On Wed, Mar 02, 2022 at 10:27:54AM +0800, Wang Yufen wrote: > In tcp_bpf_send_verdict(), if msg has more data after > tcp_bpf_sendmsg_redir(): > > tcp_bpf_send_verdict() > tosend = msg->sg.size //msg->sg.size = 22220 > case __SK_REDIRECT: > sk_msg_return() //uncharged msg->sg.size(22220) sk->sk_forward_alloc > tcp_bpf_sendmsg_redir() //after tcp_bpf_sendmsg_redir, msg->sg.size=11000 > goto more_data; > tosend = msg->sg.size //msg->sg.size = 11000 > case __SK_REDIRECT: > sk_msg_return() //uncharged msg->sg.size(11000) to sk->sk_forward_alloc > > The msg->sg.size(11000) has been uncharged twice, to fix we can charge the > remaining msg->sg.size before goto more data. It looks like bpf_exec_tx_verdict() has the same issue.
