From: John Fastabend <john.fastabend@gmail.com>
Date: Thu, 20 Dec 2018 11:35:34 -0800
Subject: bpf: sk_msg, zap ingress queue on psock down
Patch-mainline: v5.0-rc1
Git-commit: a136678c0bdbb650daff5df5eec1dab960e074a7
References: bsc#1109837

In addition to releasing any cork'ed data on a psock when the psock
is removed we should also release any skb's in the ingress work queue.
Otherwise the skb's eventually get free'd but late in the tear
down process so we see the WARNING due to non-zero sk_forward_alloc.

  void sk_stream_kill_queues(struct sock *sk)
  {
	...
	WARN_ON(sk->sk_forward_alloc);
	...
  }

Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
 net/core/skmsg.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -575,6 +575,7 @@ void sk_psock_drop(struct sock *sk, stru
 {
 	rcu_assign_sk_user_data(sk, NULL);
 	sk_psock_cork_free(psock);
+	sk_psock_zap_ingress(psock);
 	sk_psock_restore_proto(sk, psock);
 
 	write_lock_bh(&sk->sk_callback_lock);