From: Alexander Bluhm <bluhm@openbsd.org>
Subject: Re: tcp(4): use per-sockbuf mutex to protect `so_snd' socket buffer
To: Vitaliy Makkoveev <mvs@openbsd.org>
Cc: OpenBSD tech <tech@openbsd.org>
Date: Wed, 25 Dec 2024 12:43:22 +0100

On Tue, Dec 24, 2024 at 10:21:55PM +0300, Vitaliy Makkoveev wrote:
> @@ -358,20 +353,20 @@ sofree(struct socket *so, int keep_lock)
>  		(*so->so_proto->pr_domain->dom_dispose)(so->so_rcv.sb_mb);
>  	m_purge(so->so_rcv.sb_mb);
>  
> -	if (!keep_lock)
> +	if (!keep_lock) {
>  		sounlock(so);
>  
>  #ifdef SOCKET_SPLICE
> -	if (so->so_sp) {
> -		/* Reuse splice idle, sounsplice() has been called before. */
> -		timeout_set_flags(&so->so_sp->ssp_idleto, soreaper, so,
> -		    KCLOCK_NONE, TIMEOUT_PROC | TIMEOUT_MPSAFE);
> -		timeout_add(&so->so_sp->ssp_idleto, 0);
> -	} else
> +		if (so->so_sp) {
> +			timeout_del_barrier(&so->so_sp->ssp_idleto);
> +			task_del(sosplice_taskq, &so->so_sp->ssp_task);
> +			taskq_barrier(sosplice_taskq);
> +			pool_put(&sosplice_pool, so->so_sp);
> +		}
>  #endif /* SOCKET_SPLICE */
> -	{
> -		pool_put(&socket_pool, so);
>  	}
> +
> +	pool_put(&socket_pool, so);
>  }
>  
>  static inline uint64_t

Here you move the pool_put(&sosplice_pool, so->so_sp) into the
if (!keep_lock) block.

Do we leak the so->so_sp when in_pcbdetach() calls sofree(so, 1)?

bluhm