projects / openwrt / openwrt.git / blob
? search:


06d00886f12c85bf29113189fc19e30a6053c603
[openwrt/openwrt.git] / target / linux / generic / backport-4.14 / 080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
1 From 9bbe60a67be5a1c6f79b3c9be5003481a50529ff Mon Sep 17 00:00:00 2001
2 From: David Woodhouse <dwmw2@infradead.org>
3 Date: Sat, 16 Jun 2018 11:55:44 +0100
4 Subject: atm: Preserve value of skb->truesize when accounting to vcc
5 MIME-Version: 1.0
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
8
9 ATM accounts for in-flight TX packets in sk_wmem_alloc of the VCC on
10 which they are to be sent. But it doesn't take ownership of those
11 packets from the sock (if any) which originally owned them. They should
12 remain owned by their actual sender until they've left the box.
13
14 There's a hack in pskb_expand_head() to avoid adjusting skb->truesize
15 for certain skbs, precisely to avoid messing up sk_wmem_alloc
16 accounting. Ideally that hack would cover the ATM use case too, but it
17 doesn't — skbs which aren't owned by any sock, for example PPP control
18 frames, still get their truesize adjusted when the low-level ATM driver
19 adds headroom.
20
21 This has always been an issue, it seems. The truesize of a packet
22 increases, and sk_wmem_alloc on the VCC goes negative. But this wasn't
23 for normal traffic, only for control frames. So I think we just got away
24 with it, and we probably needed to send 2GiB of LCP echo frames before
25 the misaccounting would ever have caused a problem and caused
26 atm_may_send() to start refusing packets.
27
28 Commit 14afee4b609 ("net: convert sock.sk_wmem_alloc from atomic_t to
29 refcount_t") did exactly what it was intended to do, and turned this
30 mostly-theoretical problem into a real one, causing PPPoATM to fail
31 immediately as sk_wmem_alloc underflows and atm_may_send() *immediately*
32 starts refusing to allow new packets.
33
34 The least intrusive solution to this problem is to stash the value of
35 skb->truesize that was accounted to the VCC, in a new member of the
36 ATM_SKB(skb) structure. Then in atm_pop_raw() subtract precisely that
37 value instead of the then-current value of skb->truesize.
38
39 Fixes: 158f323b9868 ("net: adjust skb->truesize in pskb_expand_head()")
40 Signed-off-by: David Woodhouse <dwmw2@infradead.org>
41 Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
42 Signed-off-by: David S. Miller <davem@davemloft.net>
43 ---
44 include/linux/atmdev.h | 15 +++++++++++++++
45 net/atm/br2684.c | 3 +--
46 net/atm/clip.c | 3 +--
47 net/atm/common.c | 3 +--
48 net/atm/lec.c | 3 +--
49 net/atm/mpc.c | 3 +--
50 net/atm/pppoatm.c | 3 +--
51 net/atm/raw.c | 4 ++--
52 8 files changed, 23 insertions(+), 14 deletions(-)
53
54 --- a/include/linux/atmdev.h
55 +++ b/include/linux/atmdev.h
56 @@ -214,6 +214,7 @@ struct atmphy_ops {
57 struct atm_skb_data {
58 struct atm_vcc *vcc; /* ATM VCC */
59 unsigned long atm_options; /* ATM layer options */
60 + unsigned int acct_truesize; /* truesize accounted to vcc */
61 };
62
63 #define VCC_HTABLE_SIZE 32
64 @@ -241,6 +242,20 @@ void vcc_insert_socket(struct sock *sk);
65
66 void atm_dev_release_vccs(struct atm_dev *dev);
67
68 +static inline void atm_account_tx(struct atm_vcc *vcc, struct sk_buff *skb)
69 +{
70 + /*
71 + * Because ATM skbs may not belong to a sock (and we don't
72 + * necessarily want to), skb->truesize may be adjusted,
73 + * escaping the hack in pskb_expand_head() which avoids
74 + * doing so for some cases. So stash the value of truesize
75 + * at the time we accounted it, and atm_pop_raw() can use
76 + * that value later, in case it changes.
