On Thu, 2017-06-01 at 08:58 -0700, Eric Dumazet wrote: > On Thu, 2017-06-01 at 12:39 +0200, Paolo Abeni wrote: > > On Wed, 2017-05-31 at 10:00 -0700, Eric Dumazet wrote: > > > On Mon, 2017-05-29 at 17:27 +0200, Paolo Abeni wrote: > > > > Since UDP no more uses sk->destructor, we can clear completely > > > > the skb head state before enqueuing. > > > > > > ... > > > > > > > @@ -1739,6 +1740,9 @@ static int __udp_queue_rcv_skb(struct sock *sk, > > > > struct sk_buff *skb) > > > > sk_mark_napi_id_once(sk, skb); > > > > } > > > > > > > > + /* drop all pending head states; dst, nf and sk are dropped by > > > > caller */ > > > > + secpath_reset(skb); > > > > + > > > > > > I wonder if using skb_release_head_state() would be more appropriate ? > > > > > > Surely more descriptive and probably not more expensive since all > > > cache lines should be already hot at this point. > > > > Thank you for reviewing this. > > > > I would prefer not adding more code to the core, but I think we would > > need something new, like: > > > > skb_reset_head_state() > > { > > skb_dst_drop(skb); > > secpath_reset(skb); > > nf_reset(skb); > > skb_orphan(skb); > > } > > > > because elsewhere the skb could be in inconsistent state: skb->sp != > > NULL but with its refcount is already decremented. WDYT? > > I do not believe skb->sk is set anymore in UDP receive path. > > If early demux sets skb->sk for a moment, skb_steal_sock() would set > skb->sk back to NULL
I'm sorry, I do not follow. I'm concerned about the secpath field (skb- >sp), which is the only one that can be not NULL in __udp_queue_rcv_skb(). If the secpath is not NULL, calling there secpath_reset() (or the to- be-introduced skb_reset_head_state()), we will properly release it and we will clear the field, too. Calling skb_release_head_state() in the same scenario, we release the secpath, but we don't clear it. So if the packet is later dropped we will get a double free, unless we add and use a specialized a free_stateless_skb(), too. Paolo