On Sun, Apr 01, 2018 at 08:00:54AM -0700, John Fastabend wrote:
> If a socket with pending cork data is closed we do not return the
> memory to the socket until the garbage collector free's the psock
> structure. The garbage collector though can run after the sock has
> completed its close operation. If this ordering happens the sock code
> will through a WARN_ON because there is still outstanding memory
s/through/throw/ ?
> accounted to the sock.
>
> To resolve this ensure we return memory to the sock when a socket
> is closed.
>
> Signed-off-by: John Fastabend <john.fastab...@gmail.com>
> Fixes: 91843d540a13 ("bpf: sockmap, add msg_cork_bytes() helper")
> ---
> kernel/bpf/sockmap.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c
> index d2bda5a..8ddf326 100644
> --- a/kernel/bpf/sockmap.c
> +++ b/kernel/bpf/sockmap.c
> @@ -211,6 +211,12 @@ static void bpf_tcp_close(struct sock *sk, long timeout)
> close_fun = psock->save_close;
>
> write_lock_bh(&sk->sk_callback_lock);
> + if (psock->cork) {
> + free_start_sg(psock->sock, psock->cork);
> + kfree(psock->cork);
> + psock->cork = NULL;
> + }
> +
> list_for_each_entry_safe(md, mtmp, &psock->ingress, list) {
> list_del(&md->list);
> free_start_sg(psock->sock, md);
>
