Date: Mon, 10 Oct 2016 13:26:12 +0200 From: Julien Charbon <jch@freebsd.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru> Cc: Konstantin Belousov <kostikbel@gmail.com>, freebsd-stable@FreeBSD.org, hiren panchasara <hiren@strugglingcoder.info> Subject: Re: 11.0 stuck on high network load Message-ID: <1431484c-c00e-24c5-bd76-714be8ae5ed5@freebsd.org> In-Reply-To: <20161006111043.GH54003@zxy.spb.ru> References: <f644cd52-4377-aa90-123a-3a2887972bbc@freebsd.org> <20160921195155.GW2840@zxy.spb.ru> <e4e0188c-b22b-29af-ed15-b650c3ec4553@gmail.com> <20160923200143.GG2840@zxy.spb.ru> <20160925124626.GI2840@zxy.spb.ru> <dc2798ff-2ace-81f7-a563-18ffa1ace990@gmail.com> <20160926172159.GA54003@zxy.spb.ru> <62453d9c-b1e4-1129-70ff-654dacea37f9@gmail.com> <20160928115909.GC54003@zxy.spb.ru> <a0425aad-a421-05bc-c1a8-c6fe06b83833@freebsd.org> <20161006111043.GH54003@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OCKtAMIJv6mron2xficHhijhFvEF3eE3r Content-Type: multipart/mixed; boundary="xUDws4JJQNipMCDbiexlEg21759fQGK8C"; protected-headers="v1" From: Julien Charbon <jch@freebsd.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru> Cc: Konstantin Belousov <kostikbel@gmail.com>, freebsd-stable@FreeBSD.org, hiren panchasara <hiren@strugglingcoder.info> Message-ID: <1431484c-c00e-24c5-bd76-714be8ae5ed5@freebsd.org> Subject: Re: 11.0 stuck on high network load References: <f644cd52-4377-aa90-123a-3a2887972bbc@freebsd.org> <20160921195155.GW2840@zxy.spb.ru> <e4e0188c-b22b-29af-ed15-b650c3ec4553@gmail.com> <20160923200143.GG2840@zxy.spb.ru> <20160925124626.GI2840@zxy.spb.ru> <dc2798ff-2ace-81f7-a563-18ffa1ace990@gmail.com> <20160926172159.GA54003@zxy.spb.ru> <62453d9c-b1e4-1129-70ff-654dacea37f9@gmail.com> <20160928115909.GC54003@zxy.spb.ru> <a0425aad-a421-05bc-c1a8-c6fe06b83833@freebsd.org> <20161006111043.GH54003@zxy.spb.ru> In-Reply-To: <20161006111043.GH54003@zxy.spb.ru> --xUDws4JJQNipMCDbiexlEg21759fQGK8C Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi, On 10/6/16 1:10 PM, Slawa Olhovchenkov wrote: > On Thu, Oct 06, 2016 at 09:28:06AM +0200, Julien Charbon wrote: >=20 >> 2. thread1: In tcp_close() the inp is marked with INP_DROPPED flag, t= he >> process continues and calls INP_WUNLOCK() here: >> >> https://github.com/freebsd/freebsd/blob/releng/11.0/sys/netinet/tcp_su= br.c#L1568 >=20 > Look also to sys/netinet/tcp_timewait.c:488 >=20 > And check other locks from r160549 You are right, and here the a fix proposal for this issue: Fix a double-free when an inp transitions to INP_TIMEWAIT state after having been dropped https://reviews.freebsd.org/D8211 It basically enforces in_pcbdrop() logic in tcp_input(): A INP_DROPPED inpcb should never be proceed further. Slawa, as you are the only one to reproduce this issue currently, could test this patch? (And remove the temporary patch I did provided to you before). I will wait for your tests results before pushing further. Thanks! diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index c72f01f..37f27e0 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -921,6 +921,16 @@ findpcb: goto dropwithreset; } INP_WLOCK_ASSERT(inp); + /* + * While waiting for inp lock during the lookup, another thread + * can have droppedt the inpcb, in which case we need to loop ba= ck + * and try to find a new inpcb to deliver to. + */ + if (inp->inp_flags & INP_DROPPED) { + INP_WUNLOCK(inp); + inp =3D NULL; + goto findpcb; + } if ((inp->inp_flowtype =3D=3D M_HASHTYPE_NONE) && (M_HASHTYPE_GET(m) !=3D M_HASHTYPE_NONE) && ((inp->inp_socket =3D=3D NULL) || @@ -981,6 +991,10 @@ relocked: if (in_pcbrele_wlocked(inp)) { inp =3D NULL; goto findpcb; + } else if (inp->inp_flags & INP_DROPPED) = { + INP_WUNLOCK(inp); + inp =3D NULL; + goto findpcb; } } else ti_locked =3D TI_RLOCKED; @@ -1040,6 +1054,10 @@ relocked: if (in_pcbrele_wlocked(inp)) { inp =3D NULL; goto findpcb; + } else if (inp->inp_flags & INP_DROPPED) = { + INP_WUNLOCK(inp); + inp =3D NULL; + goto findpcb; } goto relocked; } else -- Julien --xUDws4JJQNipMCDbiexlEg21759fQGK8C-- --OCKtAMIJv6mron2xficHhijhFvEF3eE3r Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJX+3rgAAoJEKVlQ5Je6dhxQ40H/0dYh5hPqNQX1r15Z0x1sE9q 9/Lh6Zn6cLM+cxH2Me5rKeVxmX28bpTIug00fbqk6CI0ZlRHS+R4/iP3w2yl40g1 FUGysS8Cvh3EErzsoKHNwscrbNI8DWLgftW0L+el+srGRcVupoHA12AIhMTNCxQ+ Y990PZKWmuOuxCNxkCbm+yadaQbaOsrGoI0uyEoLDovE/rHKr2ObrypFadrXxg64 VL9xegpLzXnVMBUc3b/FbGAyq33KZnAsqc1Thi7pXEm7Lk6rT/m5mq3XC5jcPt9r MIPV9/pNj2Dy7FCQV/K/714O/F8tpCWjtp69KWVB9tcQGVtmd5Fsnh2dMVBH47c= =x0Tb -----END PGP SIGNATURE----- --OCKtAMIJv6mron2xficHhijhFvEF3eE3r--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1431484c-c00e-24c5-bd76-714be8ae5ed5>