On 22.02.2021 17:30:59, Johannes Berg wrote: > On Mon, 2021-02-22 at 16:12 +0100, Oleksij Rempel wrote: > > This code is trying to clone the skb with optional skb->sk. But this > > will fail to clone the skb if socket was closed just after the skb was > > pushed into the networking stack. > > Which IMHO is completely fine. If we then still clone the SKB we can't > do anything with it, since the point would be to ... send it back to the > socket, but it's gone.
Ok, but why is the skb cloned if there is no socket linked in skb->sk?
| static u16 ieee80211_store_ack_skb(struct ieee80211_local *local,
| struct sk_buff *skb,
| u32 *info_flags,
| u64 *cookie)
| {
| struct sk_buff *ack_skb;
| u16 info_id = 0;
|
| if (skb->sk)
| ack_skb = skb_clone_sk(skb);
| else
| ack_skb = skb_clone(skb, GFP_ATOMIC);
Looks like this is dead code, since both callers of
ieee80211_store_ack_skb() first check if there is a skb->sk
| if (unlikely(!multicast && ((skb->sk &&
| skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS) ||
| ctrl_flags & IEEE80211_TX_CTL_REQ_TX_STATUS)))
| info_id = ieee80211_store_ack_skb(local, skb, &info_flags,
| cookie);
> Nothing to fix here, I'd think. If you wanted to get a copy back that
> gives you the status of the SKB, it should not come as a huge surprise
> that you have to keep the socket open for that :)
>
> Having the ACK skb will just make us do more work by handing it back
> to skb_complete_wifi_ack() at TX status time, which is supposed to put
> it into the socket's error queue, but if the socket is closed ... no
> point in that.
We haven't looked at the callers of ieee80211_store_ack_skb().
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Embedded Linux | https://www.pengutronix.de |
Vertretung West/Dortmund | Phone: +49-231-2826-924 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
signature.asc
Description: PGP signature
