tcp: use tcp_eat_recv_skb in __tcp_close()

Small change to use tcp_eat_recv_skb() instead
of __kfree_skb(). This can help if an application
under attack has to close many sockets with unread data.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>
Link: https://patch.msgid.link/20250903084720.1168904-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 39eb03f6d07f4df209304a805f9a4e66cff0f2d9..588932c3cf1d549973ccfa095a8de1be87421a63 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3118,14 +3118,14 @@ void __tcp_close(struct sock *sk, long timeout)
         *  descriptor close, not protocol-sourced closes, because the
         *  reader process may not have drained the data yet!
         */
-       while ((skb = __skb_dequeue(&sk->sk_receive_queue)) != NULL) {
+       while ((skb = skb_peek(&sk->sk_receive_queue)) != NULL) {
                u32 end_seq = TCP_SKB_CB(skb)->end_seq;
 
                if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
                        end_seq--;
                if (after(end_seq, tcp_sk(sk)->copied_seq))
                        data_was_unread = true;
-               __kfree_skb(skb);
+               tcp_eat_recv_skb(sk, skb);
        }
 
        /* If socket has been already reset (e.g. in tcp_reset()) - kill it. */