From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Jiri Kosina <jkosina@suse.cz>,
"David S. Miller" <davem@davemloft.net>
Subject: [ 11/37] tcp: perform DMA to userspace only if there is a task waiting for it
Date: Fri, 17 Aug 2012 04:02:54 +0100 [thread overview]
Message-ID: <20120817030245.473966800@decadent.org.uk> (raw)
In-Reply-To: <20120817030243.807605523@decadent.org.uk>
3.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Kosina <jkosina@suse.cz>
[ Upstream commit 59ea33a68a9083ac98515e4861c00e71efdc49a1 ]
Back in 2006, commit 1a2449a87b ("[I/OAT]: TCP recv offload to I/OAT")
added support for receive offloading to IOAT dma engine if available.
The code in tcp_rcv_established() tries to perform early DMA copy if
applicable. It however does so without checking whether the userspace
task is actually expecting the data in the buffer.
This is not a problem under normal circumstances, but there is a corner
case where this doesn't work -- and that's when MSG_TRUNC flag to
recvmsg() is used.
If the IOAT dma engine is not used, the code properly checks whether
there is a valid ucopy.task and the socket is owned by userspace, but
misses the check in the dmaengine case.
This problem can be observed in real trivially -- for example 'tbench' is a
good reproducer, as it makes a heavy use of MSG_TRUNC. On systems utilizing
IOAT, you will soon find tbench waiting indefinitely in sk_wait_data(), as they
have been already early-copied in tcp_rcv_established() using dma engine.
This patch introduces the same check we are performing in the simple
iovec copy case to the IOAT case as well. It fixes the indefinite
recvmsg(MSG_TRUNC) hangs.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
net/ipv4/tcp_input.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 32e6ca2..a08a621 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5415,7 +5415,9 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
if (tp->copied_seq == tp->rcv_nxt &&
len - tcp_header_len <= tp->ucopy.len) {
#ifdef CONFIG_NET_DMA
- if (tcp_dma_try_early_copy(sk, skb, tcp_header_len)) {
+ if (tp->ucopy.task == current &&
+ sock_owned_by_user(sk) &&
+ tcp_dma_try_early_copy(sk, skb, tcp_header_len)) {
copied_early = 1;
eaten = 1;
}
next prev parent reply other threads:[~2012-08-17 3:35 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-17 3:02 [ 00/37] 3.2.28-stable review Ben Hutchings
2012-08-17 3:02 ` [ 01/37] bnx2: Fix bug in bnx2_free_tx_skbs() Ben Hutchings
2012-08-17 3:02 ` [ 02/37] sch_sfb: Fix missing NULL check Ben Hutchings
2012-08-17 3:02 ` [ 03/37] sctp: Fix list corruption resulting from freeing an association on a list Ben Hutchings
2012-08-17 3:02 ` [ 04/37] caif: Fix access to freed pernet memory Ben Hutchings
2012-08-17 3:02 ` [ 05/37] cipso: dont follow a NULL pointer when setsockopt() is called Ben Hutchings
2012-08-17 3:02 ` [ 06/37] caif: fix NULL pointer check Ben Hutchings
2012-08-17 3:02 ` [ 07/37] wanmain: comparing array with NULL Ben Hutchings
2012-08-17 3:02 ` [ 08/37] tcp: Add TCP_USER_TIMEOUT negative value check Ben Hutchings
2012-08-17 3:02 ` [ 09/37] USB: kaweth.c: use GFP_ATOMIC under spin_lock Ben Hutchings
2012-08-17 3:02 ` [ 10/37] net: fix rtnetlink IFF_PROMISC and IFF_ALLMULTI handling Ben Hutchings
2012-08-17 3:02 ` Ben Hutchings [this message]
2012-08-17 3:02 ` [ 12/37] net/tun: fix ioctl() based info leaks Ben Hutchings
2012-08-17 3:02 ` [ 13/37] e1000: add dropped DMA receive enable back in for WoL Ben Hutchings
2012-08-17 3:02 ` [ 14/37] rtlwifi: rtl8192cu: Change buffer allocation for synchronous reads Ben Hutchings
2012-08-17 3:02 ` [ 15/37] hfsplus: fix overflow in sector calculations in hfsplus_submit_bio Ben Hutchings
2012-08-17 3:02 ` [ 16/37] drm/i915: fixup seqno allocation logic for lazy_request Ben Hutchings
2012-08-17 3:03 ` [ 17/37] KVM: VMX: Advertise CPU_BASED_RDPMC_EXITING for nested guests Ben Hutchings
2012-08-17 3:03 ` [ 18/37] mac80211: cancel mesh path timer Ben Hutchings
2012-08-17 3:03 ` [ 19/37] ath9k: Add PID/VID support for AR1111 Ben Hutchings
2012-08-17 3:03 ` [ 20/37] ARM: mxs: Remove MMAP_MIN_ADDR setting from mxs_defconfig Ben Hutchings
2012-08-17 3:03 ` [ 21/37] ALSA: hda - add dock support for Thinkpad T430s Ben Hutchings
2012-08-17 3:03 ` [ 22/37] cfg80211: process pending events when unregistering net device Ben Hutchings
2012-08-17 3:03 ` [ 23/37] rt61pci: fix NULL pointer dereference in config_lna_gain Ben Hutchings
2012-08-17 3:03 ` [ 24/37] iwlwifi: disable greenfield transmissions as a workaround Ben Hutchings
2012-08-17 3:03 ` [ 25/37] ALSA: hda - add dock support for Thinkpad X230 Ben Hutchings
2012-08-17 3:03 ` [ 26/37] e1000e: NIC goes up and immediately goes down Ben Hutchings
2012-08-17 3:03 ` [ 27/37] ALSA: hda - remove quirk for Dell Vostro 1015 Ben Hutchings
2012-08-17 3:03 ` [ 28/37] ALSA: hda - Fix double quirk for Quanta FL1 / Lenovo Ideapad Ben Hutchings
2012-08-17 3:03 ` [ 29/37] ARM: pxa: remove irq_to_gpio from ezx-pcap driver Ben Hutchings
2012-08-17 3:03 ` [ 30/37] Input: eeti_ts: pass gpio value instead of IRQ Ben Hutchings
2012-08-17 3:03 ` [ 31/37] tun: dont zeroize sock->file on detach Ben Hutchings
2012-08-19 17:13 ` Ben Hutchings
2012-08-17 3:03 ` [ 32/37] drm/i915: correctly order the ring init sequence Ben Hutchings
2012-08-17 23:29 ` Herton Ronaldo Krzesinski
2012-08-18 10:04 ` Daniel Vetter
2012-08-19 14:54 ` Ben Hutchings
2012-08-19 19:00 ` Herton Ronaldo Krzesinski
2012-08-17 3:03 ` [ 33/37] s390/compat: fix compat wrappers for process_vm system calls Ben Hutchings
2012-08-17 3:03 ` [ 34/37] s390/compat: fix mmap compat " Ben Hutchings
2012-08-17 3:03 ` [ 35/37] drm/radeon: fix bank tiling parameters on evergreen Ben Hutchings
2012-08-17 3:03 ` [ 36/37] drm/radeon: fix bank tiling parameters on cayman Ben Hutchings
2012-08-17 3:03 ` [ 37/37] drm/radeon: do not reenable crtc after moving vram start address Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120817030245.473966800@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=davem@davemloft.net \
--cc=jkosina@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).