From: Eric Dumazet <eric.dumazet@xxxxxxxxx> Date: Tue, 04 Mar 2014 14:39:12 -0800 > @@ -767,6 +767,17 @@ void tcp_release_cb(struct sock *sk) > if (flags & (1UL << TCP_TSQ_DEFERRED)) > tcp_tsq_handler(sk); > > + /* Here begins the tricky part : > + * We are called from release_sock() with : > + * 1) BH disabled > + * 2) sk_lock.slock spinlock held > + * 3) socket owned by us (sk->sk_lock.owned == 1) > + * > + * But following code is meant to be called from BH handlers, > + * so we should keep BH disabled, but early release socket ownership > + */ > + sock_release_ownership(sk); > + It really means that sk_lock.owned cannot ever be accessed without the sk_lock spinlock held. Most of this is easy to hand audit, except sock_owned_by_user() which has call sites everywhere. Consider adding a locking assertion to it. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html