12345678910111213141516171819202122232425262728293031323334353637383940 |
- From 0a9648f1293966c838dc570da73c15a76f4c89d6 Mon Sep 17 00:00:00 2001
- From: Eric Dumazet <edumazet@google.com>
- Date: Wed, 21 Dec 2016 05:42:43 -0800
- Subject: [PATCH 09/10] tcp: add a missing barrier in tcp_tasklet_func()
- Madalin reported crashes happening in tcp_tasklet_func() on powerpc64
- Before TSQ_QUEUED bit is cleared, we must ensure the changes done
- by list_del(&tp->tsq_node); are committed to memory, otherwise
- corruption might happen, as an other cpu could catch TSQ_QUEUED
- clearance too soon.
- We can notice that old kernels were immune to this bug, because
- TSQ_QUEUED was cleared after a bh_lock_sock(sk)/bh_unlock_sock(sk)
- section, but they could have missed a kick to write additional bytes,
- when NIC interrupts for a given flow are spread to multiple cpus.
- Affected TCP flows would need an incoming ACK or RTO timer to add more
- packets to the pipe. So overall situation should be better now.
- Fixes: b223feb9de2a ("tcp: tsq: add shortcut in tcp_tasklet_func()")
- Signed-off-by: Eric Dumazet <edumazet@google.com>
- Reported-by: Madalin Bucur <madalin.bucur@nxp.com>
- Tested-by: Madalin Bucur <madalin.bucur@nxp.com>
- Tested-by: Xing Lei <xing.lei@nxp.com>
- Signed-off-by: David S. Miller <davem@davemloft.net>
- ---
- net/ipv4/tcp_output.c | 1 +
- 1 file changed, 1 insertion(+)
- --- a/net/ipv4/tcp_output.c
- +++ b/net/ipv4/tcp_output.c
- @@ -774,6 +774,7 @@ static void tcp_tasklet_func(unsigned lo
- list_del(&tp->tsq_node);
-
- sk = (struct sock *)tp;
- + smp_mb__before_atomic();
- clear_bit(TSQ_QUEUED, &sk->sk_tsq_flags);
-
- if (!sk->sk_lock.owned &&
|