* [PATCH net] tcp: add a missing barrier in tcp_tasklet_func()
@ 2016-12-21 13:42 Eric Dumazet
2016-12-21 14:23 ` Madalin-Cristian Bucur
2016-12-21 20:31 ` David Miller
0 siblings, 2 replies; 3+ messages in thread
From: Eric Dumazet @ 2016-12-21 13:42 UTC (permalink / raw)
To: David Miller; +Cc: netdev, Eric Dumazet, Madalin Bucur
From: Eric Dumazet <edumazet@google.com>
Madalin reported crashes happening in tcp_tasklet_func() on powerpc64
Before TSQ_QUEUED bit is cleared, we must ensure the changes done
by list_del(&tp->tsq_node); are committed to memory, otherwise
corruption might happen, as an other cpu could catch TSQ_QUEUED
clearance too soon.
We can notice that old kernels were immune to this bug, because
TSQ_QUEUED was cleared after a bh_lock_sock(sk)/bh_unlock_sock(sk)
section, but they could have missed a kick to write additional bytes,
when NIC interrupts for a given flow are spread to multiple cpus.
Affected TCP flows would need an incoming ACK or RTO timer to add more
packets to the pipe. So overall situation should be better now.
Fixes: b223feb9de2a ("tcp: tsq: add shortcut in tcp_tasklet_func()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Madalin Bucur <madalin.bucur@nxp.com>
Tested-by: Madalin Bucur <madalin.bucur@nxp.com>
---
net/ipv4/tcp_output.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index b45101f3d2bd2e0f0077305a061add4f7ea0de27..31a255b555ad86a3537c077862e3ea38f9b44284 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -769,6 +769,7 @@ static void tcp_tasklet_func(unsigned long data)
list_del(&tp->tsq_node);
sk = (struct sock *)tp;
+ smp_mb__before_atomic();
clear_bit(TSQ_QUEUED, &sk->sk_tsq_flags);
if (!sk->sk_lock.owned &&
^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [PATCH net] tcp: add a missing barrier in tcp_tasklet_func()
2016-12-21 13:42 [PATCH net] tcp: add a missing barrier in tcp_tasklet_func() Eric Dumazet
@ 2016-12-21 14:23 ` Madalin-Cristian Bucur
2016-12-21 20:31 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: Madalin-Cristian Bucur @ 2016-12-21 14:23 UTC (permalink / raw)
To: Eric Dumazet, David Miller; +Cc: netdev, Eric Dumazet, Miffy Lei
> -----Original Message-----
> From: Eric Dumazet [mailto:eric.dumazet@gmail.com]
> Sent: Wednesday, December 21, 2016 3:43 PM
>
> Madalin reported crashes happening in tcp_tasklet_func() on powerpc64
>
> Before TSQ_QUEUED bit is cleared, we must ensure the changes done
> by list_del(&tp->tsq_node); are committed to memory, otherwise
> corruption might happen, as an other cpu could catch TSQ_QUEUED
> clearance too soon.
>
> We can notice that old kernels were immune to this bug, because
> TSQ_QUEUED was cleared after a bh_lock_sock(sk)/bh_unlock_sock(sk)
> section, but they could have missed a kick to write additional bytes,
> when NIC interrupts for a given flow are spread to multiple cpus.
>
> Affected TCP flows would need an incoming ACK or RTO timer to add more
> packets to the pipe. So overall situation should be better now.
>
> Fixes: b223feb9de2a ("tcp: tsq: add shortcut in tcp_tasklet_func()")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: Madalin Bucur <madalin.bucur@nxp.com>
> Tested-by: Madalin Bucur <madalin.bucur@nxp.com>
It's actually tested by Xing Lei:
Tested-by: Xing Lei <xing.lei@nxp.com>
Thank you for the fast resolution.
> ---
> net/ipv4/tcp_output.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
> index
> b45101f3d2bd2e0f0077305a061add4f7ea0de27..31a255b555ad86a3537c077862e3ea38
> f9b44284 100644
> --- a/net/ipv4/tcp_output.c
> +++ b/net/ipv4/tcp_output.c
> @@ -769,6 +769,7 @@ static void tcp_tasklet_func(unsigned long data)
> list_del(&tp->tsq_node);
>
> sk = (struct sock *)tp;
> + smp_mb__before_atomic();
> clear_bit(TSQ_QUEUED, &sk->sk_tsq_flags);
>
> if (!sk->sk_lock.owned &&
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH net] tcp: add a missing barrier in tcp_tasklet_func()
2016-12-21 13:42 [PATCH net] tcp: add a missing barrier in tcp_tasklet_func() Eric Dumazet
2016-12-21 14:23 ` Madalin-Cristian Bucur
@ 2016-12-21 20:31 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2016-12-21 20:31 UTC (permalink / raw)
To: eric.dumazet; +Cc: netdev, edumazet, madalin.bucur
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Wed, 21 Dec 2016 05:42:43 -0800
> From: Eric Dumazet <edumazet@google.com>
>
> Madalin reported crashes happening in tcp_tasklet_func() on powerpc64
>
> Before TSQ_QUEUED bit is cleared, we must ensure the changes done
> by list_del(&tp->tsq_node); are committed to memory, otherwise
> corruption might happen, as an other cpu could catch TSQ_QUEUED
> clearance too soon.
>
> We can notice that old kernels were immune to this bug, because
> TSQ_QUEUED was cleared after a bh_lock_sock(sk)/bh_unlock_sock(sk)
> section, but they could have missed a kick to write additional bytes,
> when NIC interrupts for a given flow are spread to multiple cpus.
>
> Affected TCP flows would need an incoming ACK or RTO timer to add more
> packets to the pipe. So overall situation should be better now.
>
> Fixes: b223feb9de2a ("tcp: tsq: add shortcut in tcp_tasklet_func()")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: Madalin Bucur <madalin.bucur@nxp.com>
> Tested-by: Madalin Bucur <madalin.bucur@nxp.com>
Applied, thanks Eric.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-12-21 20:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-21 13:42 [PATCH net] tcp: add a missing barrier in tcp_tasklet_func() Eric Dumazet
2016-12-21 14:23 ` Madalin-Cristian Bucur
2016-12-21 20:31 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).