024-9-tcp-add-a-missing-barrier-in-tcp_tasklet_func.patch 1.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940
  1. From 0a9648f1293966c838dc570da73c15a76f4c89d6 Mon Sep 17 00:00:00 2001
  2. From: Eric Dumazet <edumazet@google.com>
  3. Date: Wed, 21 Dec 2016 05:42:43 -0800
  4. Subject: [PATCH 09/10] tcp: add a missing barrier in tcp_tasklet_func()
  5. Madalin reported crashes happening in tcp_tasklet_func() on powerpc64
  6. Before TSQ_QUEUED bit is cleared, we must ensure the changes done
  7. by list_del(&tp->tsq_node); are committed to memory, otherwise
  8. corruption might happen, as an other cpu could catch TSQ_QUEUED
  9. clearance too soon.
  10. We can notice that old kernels were immune to this bug, because
  11. TSQ_QUEUED was cleared after a bh_lock_sock(sk)/bh_unlock_sock(sk)
  12. section, but they could have missed a kick to write additional bytes,
  13. when NIC interrupts for a given flow are spread to multiple cpus.
  14. Affected TCP flows would need an incoming ACK or RTO timer to add more
  15. packets to the pipe. So overall situation should be better now.
  16. Fixes: b223feb9de2a ("tcp: tsq: add shortcut in tcp_tasklet_func()")
  17. Signed-off-by: Eric Dumazet <edumazet@google.com>
  18. Reported-by: Madalin Bucur <madalin.bucur@nxp.com>
  19. Tested-by: Madalin Bucur <madalin.bucur@nxp.com>
  20. Tested-by: Xing Lei <xing.lei@nxp.com>
  21. Signed-off-by: David S. Miller <davem@davemloft.net>
  22. ---
  23. net/ipv4/tcp_output.c | 1 +
  24. 1 file changed, 1 insertion(+)
  25. --- a/net/ipv4/tcp_output.c
  26. +++ b/net/ipv4/tcp_output.c
  27. @@ -774,6 +774,7 @@ static void tcp_tasklet_func(unsigned lo
  28. list_del(&tp->tsq_node);
  29. sk = (struct sock *)tp;
  30. + smp_mb__before_atomic();
  31. clear_bit(TSQ_QUEUED, &sk->sk_tsq_flags);
  32. if (!sk->sk_lock.owned &&