3 Jan
2022
3 Jan
'22
11:31 a.m.
of what if the msgb is 'borrowed' or 'owned/transferred'. Whenever we
reach a
_send method we actually transfer the ownership (as the data might be queued
or such).
The other technical part is to make sure we first establish a rule by
1.) adding doxygen/API documentation to the sendmsg function
2.) maybe look into introducing dummy annotations like __borrow, __takes that
we could autocheck in the future (e.g. by extending spaze/smack)
The issue with reviewing such a patch is the question if you have catched
everything. E.g. I think you missed need to convert (and what it calls):
static int gprs_ns_tx(struct gprs_nsvc *nsvc, struct msgb *msg)
{
...
default:
LOGP(DNS, LOGL_ERROR, "unsupported NS linklayer %u\n",
nsvc->ll);
msgb_free(msg);
ret = -EIO;
break;
}
return ret;
}
As reported in ticket #55 SGSN can crash due to double
free-ing. You
can replace 'can' by 'will' in that last phrase. I had a sift through
the code and tried to solve this by removing the free in gprs_ns.c.
Whenever the calling function created the msgb-struct, I have made the
function free it after its use. If the function got the msgb from a
calling function, there will not be a free (hoping that will be done
on the higher level).
HTH/F