• Eric Dumazet's avatar
    tcp/dccp: block bh before arming time_wait timer · cfac7f83
    Eric Dumazet authored
    Maciej Żenczykowski reported some panics in tcp_twsk_destructor()
    that might be caused by the following bug.
    
    timewait timer is pinned to the cpu, because we want to transition
    timwewait refcount from 0 to 4 in one go, once everything has been
    initialized.
    
    At the time commit ed2e9239 ("tcp/dccp: fix timewait races in timer
    handling") was merged, TCP was always running from BH habdler.
    
    After commit 5413d1ba ("net: do not block BH while processing
    socket backlog") we definitely can run tcp_time_wait() from process
    context.
    
    We need to block BH in the critical section so that the pinned timer
    has still its purpose.
    
    This bug is more likely to happen under stress and when very small RTO
    are used in datacenter flows.
    
    Fixes: 5413d1ba ("net: do not block BH while processing socket backlog")
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Reported-by: default avatarMaciej Żenczykowski <maze@google.com>
    Acked-by: default avatarMaciej Żenczykowski <maze@google.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    cfac7f83
minisocks.c 7.46 KB