Re: BUG: IPv4: Attempt to release TCP socket in state 1
From: Eric Dumazet
Date: Sat Mar 16 2013 - 13:36:30 EST
On Fri, 2013-03-15 at 00:19 +0100, Eric Dumazet wrote:
> Thanks thats really useful, we might miss to increment socket refcount
> in a timer setup.
>
Hmm, please add following debugging patch as well
diff --git a/include/net/sock.h b/include/net/sock.h
index 14f6e9d..fe7c8a6 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -530,7 +530,9 @@ static inline void sock_hold(struct sock *sk)
*/
static inline void __sock_put(struct sock *sk)
{
- atomic_dec(&sk->sk_refcnt);
+ int newref = atomic_dec_return(&sk->sk_refcnt);
+
+ BUG_ON(newref <= 0);
}
static inline bool sk_del_node_init(struct sock *sk)
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 786d97a..a445e15 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -739,7 +739,7 @@ void inet_csk_prepare_forced_close(struct sock *sk)
{
/* sk_clone_lock locked the socket and set refcnt to 2 */
bh_unlock_sock(sk);
- sock_put(sk);
+ __sock_put(sk);
/* The below has to be done to allow calling inet_csk_destroy_sock */
sock_set_flag(sk, SOCK_DEAD);
@@ -835,13 +835,13 @@ void inet_csk_listen_stop(struct sock *sk)
* tcp_v4_destroy_sock().
*/
tcp_sk(child)->fastopen_rsk = NULL;
- sock_put(sk);
+ __sock_put(sk);
}
inet_csk_destroy_sock(child);
bh_unlock_sock(child);
local_bh_enable();
- sock_put(child);
+ __sock_put(child);
sk_acceptq_removed(sk);
__reqsk_free(req);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/