On 23/05/2022 06:57, liuyacan@xxxxxxxxxxxxxxxx wrote:
> From: liuyacan <liuyacan@xxxxxxxxxxxxxxxx>
>
> Same trigger condition as commit 86434744. When setsockopt runs
> in parallel to a connect(), and switch the socket into fallback
> mode. Then the sk_refcnt is incremented in smc_connect(), but
> its state stay in SMC_INIT (NOT SMC_ACTIVE). This cause the
> corresponding sk_refcnt decrement in __smc_release() will not be
> performed.
>
> Fixes: 86434744fedf ("net/smc: add fallback check to connect()")
> Signed-off-by: liuyacan <liuyacan@xxxxxxxxxxxxxxxx>
> ---
> net/smc/af_smc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
> index fce16b9d6..45a24d242 100644
> --- a/net/smc/af_smc.c
> +++ b/net/smc/af_smc.c
> @@ -1564,9 +1564,9 @@ static int smc_connect(struct socket *sock, struct sockaddr *addr,
> if (rc && rc != -EINPROGRESS)
> goto out;
>
> - sock_hold(&smc->sk); /* sock put in passive closing */
> if (smc->use_fallback)
> goto out;
> + sock_hold(&smc->sk); /* sock put in passive closing */
> if (flags & O_NONBLOCK) {
> if (queue_work(smc_hs_wq, &smc->connect_work))
> smc->connect_nonblock = 1;
This is a rather unusual problem that can come up when fallback=true BEFORE smc_connect()
is called. But nevertheless, it is a problem.
Right now I am not sure if it is okay when we NOT hold a ref to smc->sk during all fallback
processing. This change also conflicts with a patch that is already on net-next (3aba1030).
With the new patch on net-next it would also be possible to detect in __smc_release() that
the socket is in state sk->sk_state == SMC_INIT but the sock->state is SS_CONNECTING or
SS_CONNECTED and call sock_put() in this case.
What do you think?
