Commit 4c3a5bda authored by Thomas Graf's avatar Thomas Graf Committed by David S. Miller
Browse files

sctp: Don't charge for data in sndbuf again when transmitting packet

SCTP charges wmem_alloc via sctp_set_owner_w() in sctp_sendmsg() and via
skb_set_owner_w() in sctp_packet_transmit(). If a sender runs out of
sndbuf it will sleep in sctp_wait_for_sndbuf() and expects to be waken up
by __sctp_write_space().

Buffer space charged via sctp_set_owner_w() is released in sctp_wfree()
which calls __sctp_write_space() directly.

Buffer space charged via skb_set_owner_w() is released via sock_wfree()
which calls sk->sk_write_space() _if_ SOCK_USE_WRITE_QUEUE is not set.
sctp_endpoint_init() sets SOCK_USE_WRITE_QUEUE on all sockets.

Therefore if sctp_packet_transmit() manages to queue up more than sndbuf
bytes, sctp_wait_for_sndbuf() will never be woken up again unless it is
interrupted by a signal.

This could be fixed by clearing the SOCK_USE_WRITE_QUEUE flag but ...

Charging for the data twice does not make sense in the first place, it
leads to overcharging sndbuf by a factor 2. Therefore this patch only
charges a single byte in wmem_alloc when transmitting an SCTP packet to
ensure that the socket stays alive until the packet has been released.

This means that control chunks are no longer accounted for in wmem_alloc
which I believe is not a problem as skb->truesize will typically lead
to overcharging anyway and thus compensates for any control overhead.
Signed-off-by: default avatarThomas Graf <>
CC: Vlad Yasevich <>
CC: Neil Horman <>
CC: David Miller <>
Acked-by: default avatarVlad Yasevich <>
Signed-off-by: default avatarDavid S. Miller <>
parent e812347c
......@@ -364,6 +364,25 @@ sctp_xmit_t sctp_packet_append_chunk(struct sctp_packet *packet,
return retval;
static void sctp_packet_release_owner(struct sk_buff *skb)
static void sctp_packet_set_owner_w(struct sk_buff *skb, struct sock *sk)
skb->sk = sk;
skb->destructor = sctp_packet_release_owner;
* The data chunks have already been accounted for in sctp_sendmsg(),
* therefore only reserve a single byte to keep socket around until
* the packet has been transmitted.
/* All packets are sent to the network through this function from
* sctp_outq_tail().
......@@ -405,7 +424,7 @@ int sctp_packet_transmit(struct sctp_packet *packet)
/* Set the owning socket so that we know where to get the
* destination IP address.
skb_set_owner_w(nskb, sk);
sctp_packet_set_owner_w(nskb, sk);
if (!sctp_transport_dst_check(tp)) {
sctp_transport_route(tp, NULL, sctp_sk(sk));
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment