Hi, Sorry for the long delay...
On Mon, 2018-11-26 at 10:29 -0500, Willem de Bruijn wrote: > @@ -1109,6 +1128,7 @@ static int __ip_append_data(struct sock *sk, > error_efault: > err = -EFAULT; > error: > + sock_zerocopy_put_abort(uarg); > cork->length -= length; > IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTDISCARDS); > refcount_add(wmem_alloc_delta, &sk->sk_wmem_alloc); Out of sheer ignorance on my side, don't we have a bad reference accounting if e.g.: - uarg is attached to multiple skbs, each holding a ref, - there is a failure on 'getfrag()' Such failure will release 2 references (1 kfree_skb(), and another in the above sock_zerocopy_put_abort(), as the count is still positive). Cheers, Paolo
