On Fri, 2013-03-15 at 00:19 +0100, Eric Dumazet wrote: > Thanks thats really useful, we might miss to increment socket refcount > in a timer setup. >
Hmm, please add following debugging patch as well diff --git a/include/net/sock.h b/include/net/sock.h index 14f6e9d..fe7c8a6 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -530,7 +530,9 @@ static inline void sock_hold(struct sock *sk) */ static inline void __sock_put(struct sock *sk) { - atomic_dec(&sk->sk_refcnt); + int newref = atomic_dec_return(&sk->sk_refcnt); + + BUG_ON(newref <= 0); } static inline bool sk_del_node_init(struct sock *sk) diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 786d97a..a445e15 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c @@ -739,7 +739,7 @@ void inet_csk_prepare_forced_close(struct sock *sk) { /* sk_clone_lock locked the socket and set refcnt to 2 */ bh_unlock_sock(sk); - sock_put(sk); + __sock_put(sk); /* The below has to be done to allow calling inet_csk_destroy_sock */ sock_set_flag(sk, SOCK_DEAD); @@ -835,13 +835,13 @@ void inet_csk_listen_stop(struct sock *sk) * tcp_v4_destroy_sock(). */ tcp_sk(child)->fastopen_rsk = NULL; - sock_put(sk); + __sock_put(sk); } inet_csk_destroy_sock(child); bh_unlock_sock(child); local_bh_enable(); - sock_put(child); + __sock_put(child); sk_acceptq_removed(sk); __reqsk_free(req); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/