Michal Luczaj wrote:
> Consider a sockmap entry being updated with the same socket:
>
> osk = stab->sks[idx];
> sock_map_add_link(psock, link, map, &stab->sks[idx]);
> stab->sks[idx] = sk;
> if (osk)
> sock_map_unref(osk, &stab->sks[idx]);
>
> Due to sock_map_unref(), which invokes sock_map_del_link(), all the psock's
> links for stab->sks[idx] are torn:
>
> list_for_each_entry_safe(link, tmp, &psock->link, list) {
> if (link->link_raw == link_raw) {
> ...
> list_del(&link->list);
> sk_psock_free_link(link);
> }
> }
>
> And that includes the new link sock_map_add_link() added just before the
> unref.
>
> This results in a sockmap holding a socket, but without the respective
> link. This in turn means that close(sock) won't trigger the cleanup, i.e. a
> closed socket will not be automatically removed from the sockmap.
>
> Stop tearing the links when a matching link_raw is found.
>
> Signed-off-by: Michal Luczaj <[email protected]>
> ---
Thanks. LGTM.
Reviewed-by: John Fastabend <[email protected]>
> net/core/sock_map.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/core/sock_map.c b/net/core/sock_map.c
> index
> 78347d7d25ef31525f8ec0a755a18e5793ad92c0..20b348b1964a10a1b0bfbe1a90a4a4cd99715b81
> 100644
> --- a/net/core/sock_map.c
> +++ b/net/core/sock_map.c
> @@ -159,6 +159,7 @@ static void sock_map_del_link(struct sock *sk,
> verdict_stop = true;
> list_del(&link->list);
> sk_psock_free_link(link);
> + break;
> }
> }
> spin_unlock_bh(&psock->link_lock);
>
> --
> 2.46.2
>
