Signed-off-by: Vaneet Narang <v.narang@xxxxxxxxxxx>
Signed-off-by: Maninder Singh <maninder1.s@xxxxxxxxxxx>
Thanks for the fix. While it fixes the WARN_ON(), I believe some more
investigation is needed here on why it is happening:
We call first into packet_release(), which removes the socket hook from
the kernel (unregister_prot_hook()), later calls synchronize_net() to
make sure no more skbs will come in. The receive queue is purged right
after the synchronize_net() already.
packet_sock_destruct() will be called afterwards, when there are no more
refs on the socket anymore and no af_packet skbs in tx waiting for completion.
Only then, in sk_destruct(), we'll call into packet_sock_destruct().
So, eventually double purging the sk_receive_queue seems not the right
thing to do at first look, and w/o any deeper analysis in the commit description.
Could you look a bit further into the issue? Do you have a reproducer to
It is Suspend Resume scenario and in this case close(sock_id) is
not called and hence packet_release is also not called.
In case of suspend, driver power down its ethernet port and release all the
sk_buff stored in RX and TX ring. driver calls dev_kfree_skb_any to release all
the sk_buff in tx ring and if last tx buff of socket is called then
packet_sock_destruct() will be invoked and will result in warning if and recevive sk_buff is
still in receive queue.
Driver calls dev_kfree_skb_any->dev_kfree_skb_irq
and it adds buffer in completion queue to free and raises softirq NET_TX_SOFTIRQ
Also purging of receive queue has been taken care in other protocols.
// IP protocol
void inet_sock_destruct(struct sock *sk)
struct inet_sock *inet = inet_sk(sk);
__skb_queue_purge(&sk->sk_receive_queue); // Purge Receive queue
So i think it should be done in Raw sockets also.
net/packet/af_packet.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 81b4b81..bcb37ba 100644