Page MenuHomeFreeBSD

tcp_hpts: let tcp_hpts_init() set a random CPU only once
ClosedPublic

Authored by glebius on Dec 7 2023, 1:07 AM.
Tags
None
Referenced Files
F108593825: D42946.id131154.diff
Sun, Jan 26, 6:12 PM
Unknown Object (File)
Fri, Jan 24, 5:48 PM
Unknown Object (File)
Dec 7 2024, 6:52 PM
Unknown Object (File)
Dec 1 2024, 7:00 PM
Unknown Object (File)
Nov 28 2024, 8:55 AM
Unknown Object (File)
Nov 17 2024, 6:27 PM
Unknown Object (File)
Nov 13 2024, 3:47 PM
Unknown Object (File)
Nov 12 2024, 8:30 PM
Subscribers

Details

Summary

After d2ef52ef3dee the tcp_hpts_init() function can be called multiple
times on a tcpcb if it is switched there and back between two TCP stacks.
First, this makes existing assertion in tcp_hpts_init() incorrect. Second,
it creates possibility to change a randomly set t_hpts_cpu to a different
random value, while a tcpcb is already in the HPTS wheel, triggering other
assertions later in tcp_hptsi().

The best approach here would be to work on the stacks to really clear a
tcpcb out of HPTS wheel in tfb_tcp_fb_fini, draining the IHPTS_MOVING
state. But that's pretty intrusive change, so let's just get back to the
old logic (pre d2ef52ef3dee) where t_hpts_cpu was set to a random value
only once in a CPU lifetime and a newly switched stack inherits t_hpts_cpu
from the previous stack.

Reported-by: syzbot+fab29fe1ab089c52998d@syzkaller.appspotmail.com
Reported-by: syzbot+ca5f2aa0fda15dcfe6d7@syzkaller.appspotmail.com
Fixes: 2b3a77467dd3d74a7170f279fb25f9736b46ef8a

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable