Skip to content

Commit 475f9ff

Browse files
D-Wythedavem330
D-Wythe
authored and
davem330
committed
net/smc: fix application data exception
There is a certain probability that following exceptions will occur in the wrk benchmark test: Running 10s test @ http://11.213.45.6:80 8 threads and 64 connections Thread Stats Avg Stdev Max +/- Stdev Latency 3.72ms 13.94ms 245.33ms 94.17% Req/Sec 1.96k 713.67 5.41k 75.16% 155262 requests in 10.10s, 23.10MB read Non-2xx or 3xx responses: 3 We will find that the error is HTTP 400 error, which is a serious exception in our test, which means the application data was corrupted. Consider the following scenarios: CPU0 CPU1 buf_desc->used = 0; cmpxchg(buf_desc->used, 0, 1) deal_with(buf_desc) memset(buf_desc->cpu_addr,0); This will cause the data received by a victim connection to be cleared, thus triggering an HTTP 400 error in the server. This patch exchange the order between clear used and memset, add barrier to ensure memory consistency. Fixes: 1c55269 ("net/smc: Clear memory when release and reuse buffer") Signed-off-by: D. Wythe <[email protected]> Reviewed-by: Wenjia Zhang <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent e40b801 commit 475f9ff

File tree

1 file changed

+8
-9
lines changed

1 file changed

+8
-9
lines changed

net/smc/smc_core.c

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1120,8 +1120,9 @@ static void smcr_buf_unuse(struct smc_buf_desc *buf_desc, bool is_rmb,
11201120

11211121
smc_buf_free(lgr, is_rmb, buf_desc);
11221122
} else {
1123-
buf_desc->used = 0;
1124-
memset(buf_desc->cpu_addr, 0, buf_desc->len);
1123+
/* memzero_explicit provides potential memory barrier semantics */
1124+
memzero_explicit(buf_desc->cpu_addr, buf_desc->len);
1125+
WRITE_ONCE(buf_desc->used, 0);
11251126
}
11261127
}
11271128

@@ -1132,19 +1133,17 @@ static void smc_buf_unuse(struct smc_connection *conn,
11321133
if (!lgr->is_smcd && conn->sndbuf_desc->is_vm) {
11331134
smcr_buf_unuse(conn->sndbuf_desc, false, lgr);
11341135
} else {
1135-
conn->sndbuf_desc->used = 0;
1136-
memset(conn->sndbuf_desc->cpu_addr, 0,
1137-
conn->sndbuf_desc->len);
1136+
memzero_explicit(conn->sndbuf_desc->cpu_addr, conn->sndbuf_desc->len);
1137+
WRITE_ONCE(conn->sndbuf_desc->used, 0);
11381138
}
11391139
}
11401140
if (conn->rmb_desc) {
11411141
if (!lgr->is_smcd) {
11421142
smcr_buf_unuse(conn->rmb_desc, true, lgr);
11431143
} else {
1144-
conn->rmb_desc->used = 0;
1145-
memset(conn->rmb_desc->cpu_addr, 0,
1146-
conn->rmb_desc->len +
1147-
sizeof(struct smcd_cdc_msg));
1144+
memzero_explicit(conn->rmb_desc->cpu_addr,
1145+
conn->rmb_desc->len + sizeof(struct smcd_cdc_msg));
1146+
WRITE_ONCE(conn->rmb_desc->used, 0);
11481147
}
11491148
}
11501149
}

0 commit comments

Comments
 (0)