On Thu, 2017-06-01 at 09:40 -0700, Eric Dumazet wrote: > On Thu, Jun 1, 2017 at 9:21 AM, Paolo Abeni <pab...@redhat.com> wrote: > > > I'm sorry, I do not follow. I'm concerned about the secpath field (skb- > > > sp), which is the only one that can be not NULL in > > > > __udp_queue_rcv_skb(). > > > > If the secpath is not NULL, calling there secpath_reset() (or the to- > > be-introduced skb_reset_head_state()), we will properly release it and > > we will clear the field, too. > > > > Calling skb_release_head_state() in the same scenario, we release the > > secpath, but we don't clear it. So if the packet is later dropped we > > will get a double free, unless we add and use a specialized a > > free_stateless_skb(), too. > > Then simply use secpath_reset() instead of secpath_put() from > skb_release_head_state() > > Clearly having these subtle differences bring confusion, for very little gain. > > secpath_put() should be removed. Most of its callers simply set > skb->sp back to NULL anyway.
To make the code robust we would have to NULL all the other fields (nfct, nf_bridge, destructor, sk) that are currently not cleared in skb_release_head_state(), elsewhere if one day, after some change, any that fields become non-NULL in this code path we risk a double-free after skb_release_head_state(), even if the code looks safe. Will that be a little too invasive for this small use-case? Can't we prefer a new helper or simply a secpath_reset() plus some appropriate comments? Thanks, Paolo