77 + */
78 + refcount_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
79 + ATM_SKB(skb)->acct_truesize = skb->truesize;
80 + ATM_SKB(skb)->atm_options = vcc->atm_options;
81 +}
82
83 static inline void atm_force_charge(struct atm_vcc *vcc,int truesize)
84 {
85 --- a/net/atm/br2684.c
86 +++ b/net/atm/br2684.c
87 @@ -252,8 +252,7 @@ static int br2684_xmit_vcc(struct sk_buf
88
89 ATM_SKB(skb)->vcc = atmvcc = brvcc->atmvcc;
90 pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n", skb, atmvcc, atmvcc->dev);
91 - refcount_add(skb->truesize, &sk_atm(atmvcc)->sk_wmem_alloc);
92 - ATM_SKB(skb)->atm_options = atmvcc->atm_options;
93 + atm_account_tx(atmvcc, skb);
94 dev->stats.tx_packets++;
95 dev->stats.tx_bytes += skb->len;
96
97 --- a/net/atm/clip.c
98 +++ b/net/atm/clip.c
99 @@ -381,8 +381,7 @@ static netdev_tx_t clip_start_xmit(struc
100 memcpy(here, llc_oui, sizeof(llc_oui));
101 ((__be16 *) here)[3] = skb->protocol;
102 }
103 - refcount_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
104 - ATM_SKB(skb)->atm_options = vcc->atm_options;
105 + atm_account_tx(vcc, skb);
106 entry->vccs->last_use = jiffies;
107 pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n", skb, vcc, vcc->dev);
108 old = xchg(&entry->vccs->xoff, 1); /* assume XOFF ... */
109 --- a/net/atm/common.c
110 +++ b/net/atm/common.c
111 @@ -630,10 +630,9 @@ int vcc_sendmsg(struct socket *sock, str
112 goto out;
113 }
114 pr_debug("%d += %d\n", sk_wmem_alloc_get(sk), skb->truesize);
115 - refcount_add(skb->truesize, &sk->sk_wmem_alloc);
116 + atm_account_tx(vcc, skb);
117
118 skb->dev = NULL; /* for paths shared with net_device interfaces */
119 - ATM_SKB(skb)->atm_options = vcc->atm_options;
120 if (!copy_from_iter_full(skb_put(skb, size), size, &m->msg_iter)) {
121 kfree_skb(skb);
122 error = -EFAULT;
123 --- a/net/atm/lec.c
124 +++ b/net/atm/lec.c
125 @@ -182,9 +182,8 @@ lec_send(struct atm_vcc *vcc, struct sk_
126 struct net_device *dev = skb->dev;
127
128 ATM_SKB(skb)->vcc = vcc;
129 - ATM_SKB(skb)->atm_options = vcc->atm_options;
130 + atm_account_tx(vcc, skb);
131
132 - refcount_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
133 if (vcc->send(vcc, skb) < 0) {
134 dev->stats.tx_dropped++;
135 return;
136 --- a/net/atm/mpc.c
137 +++ b/net/atm/mpc.c
138 @@ -555,8 +555,7 @@ static int send_via_shortcut(struct sk_b
139 sizeof(struct llc_snap_hdr));
140 }
141
142 - refcount_add(skb->truesize, &sk_atm(entry->shortcut)->sk_wmem_alloc);
143 - ATM_SKB(skb)->atm_options = entry->shortcut->atm_options;
144 + atm_account_tx(entry->shortcut, skb);
145 entry->shortcut->send(entry->shortcut, skb);
146 entry->packets_fwded++;
147 mpc->in_ops->put(entry);
148 --- a/net/atm/pppoatm.c
149 +++ b/net/atm/pppoatm.c
150 @@ -350,8 +350,7 @@ static int pppoatm_send(struct ppp_chann
151 return 1;
152 }
153
154 - refcount_add(skb->truesize, &sk_atm(ATM_SKB(skb)->vcc)->sk_wmem_alloc);
155 - ATM_SKB(skb)->atm_options = ATM_SKB(skb)->vcc->atm_options;
156 + atm_account_tx(vcc, skb);
157 pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n",
158 skb, ATM_SKB(skb)->vcc, ATM_SKB(skb)->vcc->dev);
159 ret = ATM_SKB(skb)->vcc->send(ATM_SKB(skb)->vcc, skb)
160 --- a/net/atm/raw.c
161 +++ b/net/atm/raw.c
162 @@ -35,8 +35,8 @@ static void atm_pop_raw(struct atm_vcc *
163 struct sock *sk = sk_atm(vcc);
164
165 pr_debug("(%d) %d -= %d\n",
166 - vcc->vci, sk_wmem_alloc_get(sk), skb->truesize);
167 - WARN_ON(refcount_sub_and_test(skb->truesize, &sk->sk_wmem_alloc));
168 + vcc->vci, sk_wmem_alloc_get(sk), ATM_SKB(skb)->acct_truesize);
169 + WARN_ON(refcount_sub_and_test(ATM_SKB(skb)->acct_truesize, &sk->sk_wmem_alloc));
170 dev_kfree_skb_any(skb);
171 sk->sk_write_space(sk);
172 }
OpenWrt Source Repository