On Wed, Nov 06, 2024 at 10:43:04AM +0100, Oleksij Rempel wrote:
> On Tue, Nov 05, 2024 at 05:37:53PM +0100, Jiri Pirko wrote:
> > Tue, Nov 05, 2024 at 10:48:23AM CET, dmantipov@xxxxxxxxx wrote:
> > >Since 'j1939_session_skb_queue()' do an extra 'skb_get()' for each
> > >new skb, I assume that the same should be done for an initial one
> >
> > It is odd to write "I assume" for fix like this. You should know for
> > sure, don't you?
>
> Hm... looks the there is more then one refcounting problem at this
> point. skb_queue is set from 3 different paths, with resulting 3 different
> refcount states:
>
> j1939_sk_send_loop()
> skb = j1939_sk_alloc_skb() // skb with refcount == 1
> if (!session) {
> session = j1939_tp_send(priv, skb, size)
> ...
> session = j1939_session_new(priv, skb, size);
> skb_queue_tail(&session->skb_queue, skb); // skb refcount == 1
>
> } else {
> j1939_session_skb_queue(session, skb);
> // here, skb is refcounted
> skb_queue_tail(&session->skb_queue, skb_get(skb)); // skb refcount == 2
> }
>
> // at the end of function, skb refcount == 1 or 2
>
> j1939_xtp_rx_rts_session_new()
> j1939_session_fresh_new()
> skb = alloc_skb() // skb with refcount == 1
> session = j1939_session_new(priv, skb, size);
> skb_queue_tail(&session->skb_queue, skb);
> skb_put(skb, size); // skb with refcount == 0
>
> I agree with this patch, but there is missing skb_put() in j1939_sk_send_loop()
Please forget it, no skb_free is needed in the j1939_sk_send_loop().
Regards,
Oleksij
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
