| Message ID | 20220729110027.40569-1-hbh25y@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | a41b17ff9dacd22f5f118ee53d82da0f3e52d5e3 |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [v2] dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock | expand |
Hello: This patch was applied to netdev/net.git (master) by Jakub Kicinski <kuba@kernel.org>: On Fri, 29 Jul 2022 19:00:27 +0800 you wrote: > In the case of sk->dccps_qpolicy == DCCPQ_POLICY_PRIO, dccp_qpolicy_full > will drop a skb when qpolicy is full. And the lock in dccp_sendmsg is > released before sock_alloc_send_skb and then relocked after > sock_alloc_send_skb. The following conditions may lead dccp_qpolicy_push > to add skb to an already full sk_write_queue: > > thread1--->lock > thread1--->dccp_qpolicy_full: queue is full. drop a skb > thread1--->unlock > thread2--->lock > thread2--->dccp_qpolicy_full: queue is not full. no need to drop. > thread2--->unlock > thread1--->lock > thread1--->dccp_qpolicy_push: add a skb. queue is full. > thread1--->unlock > thread2--->lock > thread2--->dccp_qpolicy_push: add a skb! > thread2--->unlock > > [...] Here is the summary with links: - [v2] dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock https://git.kernel.org/netdev/net/c/a41b17ff9dac You are awesome, thank you!
diff --git a/net/dccp/proto.c b/net/dccp/proto.c index eb8e128e43e8..e13641c65f88 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -736,11 +736,6 @@ int dccp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) lock_sock(sk); - if (dccp_qpolicy_full(sk)) { - rc = -EAGAIN; - goto out_release; - } - timeo = sock_sndtimeo(sk, noblock); /* @@ -759,6 +754,11 @@ int dccp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (skb == NULL) goto out_release; + if (dccp_qpolicy_full(sk)) { + rc = -EAGAIN; + goto out_discard; + } + if (sk->sk_state == DCCP_CLOSED) { rc = -ENOTCONN; goto out_discard;
In the case of sk->dccps_qpolicy == DCCPQ_POLICY_PRIO, dccp_qpolicy_full will drop a skb when qpolicy is full. And the lock in dccp_sendmsg is released before sock_alloc_send_skb and then relocked after sock_alloc_send_skb. The following conditions may lead dccp_qpolicy_push to add skb to an already full sk_write_queue: thread1--->lock thread1--->dccp_qpolicy_full: queue is full. drop a skb thread1--->unlock thread2--->lock thread2--->dccp_qpolicy_full: queue is not full. no need to drop. thread2--->unlock thread1--->lock thread1--->dccp_qpolicy_push: add a skb. queue is full. thread1--->unlock thread2--->lock thread2--->dccp_qpolicy_push: add a skb! thread2--->unlock Fix this by moving dccp_qpolicy_full. Fixes: b1308dc015eb ("[DCCP]: Set TX Queue Length Bounds via Sysctl") Signed-off-by: Hangyu Hua <hbh25y@gmail.com> --- v2: 1. call dccp_qpolicy_full first after relocking. 2. change "Fixes:" tag. net/dccp/proto.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)