>> And if the sock is dead I can't see major problems in playing with it as
>> far as the code has the big kernel lock held and unix_gc() doesn't sleep.
>
> Except that unix_destroy_timer() can kfree() it at any moment. And
>*that* is not protected by kernel_lock.
> Proper behaviour would be to take those skb's to a separate list
It looks me quite clear that the _only_ thing that can be freed at any
moment is the sock and _not_ the skb in the sock queue. And as just said
the sock is just unhashed when unix_gc is running.
>and then kill them on reap phase. Or simply kill the peer skb immediately
>on unix_release_sock().
I think we are just doing that. Maybe I am missing something due the late
time I am writing this...
Andrea Arcangeli
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/