Currently the mentioned helper can end-up freeing the socket wmem
without waking-up any processes waiting for more write memory.
If the partially orphaned skb is attached to an UDP (or raw) socket,
the lack of wake-up can hang the user-space.
Address the issue invoking the write_space callback after
releasing the memory, if the old skb destructor requires that.
Fixes: f6ba8d33cfbb ("netem: fix skb_orphan_partial()")
Signed-off-by: Paolo Abeni <pab...@redhat.com>
---
net/core/sock.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/core/sock.c b/net/core/sock.c
index 0ed98f20448a2..7a38332d748e7 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2137,6 +2137,8 @@ void skb_orphan_partial(struct sk_buff *skb)
if (refcount_inc_not_zero(&sk->sk_refcnt)) {
WARN_ON(refcount_sub_and_test(skb->truesize,
&sk->sk_wmem_alloc));
+ if (skb->destructor == sock_wfree)
+ sk->sk_write_space(sk);
skb->destructor = sock_efree;
}
} else {
--
2.26.2
