On Thu, Jul 23, 2020 at 10:35 PM Eric Dumazet <eric.duma...@gmail.com> wrote: > > > > On 7/23/20 9:50 PM, Cong Wang wrote: > > Similar to tun_net_xmit(), we have to orphan the skb > > before queuing it, otherwise we may use the socket when > > purging the queue after it is freed by user-space. > > Which socket ?
sk->sk_wq points to &sock->wq. The socket is of course from qrtr_create(). > > By not calling skb_orphan(skb), this skb should own a reference on skb->sk > preventing > skb->sk to disappear. > I said socket, not sock. I believe the socket can be gone while the sock is still there. > It seems that instead of skb_orphan() here, we could avoid calling > skb_set_owner_w() in the first place, > because this is confusing. Not sure about this, at least tun calls skb_set_owner_w() too. More importantly, sock_alloc_send_skb() calls it too. :)
