Page MenuHomeFreeBSD

tcp_hpts: let tcp_hpts_init() set a random CPU only once
ClosedPublic

Authored by glebius on Dec 7 2023, 1:07 AM.
Tags
None
Referenced Files
F88535752: D42946.diff
Tue, Jul 16, 6:17 AM
Unknown Object (File)
Tue, Jun 18, 1:03 PM
Unknown Object (File)
Tue, Jun 18, 1:00 PM
Unknown Object (File)
Jun 14 2024, 9:02 AM
Unknown Object (File)
May 18 2024, 8:32 AM
Unknown Object (File)
May 8 2024, 5:11 PM
Unknown Object (File)
May 8 2024, 5:11 PM
Unknown Object (File)
May 8 2024, 1:14 PM
Subscribers

Details

Summary

After d2ef52ef3dee the tcp_hpts_init() function can be called multiple
times on a tcpcb if it is switched there and back between two TCP stacks.
First, this makes existing assertion in tcp_hpts_init() incorrect. Second,
it creates possibility to change a randomly set t_hpts_cpu to a different
random value, while a tcpcb is already in the HPTS wheel, triggering other
assertions later in tcp_hptsi().

The best approach here would be to work on the stacks to really clear a
tcpcb out of HPTS wheel in tfb_tcp_fb_fini, draining the IHPTS_MOVING
state. But that's pretty intrusive change, so let's just get back to the
old logic (pre d2ef52ef3dee) where t_hpts_cpu was set to a random value
only once in a CPU lifetime and a newly switched stack inherits t_hpts_cpu
from the previous stack.

Reported-by: syzbot+fab29fe1ab089c52998d@syzkaller.appspotmail.com
Reported-by: syzbot+ca5f2aa0fda15dcfe6d7@syzkaller.appspotmail.com
Fixes: 2b3a77467dd3d74a7170f279fb25f9736b46ef8a

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 54840
Build 51729: arc lint + arc unit