4.20-stable review patch. If anyone has any objections, please let me know.
------------------
[ Upstream commit a136678c0bdbb650daff5df5eec1dab960e074a7 ]
In addition to releasing any cork'ed data on a psock when the psock is removed we should also release any skb's in the ingress work queue. Otherwise the skb's eventually get free'd but late in the tear down process so we see the WARNING due to non-zero sk_forward_alloc.
void sk_stream_kill_queues(struct sock *sk) { ... WARN_ON(sk->sk_forward_alloc); ... }
Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: John Fastabend john.fastabend@gmail.com Signed-off-by: Daniel Borkmann daniel@iogearbox.net Signed-off-by: Sasha Levin sashal@kernel.org --- net/core/skmsg.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/net/core/skmsg.c b/net/core/skmsg.c index b7dbb3c976cd..fc7d59f1c57c 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -575,6 +575,7 @@ void sk_psock_drop(struct sock *sk, struct sk_psock *psock) { rcu_assign_sk_user_data(sk, NULL); sk_psock_cork_free(psock); + sk_psock_zap_ingress(psock); sk_psock_restore_proto(sk, psock);
write_lock_bh(&sk->sk_callback_lock);