Page MenuHomeFreeBSD
Differential D31976

socket: Handle shutdown(2) with AIO jobs in flight
ClosedPublic
Actions

Authored by markj on Sep 15 2021, 7:59 PM.
Tags
None
Referenced Files
F102858194: D31976.id95229.diff
Mon, Nov 18, 2:10 AM
Unknown Object (File)
Mon, Nov 11, 10:24 PM
Unknown Object (File)
Fri, Nov 8, 6:05 AM
Unknown Object (File)
Oct 9 2024, 5:47 AM
Unknown Object (File)
Oct 9 2024, 5:04 AM
Unknown Object (File)
Oct 4 2024, 2:42 PM
Unknown Object (File)
Sep 30 2024, 7:24 AM
Unknown Object (File)
Sep 30 2024, 5:16 AM
View All 77 Files
Subscribers
asomers
imp

Details

Reviewers
jhb
asomers
Group Reviewers
network
Commits
rGc13f6dd7d213: aio_test: Validate interactions between AIO on sockets and shutdown(2)
rGade1daa5c0d6: socket: Synchronize soshutdown() with listen(2) and AIO
Summary

To handle shutdown(SHUT_RD) we flush the receive buffer of the socket.
This may involve searching for control messages of type SCM_RIGHTS,
since we need to close the file references. Closing arbitrary files
with socket buffer locks held is undesirable, mainly due to lock
ordering issues, so we instead make a copy of the socket buffer and
operate on that without any locks. Fields in the original buffer are
cleared.

This behaviour clobbered the AIO job queue associated with a receive
buffer. It could also cause us to leak a KTLS session reference.
Reorder socket buffer fields to address this. Add a regression test for
AIO.

I tried removing this hack in sorflush() but it's not quite feasible
(yet). In particular, though sorflush() flags the sockbuf with
SBS_CANTRCVMORE, it is possible for more data to be added - the flag
just prevents userspace from reading more data. I suspect we should fix
this; SBS_CANTRCVMORE represents a terminal state and protocols can
likely just drop any data destined for such a buffer. Many of them
already do, but in some cases the check is racy, and some KPI churn will
be needed to fix everything. This approach is easier for now.

Reported by: syzbot+104d8ee3430361cb2795@syzkaller.appspotmail.com
Reported by: syzbot+5bd2e7d05f84a59d0d1b@syzkaller.appspotmail.com

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Sep 15 2021, 7:59 PM
Herald added subscribers: asomers, imp. · View Herald TranscriptSep 15 2021, 7:59 PM
markj requested review of this revision.Sep 15 2021, 7:59 PM
Harbormaster completed remote builds in B41536: Diff 95229.Sep 15 2021, 7:59 PM
markj updated this revision to Diff 95231.Sep 15 2021, 7:59 PM
markj added a parent revision: D31975: socket: Remove NOFREE from the socket zone.
markj added a child revision: D31977: ktls: Fix error/mode confusion in TCP_*TLS_MODE getsockopt handlers.

Remove unrelated assertion.

Harbormaster completed remote builds in B41538: Diff 95231.Sep 15 2021, 8:00 PM
markj added reviewers: network, jhb.Sep 15 2021, 8:01 PM
asomers accepted this revision.Sep 15 2021, 8:52 PM

Tests LGTM.

This revision is now accepted and ready to land.Sep 15 2021, 8:52 PM
jhb accepted this revision.Sep 15 2021, 11:24 PM
Closed by commit rGade1daa5c0d6: socket: Synchronize soshutdown() with listen(2) and AIO (authored by markj). · Explain WhySep 17 2021, 7:13 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGade1daa5c0d6: socket: Synchronize soshutdown() with listen(2) and AIO.
markj added a commit: rGc13f6dd7d213: aio_test: Validate interactions between AIO on sockets and shutdown(2).

Revision Contents
Changeset List

PathSize
sys/
kern/
54 lines
sys/
5 lines

Diff 95321

View Options

sys/kern/uipc_socket.c

Loading...
View Options

sys/sys/sockbuf.h

Loading...