| Message ID | 20180401150054.24727.78359.stgit@john-Precision-Tower-5810 |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | BPF Maintainers |
| Headers | show |
| Series | Sockmap Updates | expand |
On Sun, Apr 01, 2018 at 08:00:54AM -0700, John Fastabend wrote: > If a socket with pending cork data is closed we do not return the > memory to the socket until the garbage collector free's the psock > structure. The garbage collector though can run after the sock has > completed its close operation. If this ordering happens the sock code > will through a WARN_ON because there is still outstanding memory s/through/throw/ ? > accounted to the sock. > > To resolve this ensure we return memory to the sock when a socket > is closed. > > Signed-off-by: John Fastabend <john.fastabend@gmail.com> > Fixes: 91843d540a13 ("bpf: sockmap, add msg_cork_bytes() helper") > --- > kernel/bpf/sockmap.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c > index d2bda5a..8ddf326 100644 > --- a/kernel/bpf/sockmap.c > +++ b/kernel/bpf/sockmap.c > @@ -211,6 +211,12 @@ static void bpf_tcp_close(struct sock *sk, long timeout) > close_fun = psock->save_close; > > write_lock_bh(&sk->sk_callback_lock); > + if (psock->cork) { > + free_start_sg(psock->sock, psock->cork); > + kfree(psock->cork); > + psock->cork = NULL; > + } > + > list_for_each_entry_safe(md, mtmp, &psock->ingress, list) { > list_del(&md->list); > free_start_sg(psock->sock, md); >
diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c index d2bda5a..8ddf326 100644 --- a/kernel/bpf/sockmap.c +++ b/kernel/bpf/sockmap.c @@ -211,6 +211,12 @@ static void bpf_tcp_close(struct sock *sk, long timeout) close_fun = psock->save_close; write_lock_bh(&sk->sk_callback_lock); + if (psock->cork) { + free_start_sg(psock->sock, psock->cork); + kfree(psock->cork); + psock->cork = NULL; + } + list_for_each_entry_safe(md, mtmp, &psock->ingress, list) { list_del(&md->list); free_start_sg(psock->sock, md);
If a socket with pending cork data is closed we do not return the memory to the socket until the garbage collector free's the psock structure. The garbage collector though can run after the sock has completed its close operation. If this ordering happens the sock code will through a WARN_ON because there is still outstanding memory accounted to the sock. To resolve this ensure we return memory to the sock when a socket is closed. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Fixes: 91843d540a13 ("bpf: sockmap, add msg_cork_bytes() helper") --- kernel/bpf/sockmap.c | 6 ++++++ 1 file changed, 6 insertions(+)