From a8f747452eb9662928a279d4041ef13ad160de75 Mon Sep 17 00:00:00 2001 From: "chao.an" Date: Sat, 9 Jul 2022 03:30:10 +0800 Subject: [PATCH] net/tcp: fix assertion of fallback connection alloc When the free connection list is unenough to alloc a new instance, the TCP stack will reuse the currently closed connection, but if the handle is not released by the user via close(2), the reference count of the connection remains in a non-zero value, it will cause the assertion to fail, so when the handle is not released we should not use such a conn instance when being actively closed, and ensure that the reference count is assigned within the net lock protection |(gdb) bt |#0 up_assert (filename=0x565c78f7 "tcp/tcp_conn.c", lineno=771) at sim/up_assert.c:75 |#1 0x56566177 in _assert (filename=0x565c78f7 "tcp/tcp_conn.c", linenum=771) at assert/lib_assert.c:36 |#2 0x5657d620 in tcp_free (conn=0x565fb3e0 ) at tcp/tcp_conn.c:771 |#3 0x5657d5a1 in tcp_alloc (domain=2 '\002') at tcp/tcp_conn.c:700 |#4 0x565b1f50 in inet_tcp_alloc (psock=0xf3dea150) at inet/inet_sockif.c:144 |#5 0x565b2082 in inet_setup (psock=0xf3dea150, protocol=0) at inet/inet_sockif.c:253 |#6 0x565b1bf0 in psock_socket (domain=2, type=1, protocol=0, psock=0xf3dea150) at socket/socket.c:121 |#7 0x56588f5f in socket (domain=2, type=1, protocol=0) at socket/socket.c:278 |#8 0x565b11c0 in hello_main (argc=1, argv=0xf3dfab10) at hello_main.c:35 |#9 0x56566631 in nxtask_startup (entrypt=0x565b10ef , argc=1, argv=0xf3dfab10) at sched/task_startup.c:70 |#10 0x565597fa in nxtask_start () at task/task_start.c:134 Signed-off-by: chao.an --- net/tcp/tcp_close.c | 7 ++++++- net/tcp/tcp_conn.c | 6 ++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/net/tcp/tcp_close.c b/net/tcp/tcp_close.c index b3a81a80ce9de..4dca880ae8f07 100644 --- a/net/tcp/tcp_close.c +++ b/net/tcp/tcp_close.c @@ -294,6 +294,10 @@ static inline int tcp_close_disconnect(FAR struct socket *psock) } #endif + /* Discard our reference to the connection */ + + conn->crefs = 0; + /* TCP_ESTABLISHED * We need to initiate an active close and wait for its completion. * @@ -327,6 +331,8 @@ static inline int tcp_close_disconnect(FAR struct socket *psock) tcp_free(conn); } + psock->s_conn = NULL; + net_unlock(); return ret; } @@ -356,7 +362,6 @@ int tcp_close(FAR struct socket *psock) /* Perform the disconnection now */ tcp_unlisten(conn); /* No longer accepting connections */ - conn->crefs = 0; /* Discard our reference to the connection */ /* Break any current connections and close the socket */ diff --git a/net/tcp/tcp_conn.c b/net/tcp/tcp_conn.c index aad46069a52d3..0cd7f0f58c5aa 100644 --- a/net/tcp/tcp_conn.c +++ b/net/tcp/tcp_conn.c @@ -656,11 +656,13 @@ FAR struct tcp_conn_s *tcp_alloc(uint8_t domain) * in the socket layer. */ - if (tmp->tcpstateflags == TCP_CLOSING || + if ((tmp->crefs == 0) && + (tmp->tcpstateflags == TCP_CLOSED || + tmp->tcpstateflags == TCP_CLOSING || tmp->tcpstateflags == TCP_FIN_WAIT_1 || tmp->tcpstateflags == TCP_FIN_WAIT_2 || tmp->tcpstateflags == TCP_TIME_WAIT || - tmp->tcpstateflags == TCP_LAST_ACK) + tmp->tcpstateflags == TCP_LAST_ACK)) { /* Yes.. Is it the oldest one we have seen so far? */