On Sat, 2006-09-23 at 14:56 -0700, David Miller wrote: > From: [EMAIL PROTECTED] > Date: Sat, 23 Sep 2006 12:30:23 -0500 > > > __pppoe_xmit must free any skb it allocates if there is an error > > submitting the skb downstream. > > This isn't right, dev_queue_xmit() can return -ENETDOWN and still > free the SKB, so your change will cause the SKB to be freed up > twice in that case, from dev_queue_xmit(): > > rc = -ENETDOWN; > rcu_read_unlock_bh(); > > out_kfree_skb: > kfree_skb(skb); > return rc; > > dev_queue_xmit() is basically expected to consume the packet, > error or not. > > What case of calling dev_queue_xmit() did you discover that did not > kfree the SKB on error? We should fix that. On a quick scan on the > entire dev_queue_xmit() implmentation, I cannot find such a case. >
I think the call path via dev->hard_start_xmit, if it fails, may result in an skb not being freed. This appears to be the case with the e100.c driver. The qdisc_restart path to dev->hard_start_xmit also appears susceptible to this. It appears that not all devices agree as to who should clean-up an skb on error. -- Michal Ostrowski <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
