is it possibility that sk->sk_dst_cache is overwritten? like in __sk_dst_check,
when tcp timer tries to resend a packet, at the same time, tcp_close is called, and a reset packet will send, and ip_queue_xmit will be called concurrent;
cpu 1 cpu 2
tcp_close
tcp_send_active_reset
ip_queue_xmit __sk_dst_check {
dst = __sk_dst_get(sk); tcp timer fire tcp_retransmit_timer __tcp_retransmit_skb ip_queue_xmit sk_setup_caps sk->sk_dst_cache is changed, like dst222
RCU_INIT_POINTER(sk->sk_dst_cache, NULL); dst222 is leaked dst_release(dst);
is it possibility that sk->sk_dst_cache is overwritten? like in __sk_dst_check,
when tcp timer tries to resend a packet, at the same time, tcp_close is called, and a reset packet will send, and ip_queue_xmit will be called concurrent;
cpu 1 cpu 2 send_active_ reset
__sk_ dst_check {
tcp timer fire
tcp_ retransmit_ timer
__tcp_ retransmit_ skb
ip_ queue_xmit
sk_setup_ caps
sk- >sk_dst_ cache is changed, like dst222
tcp_close
tcp_
ip_queue_xmit
dst = __sk_dst_get(sk);