ref: 0298949dd26a6ed269a6d071ba49a5b76f6d645a
parent: b43c416083cfb67262630f61ae98383a7a13a45f
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Mon Apr 22 14:44:53 EDT 2024
tcp: fix limbo entry leaks from hell In limbo() function, once tpriv->nlimbo reaches Maxlimbo, we'd try to re-use Limbo entries from the head of the hash chain. However, theres a special case where our current chain contains only a single entry. Then Limbo **l; points to its next pointer, and writing: *l = lp; would just yield in the entry being linked to itself, leaking it. The for(;;) loop in limborexmit() was wrong, as the "continue" case would not advance the lp pointer at all, (such as when tpriv->nlimbo reaches > 100), we'd stop cleaning out entries. Handle Fsnewcall() returning nil case, have to free Limbo *lp as we just removed it from the hash table. Add tpriv->nlimbo as "InLimbo" at the end of /net/tcp/stats.