From: Sowmini Varadhan <sowmini.varad...@oracle.com> Date: Tue, 27 Jun 2017 16:45:29 -0400
> On (06/27/17 15:59), Sowmini Varadhan wrote: >> > Why does rds-tcp need to call sock_graft() without those invariants >> > met? >> >> It would certainly help to declare "dont use sock_creeate_kern() >> if you are going to accept on this socket"- I dont see that being >> mandated anywhere. > > I can look into getting rds_tcp_accept_one also calling sock_create_lite > like every other caller, (though I may not get to this for another week, > due to travel), but the code in sock_graft() doesnt look right either. > > At the very least, there needs to be a WARN_ON(parent->sk) there, > to provide a gentle dope-slap for the next slob that stumbles on this > type of leak. In the accept case it is, if anything, very wasteful. This is because you allocate a sock and then immediately free it up. I would say mimick the logic of sys_accept4() and just use sock_alloc() to allocate the struct socket without a struct sock. Or, as you say, use sock_create_lite() or a similar helper.
