rds_connection *conn) return NULL; } +static void rds_tcp_set_linger(struct socket *sock) +{ + struct linger no_linger = { + .l_onoff = 1, + .l_linger = 0, + }; + + kernel_setsockopt(sock, SOL_SOCKET, SO_LINGER, + (char *)&no_linger, sizeof(no_linger)); +} + int rds_tcp_accept_one(struct socket *sock) { struct socket *new_sock = NULL; @@ -183,7 +194,13 @@ int rds_tcp_accept_one(struct socket *sock) ret = 0; goto out; rst_nsk: - /* reset the newly returned accept sock and bail */ + /* reset the newly returned accept sock and bail. + * It is safe to set linger on new_sock because the RDS connection + * has not been brought up on new_sock, so no RDS-level data could + * be pending on it. By setting linger, we achieve the side-effect + * of avoiding TIME_WAIT state on new_sock. + */ + rds_tcp_set_linger(new_sock); kernel_sock_shutdown(new_sock, SHUT_RDWR); ret = 0; out: