Search

Home

Sort by

Full Search
Definition
Symbol
File Path
History
Type

In Project(s)

Searched +hist:5 +hist:facae4f (Results 26 - 29 of 29) sorted by relevance

/linux-master/include/net/
H A D	sock.h	diff 5d4cc874 Fri Feb 16 09:20:06 MST 2024 Eric Dumazet <edumazet@google.com> net: reorganize "struct sock" fields Last major reorg happened in commit 9115e8cd2a0c ("net: reorganize struct sock for better data locality") Since then, many changes have been done. Before SO_PEEK_OFF support is added to TCP, we need to move sk_peek_off to a better location. It is time to make another pass, and add six groups, without explicit alignment. - sock_write_rx (following sk_refcnt) read-write fields in rx path. - sock_read_rx read-mostly fields in rx path. - sock_read_rxtx read-mostly fields in both rx and tx paths. - sock_write_rxtx read-write fields in both rx and tx paths. - sock_write_tx read-write fields in tx paths. - sock_read_tx read-mostly fields in tx paths. Results on TCP_RR benchmarks seem to show a gain (4 to 5 %). It is possible UDP needs a change, because sk_peek_off shares a cache line with sk_receive_queue. If this the case, we can exchange roles of sk->sk_receive and up->reader_queue queues. After this change, we have the following layout: struct sock { struct sock_common __sk_common; /* 0 0x88 / / --- cacheline 2 boundary (128 bytes) was 8 bytes ago --- / __u8 __cacheline_group_begin__sock_write_rx[0]; / 0x88 0 / atomic_t sk_drops; / 0x88 0x4 / __s32 sk_peek_off; / 0x8c 0x4 / struct sk_buff_head sk_error_queue; / 0x90 0x18 / struct sk_buff_head sk_receive_queue; / 0xa8 0x18 / / --- cacheline 3 boundary (192 bytes) --- / struct { atomic_t rmem_alloc; / 0xc0 0x4 / int len; / 0xc4 0x4 / struct sk_buff head; /* 0xc8 0x8 / struct sk_buff tail; /* 0xd0 0x8 / } sk_backlog; / 0xc0 0x18 / struct { atomic_t rmem_alloc; / 0 0x4 / int len; / 0x4 0x4 / struct sk_buff head; /* 0x8 0x8 / struct sk_buff tail; /* 0x10 0x8 / / size: 24, cachelines: 1, members: 4 / / last cacheline: 24 bytes / }; __u8 __cacheline_group_end__sock_write_rx[0]; / 0xd8 0 / __u8 __cacheline_group_begin__sock_read_rx[0]; / 0xd8 0 / rcu sk_rx_dst; /* 0xd8 0x8 / int sk_rx_dst_ifindex; / 0xe0 0x4 / u32 sk_rx_dst_cookie; / 0xe4 0x4 / unsigned int sk_ll_usec; / 0xe8 0x4 / unsigned int sk_napi_id; / 0xec 0x4 / u16 sk_busy_poll_budget; / 0xf0 0x2 / u8 sk_prefer_busy_poll; / 0xf2 0x1 / u8 sk_userlocks; / 0xf3 0x1 / int sk_rcvbuf; / 0xf4 0x4 / rcu sk_filter; /* 0xf8 0x8 / / --- cacheline 4 boundary (256 bytes) --- / union { rcu sk_wq; /* 0x100 0x8 / struct socket_wq sk_wq_raw; /* 0x100 0x8 / }; / 0x100 0x8 / union { rcu sk_wq; /* 0 0x8 / struct socket_wq sk_wq_raw; /* 0 0x8 / }; void (sk_data_ready)(struct sock ); / 0x108 0x8 / long sk_rcvtimeo; / 0x110 0x8 / int sk_rcvlowat; / 0x118 0x4 / __u8 __cacheline_group_end__sock_read_rx[0]; / 0x11c 0 / __u8 __cacheline_group_begin__sock_read_rxtx[0]; / 0x11c 0 / int sk_err; / 0x11c 0x4 / struct socket sk_socket; /* 0x120 0x8 / struct mem_cgroup sk_memcg; /* 0x128 0x8 / rcu sk_policy[2]; /* 0x130 0x10 / / --- cacheline 5 boundary (320 bytes) --- / __u8 __cacheline_group_end__sock_read_rxtx[0]; / 0x140 0 / __u8 __cacheline_group_begin__sock_write_rxtx[0]; / 0x140 0 / socket_lock_t sk_lock; / 0x140 0x20 / u32 sk_reserved_mem; / 0x160 0x4 / int sk_forward_alloc; / 0x164 0x4 / u32 sk_tsflags; / 0x168 0x4 / __u8 __cacheline_group_end__sock_write_rxtx[0]; / 0x16c 0 / __u8 __cacheline_group_begin__sock_write_tx[0]; / 0x16c 0 / int sk_write_pending; / 0x16c 0x4 / atomic_t sk_omem_alloc; / 0x170 0x4 / int sk_sndbuf; / 0x174 0x4 / int sk_wmem_queued; / 0x178 0x4 / refcount_t sk_wmem_alloc; / 0x17c 0x4 / / --- cacheline 6 boundary (384 bytes) --- / unsigned long sk_tsq_flags; / 0x180 0x8 / union { struct sk_buff sk_send_head; /* 0x188 0x8 / struct rb_root tcp_rtx_queue; / 0x188 0x8 / }; / 0x188 0x8 / union { struct sk_buff sk_send_head; /* 0 0x8 / struct rb_root tcp_rtx_queue; / 0 0x8 / }; struct sk_buff_head sk_write_queue; / 0x190 0x18 / u32 sk_dst_pending_confirm; / 0x1a8 0x4 / u32 sk_pacing_status; / 0x1ac 0x4 / struct page_frag sk_frag; / 0x1b0 0x10 / / --- cacheline 7 boundary (448 bytes) --- / struct timer_list sk_timer; / 0x1c0 0x28 / / XXX last struct has 4 bytes of padding / unsigned long sk_pacing_rate; / 0x1e8 0x8 / atomic_t sk_zckey; / 0x1f0 0x4 / atomic_t sk_tskey; / 0x1f4 0x4 / __u8 __cacheline_group_end__sock_write_tx[0]; / 0x1f8 0 / __u8 __cacheline_group_begin__sock_read_tx[0]; / 0x1f8 0 / unsigned long sk_max_pacing_rate; / 0x1f8 0x8 / / --- cacheline 8 boundary (512 bytes) --- / long sk_sndtimeo; / 0x200 0x8 / u32 sk_priority; / 0x208 0x4 / u32 sk_mark; / 0x20c 0x4 / rcu sk_dst_cache; /* 0x210 0x8 / netdev_features_t sk_route_caps; / 0x218 0x8 / u16 sk_gso_type; / 0x220 0x2 / u16 sk_gso_max_segs; / 0x222 0x2 / unsigned int sk_gso_max_size; / 0x224 0x4 / gfp_t sk_allocation; / 0x228 0x4 / u32 sk_txhash; / 0x22c 0x4 / u8 sk_pacing_shift; / 0x230 0x1 / bool sk_use_task_frag; / 0x231 0x1 / __u8 __cacheline_group_end__sock_read_tx[0]; / 0x232 0 / u8 sk_gso_disabled:1; / 0x232: 0 0x1 / u8 sk_kern_sock:1; / 0x232:0x1 0x1 / u8 sk_no_check_tx:1; / 0x232:0x2 0x1 / u8 sk_no_check_rx:1; / 0x232:0x3 0x1 / / XXX 4 bits hole, try to pack / u8 sk_shutdown; / 0x233 0x1 / u16 sk_type; / 0x234 0x2 / u16 sk_protocol; / 0x236 0x2 / unsigned long sk_lingertime; / 0x238 0x8 / / --- cacheline 9 boundary (576 bytes) --- / struct proto sk_prot_creator; /* 0x240 0x8 / rwlock_t sk_callback_lock; / 0x248 0x8 / int sk_err_soft; / 0x250 0x4 / u32 sk_ack_backlog; / 0x254 0x4 / u32 sk_max_ack_backlog; / 0x258 0x4 / kuid_t sk_uid; / 0x25c 0x4 / spinlock_t sk_peer_lock; / 0x260 0x4 / int sk_bind_phc; / 0x264 0x4 / struct pid sk_peer_pid; /* 0x268 0x8 / const struct cred sk_peer_cred; /* 0x270 0x8 / ktime_t sk_stamp; / 0x278 0x8 / / --- cacheline 10 boundary (640 bytes) --- / int sk_disconnects; / 0x280 0x4 / u8 sk_txrehash; / 0x284 0x1 / u8 sk_clockid; / 0x285 0x1 / u8 sk_txtime_deadline_mode:1; / 0x286: 0 0x1 / u8 sk_txtime_report_errors:1; / 0x286:0x1 0x1 / u8 sk_txtime_unused:6; / 0x286:0x2 0x1 / / XXX 1 byte hole, try to pack / void sk_user_data; /* 0x288 0x8 / void sk_security; /* 0x290 0x8 / struct sock_cgroup_data sk_cgrp_data; / 0x298 0x8 / void (sk_state_change)(struct sock ); / 0x2a0 0x8 / void (sk_write_space)(struct sock ); / 0x2a8 0x8 / void (sk_error_report)(struct sock ); / 0x2b0 0x8 / int (sk_backlog_rcv)(struct sock , struct sk_buff ); /* 0x2b8 0x8 / / --- cacheline 11 boundary (704 bytes) --- / void (sk_destruct)(struct sock ); / 0x2c0 0x8 / rcu sk_reuseport_cb; /* 0x2c8 0x8 / rcu sk_bpf_storage; /* 0x2d0 0x8 / struct callback_head sk_rcu __attribute__((__aligned__(8))); / 0x2d8 0x10 / netns_tracker ns_tracker; / 0x2e8 0x8 / / size: 752, cachelines: 12, members: 105 / / sum members: 749, holes: 1, sum holes: 1 / / sum bitfield members: 12 bits, bit holes: 1, sum bit holes: 4 bits / / paddings: 1, sum paddings: 4 / / forced alignments: 1 / / last cacheline: 48 bytes / }; Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240216162006.2342759-1-edumazet@google.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> diff 5d4cc874 Fri Feb 16 09:20:06 MST 2024 Eric Dumazet <edumazet@google.com> net: reorganize "struct sock" fields Last major reorg happened in commit 9115e8cd2a0c ("net: reorganize struct sock for better data locality") Since then, many changes have been done. Before SO_PEEK_OFF support is added to TCP, we need to move sk_peek_off to a better location. It is time to make another pass, and add six groups, without explicit alignment. - sock_write_rx (following sk_refcnt) read-write fields in rx path. - sock_read_rx read-mostly fields in rx path. - sock_read_rxtx read-mostly fields in both rx and tx paths. - sock_write_rxtx read-write fields in both rx and tx paths. - sock_write_tx read-write fields in tx paths. - sock_read_tx read-mostly fields in tx paths. Results on TCP_RR benchmarks seem to show a gain (4 to 5 %). It is possible UDP needs a change, because sk_peek_off shares a cache line with sk_receive_queue. If this the case, we can exchange roles of sk->sk_receive and up->reader_queue queues. After this change, we have the following layout: struct sock { struct sock_common __sk_common; / 0 0x88 / / --- cacheline 2 boundary (128 bytes) was 8 bytes ago --- / __u8 __cacheline_group_begin__sock_write_rx[0]; / 0x88 0 / atomic_t sk_drops; / 0x88 0x4 / __s32 sk_peek_off; / 0x8c 0x4 / struct sk_buff_head sk_error_queue; / 0x90 0x18 / struct sk_buff_head sk_receive_queue; / 0xa8 0x18 / / --- cacheline 3 boundary (192 bytes) --- / struct { atomic_t rmem_alloc; / 0xc0 0x4 / int len; / 0xc4 0x4 / struct sk_buff head; /* 0xc8 0x8 / struct sk_buff tail; /* 0xd0 0x8 / } sk_backlog; / 0xc0 0x18 / struct { atomic_t rmem_alloc; / 0 0x4 / int len; / 0x4 0x4 / struct sk_buff head; /* 0x8 0x8 / struct sk_buff tail; /* 0x10 0x8 / / size: 24, cachelines: 1, members: 4 / / last cacheline: 24 bytes / }; __u8 __cacheline_group_end__sock_write_rx[0]; / 0xd8 0 / __u8 __cacheline_group_begin__sock_read_rx[0]; / 0xd8 0 / rcu sk_rx_dst; /* 0xd8 0x8 / int sk_rx_dst_ifindex; / 0xe0 0x4 / u32 sk_rx_dst_cookie; / 0xe4 0x4 / unsigned int sk_ll_usec; / 0xe8 0x4 / unsigned int sk_napi_id; / 0xec 0x4 / u16 sk_busy_poll_budget; / 0xf0 0x2 / u8 sk_prefer_busy_poll; / 0xf2 0x1 / u8 sk_userlocks; / 0xf3 0x1 / int sk_rcvbuf; / 0xf4 0x4 / rcu sk_filter; /* 0xf8 0x8 / / --- cacheline 4 boundary (256 bytes) --- / union { rcu sk_wq; /* 0x100 0x8 / struct socket_wq sk_wq_raw; /* 0x100 0x8 / }; / 0x100 0x8 / union { rcu sk_wq; /* 0 0x8 / struct socket_wq sk_wq_raw; /* 0 0x8 / }; void (sk_data_ready)(struct sock ); / 0x108 0x8 / long sk_rcvtimeo; / 0x110 0x8 / int sk_rcvlowat; / 0x118 0x4 / __u8 __cacheline_group_end__sock_read_rx[0]; / 0x11c 0 / __u8 __cacheline_group_begin__sock_read_rxtx[0]; / 0x11c 0 / int sk_err; / 0x11c 0x4 / struct socket sk_socket; /* 0x120 0x8 / struct mem_cgroup sk_memcg; /* 0x128 0x8 / rcu sk_policy[2]; /* 0x130 0x10 / / --- cacheline 5 boundary (320 bytes) --- / __u8 __cacheline_group_end__sock_read_rxtx[0]; / 0x140 0 / __u8 __cacheline_group_begin__sock_write_rxtx[0]; / 0x140 0 / socket_lock_t sk_lock; / 0x140 0x20 / u32 sk_reserved_mem; / 0x160 0x4 / int sk_forward_alloc; / 0x164 0x4 / u32 sk_tsflags; / 0x168 0x4 / __u8 __cacheline_group_end__sock_write_rxtx[0]; / 0x16c 0 / __u8 __cacheline_group_begin__sock_write_tx[0]; / 0x16c 0 / int sk_write_pending; / 0x16c 0x4 / atomic_t sk_omem_alloc; / 0x170 0x4 / int sk_sndbuf; / 0x174 0x4 / int sk_wmem_queued; / 0x178 0x4 / refcount_t sk_wmem_alloc; / 0x17c 0x4 / / --- cacheline 6 boundary (384 bytes) --- / unsigned long sk_tsq_flags; / 0x180 0x8 / union { struct sk_buff sk_send_head; /* 0x188 0x8 / struct rb_root tcp_rtx_queue; / 0x188 0x8 / }; / 0x188 0x8 / union { struct sk_buff sk_send_head; /* 0 0x8 / struct rb_root tcp_rtx_queue; / 0 0x8 / }; struct sk_buff_head sk_write_queue; / 0x190 0x18 / u32 sk_dst_pending_confirm; / 0x1a8 0x4 / u32 sk_pacing_status; / 0x1ac 0x4 / struct page_frag sk_frag; / 0x1b0 0x10 / / --- cacheline 7 boundary (448 bytes) --- / struct timer_list sk_timer; / 0x1c0 0x28 / / XXX last struct has 4 bytes of padding / unsigned long sk_pacing_rate; / 0x1e8 0x8 / atomic_t sk_zckey; / 0x1f0 0x4 / atomic_t sk_tskey; / 0x1f4 0x4 / __u8 __cacheline_group_end__sock_write_tx[0]; / 0x1f8 0 / __u8 __cacheline_group_begin__sock_read_tx[0]; / 0x1f8 0 / unsigned long sk_max_pacing_rate; / 0x1f8 0x8 / / --- cacheline 8 boundary (512 bytes) --- / long sk_sndtimeo; / 0x200 0x8 / u32 sk_priority; / 0x208 0x4 / u32 sk_mark; / 0x20c 0x4 / rcu sk_dst_cache; /* 0x210 0x8 / netdev_features_t sk_route_caps; / 0x218 0x8 / u16 sk_gso_type; / 0x220 0x2 / u16 sk_gso_max_segs; / 0x222 0x2 / unsigned int sk_gso_max_size; / 0x224 0x4 / gfp_t sk_allocation; / 0x228 0x4 / u32 sk_txhash; / 0x22c 0x4 / u8 sk_pacing_shift; / 0x230 0x1 / bool sk_use_task_frag; / 0x231 0x1 / __u8 __cacheline_group_end__sock_read_tx[0]; / 0x232 0 / u8 sk_gso_disabled:1; / 0x232: 0 0x1 / u8 sk_kern_sock:1; / 0x232:0x1 0x1 / u8 sk_no_check_tx:1; / 0x232:0x2 0x1 / u8 sk_no_check_rx:1; / 0x232:0x3 0x1 / / XXX 4 bits hole, try to pack / u8 sk_shutdown; / 0x233 0x1 / u16 sk_type; / 0x234 0x2 / u16 sk_protocol; / 0x236 0x2 / unsigned long sk_lingertime; / 0x238 0x8 / / --- cacheline 9 boundary (576 bytes) --- / struct proto sk_prot_creator; /* 0x240 0x8 / rwlock_t sk_callback_lock; / 0x248 0x8 / int sk_err_soft; / 0x250 0x4 / u32 sk_ack_backlog; / 0x254 0x4 / u32 sk_max_ack_backlog; / 0x258 0x4 / kuid_t sk_uid; / 0x25c 0x4 / spinlock_t sk_peer_lock; / 0x260 0x4 / int sk_bind_phc; / 0x264 0x4 / struct pid sk_peer_pid; /* 0x268 0x8 / const struct cred sk_peer_cred; /* 0x270 0x8 / ktime_t sk_stamp; / 0x278 0x8 / / --- cacheline 10 boundary (640 bytes) --- / int sk_disconnects; / 0x280 0x4 / u8 sk_txrehash; / 0x284 0x1 / u8 sk_clockid; / 0x285 0x1 / u8 sk_txtime_deadline_mode:1; / 0x286: 0 0x1 / u8 sk_txtime_report_errors:1; / 0x286:0x1 0x1 / u8 sk_txtime_unused:6; / 0x286:0x2 0x1 / / XXX 1 byte hole, try to pack / void sk_user_data; /* 0x288 0x8 / void sk_security; /* 0x290 0x8 / struct sock_cgroup_data sk_cgrp_data; / 0x298 0x8 / void (sk_state_change)(struct sock ); / 0x2a0 0x8 / void (sk_write_space)(struct sock ); / 0x2a8 0x8 / void (sk_error_report)(struct sock ); / 0x2b0 0x8 / int (sk_backlog_rcv)(struct sock , struct sk_buff ); /* 0x2b8 0x8 / / --- cacheline 11 boundary (704 bytes) --- / void (sk_destruct)(struct sock ); / 0x2c0 0x8 / rcu sk_reuseport_cb; /* 0x2c8 0x8 / rcu sk_bpf_storage; /* 0x2d0 0x8 / struct callback_head sk_rcu __attribute__((__aligned__(8))); / 0x2d8 0x10 / netns_tracker ns_tracker; / 0x2e8 0x8 / / size: 752, cachelines: 12, members: 105 / / sum members: 749, holes: 1, sum holes: 1 / / sum bitfield members: 12 bits, bit holes: 1, sum bit holes: 4 bits / / paddings: 1, sum paddings: 4 / / forced alignments: 1 / / last cacheline: 48 bytes / }; Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240216162006.2342759-1-edumazet@google.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> diff 5d4cc874 Fri Feb 16 09:20:06 MST 2024 Eric Dumazet <edumazet@google.com> net: reorganize "struct sock" fields Last major reorg happened in commit 9115e8cd2a0c ("net: reorganize struct sock for better data locality") Since then, many changes have been done. Before SO_PEEK_OFF support is added to TCP, we need to move sk_peek_off to a better location. It is time to make another pass, and add six groups, without explicit alignment. - sock_write_rx (following sk_refcnt) read-write fields in rx path. - sock_read_rx read-mostly fields in rx path. - sock_read_rxtx read-mostly fields in both rx and tx paths. - sock_write_rxtx read-write fields in both rx and tx paths. - sock_write_tx read-write fields in tx paths. - sock_read_tx read-mostly fields in tx paths. Results on TCP_RR benchmarks seem to show a gain (4 to 5 %). It is possible UDP needs a change, because sk_peek_off shares a cache line with sk_receive_queue. If this the case, we can exchange roles of sk->sk_receive and up->reader_queue queues. After this change, we have the following layout: struct sock { struct sock_common __sk_common; / 0 0x88 / / --- cacheline 2 boundary (128 bytes) was 8 bytes ago --- / __u8 __cacheline_group_begin__sock_write_rx[0]; / 0x88 0 / atomic_t sk_drops; / 0x88 0x4 / __s32 sk_peek_off; / 0x8c 0x4 / struct sk_buff_head sk_error_queue; / 0x90 0x18 / struct sk_buff_head sk_receive_queue; / 0xa8 0x18 / / --- cacheline 3 boundary (192 bytes) --- / struct { atomic_t rmem_alloc; / 0xc0 0x4 / int len; / 0xc4 0x4 / struct sk_buff head; /* 0xc8 0x8 / struct sk_buff tail; /* 0xd0 0x8 / } sk_backlog; / 0xc0 0x18 / struct { atomic_t rmem_alloc; / 0 0x4 / int len; / 0x4 0x4 / struct sk_buff head; /* 0x8 0x8 / struct sk_buff tail; /* 0x10 0x8 / / size: 24, cachelines: 1, members: 4 / / last cacheline: 24 bytes / }; __u8 __cacheline_group_end__sock_write_rx[0]; / 0xd8 0 / __u8 __cacheline_group_begin__sock_read_rx[0]; / 0xd8 0 / rcu sk_rx_dst; /* 0xd8 0x8 / int sk_rx_dst_ifindex; / 0xe0 0x4 / u32 sk_rx_dst_cookie; / 0xe4 0x4 / unsigned int sk_ll_usec; / 0xe8 0x4 / unsigned int sk_napi_id; / 0xec 0x4 / u16 sk_busy_poll_budget; / 0xf0 0x2 / u8 sk_prefer_busy_poll; / 0xf2 0x1 / u8 sk_userlocks; / 0xf3 0x1 / int sk_rcvbuf; / 0xf4 0x4 / rcu sk_filter; /* 0xf8 0x8 / / --- cacheline 4 boundary (256 bytes) --- / union { rcu sk_wq; /* 0x100 0x8 / struct socket_wq sk_wq_raw; /* 0x100 0x8 / }; / 0x100 0x8 / union { rcu sk_wq; /* 0 0x8 / struct socket_wq sk_wq_raw; /* 0 0x8 / }; void (sk_data_ready)(struct sock ); / 0x108 0x8 / long sk_rcvtimeo; / 0x110 0x8 / int sk_rcvlowat; / 0x118 0x4 / __u8 __cacheline_group_end__sock_read_rx[0]; / 0x11c 0 / __u8 __cacheline_group_begin__sock_read_rxtx[0]; / 0x11c 0 / int sk_err; / 0x11c 0x4 / struct socket sk_socket; /* 0x120 0x8 / struct mem_cgroup sk_memcg; /* 0x128 0x8 / rcu sk_policy[2]; /* 0x130 0x10 / / --- cacheline 5 boundary (320 bytes) --- / __u8 __cacheline_group_end__sock_read_rxtx[0]; / 0x140 0 / __u8 __cacheline_group_begin__sock_write_rxtx[0]; / 0x140 0 / socket_lock_t sk_lock; / 0x140 0x20 / u32 sk_reserved_mem; / 0x160 0x4 / int sk_forward_alloc; / 0x164 0x4 / u32 sk_tsflags; / 0x168 0x4 / __u8 __cacheline_group_end__sock_write_rxtx[0]; / 0x16c 0 / __u8 __cacheline_group_begin__sock_write_tx[0]; / 0x16c 0 / int sk_write_pending; / 0x16c 0x4 / atomic_t sk_omem_alloc; / 0x170 0x4 / int sk_sndbuf; / 0x174 0x4 / int sk_wmem_queued; / 0x178 0x4 / refcount_t sk_wmem_alloc; / 0x17c 0x4 / / --- cacheline 6 boundary (384 bytes) --- / unsigned long sk_tsq_flags; / 0x180 0x8 / union { struct sk_buff sk_send_head; /* 0x188 0x8 / struct rb_root tcp_rtx_queue; / 0x188 0x8 / }; / 0x188 0x8 / union { struct sk_buff sk_send_head; /* 0 0x8 / struct rb_root tcp_rtx_queue; / 0 0x8 / }; struct sk_buff_head sk_write_queue; / 0x190 0x18 / u32 sk_dst_pending_confirm; / 0x1a8 0x4 / u32 sk_pacing_status; / 0x1ac 0x4 / struct page_frag sk_frag; / 0x1b0 0x10 / / --- cacheline 7 boundary (448 bytes) --- / struct timer_list sk_timer; / 0x1c0 0x28 / / XXX last struct has 4 bytes of padding / unsigned long sk_pacing_rate; / 0x1e8 0x8 / atomic_t sk_zckey; / 0x1f0 0x4 / atomic_t sk_tskey; / 0x1f4 0x4 / __u8 __cacheline_group_end__sock_write_tx[0]; / 0x1f8 0 / __u8 __cacheline_group_begin__sock_read_tx[0]; / 0x1f8 0 / unsigned long sk_max_pacing_rate; / 0x1f8 0x8 / / --- cacheline 8 boundary (512 bytes) --- / long sk_sndtimeo; / 0x200 0x8 / u32 sk_priority; / 0x208 0x4 / u32 sk_mark; / 0x20c 0x4 / rcu sk_dst_cache; /* 0x210 0x8 / netdev_features_t sk_route_caps; / 0x218 0x8 / u16 sk_gso_type; / 0x220 0x2 / u16 sk_gso_max_segs; / 0x222 0x2 / unsigned int sk_gso_max_size; / 0x224 0x4 / gfp_t sk_allocation; / 0x228 0x4 / u32 sk_txhash; / 0x22c 0x4 / u8 sk_pacing_shift; / 0x230 0x1 / bool sk_use_task_frag; / 0x231 0x1 / __u8 __cacheline_group_end__sock_read_tx[0]; / 0x232 0 / u8 sk_gso_disabled:1; / 0x232: 0 0x1 / u8 sk_kern_sock:1; / 0x232:0x1 0x1 / u8 sk_no_check_tx:1; / 0x232:0x2 0x1 / u8 sk_no_check_rx:1; / 0x232:0x3 0x1 / / XXX 4 bits hole, try to pack / u8 sk_shutdown; / 0x233 0x1 / u16 sk_type; / 0x234 0x2 / u16 sk_protocol; / 0x236 0x2 / unsigned long sk_lingertime; / 0x238 0x8 / / --- cacheline 9 boundary (576 bytes) --- / struct proto sk_prot_creator; /* 0x240 0x8 / rwlock_t sk_callback_lock; / 0x248 0x8 / int sk_err_soft; / 0x250 0x4 / u32 sk_ack_backlog; / 0x254 0x4 / u32 sk_max_ack_backlog; / 0x258 0x4 / kuid_t sk_uid; / 0x25c 0x4 / spinlock_t sk_peer_lock; / 0x260 0x4 / int sk_bind_phc; / 0x264 0x4 / struct pid sk_peer_pid; /* 0x268 0x8 / const struct cred sk_peer_cred; /* 0x270 0x8 / ktime_t sk_stamp; / 0x278 0x8 / / --- cacheline 10 boundary (640 bytes) --- / int sk_disconnects; / 0x280 0x4 / u8 sk_txrehash; / 0x284 0x1 / u8 sk_clockid; / 0x285 0x1 / u8 sk_txtime_deadline_mode:1; / 0x286: 0 0x1 / u8 sk_txtime_report_errors:1; / 0x286:0x1 0x1 / u8 sk_txtime_unused:6; / 0x286:0x2 0x1 / / XXX 1 byte hole, try to pack / void sk_user_data; /* 0x288 0x8 / void sk_security; /* 0x290 0x8 / struct sock_cgroup_data sk_cgrp_data; / 0x298 0x8 / void (sk_state_change)(struct sock ); / 0x2a0 0x8 / void (sk_write_space)(struct sock ); / 0x2a8 0x8 / void (sk_error_report)(struct sock ); / 0x2b0 0x8 / int (sk_backlog_rcv)(struct sock , struct sk_buff ); /* 0x2b8 0x8 / / --- cacheline 11 boundary (704 bytes) --- / void (sk_destruct)(struct sock ); / 0x2c0 0x8 / rcu sk_reuseport_cb; /* 0x2c8 0x8 / rcu sk_bpf_storage; /* 0x2d0 0x8 / struct callback_head sk_rcu __attribute__((__aligned__(8))); / 0x2d8 0x10 / netns_tracker ns_tracker; / 0x2e8 0x8 / / size: 752, cachelines: 12, members: 105 / / sum members: 749, holes: 1, sum holes: 1 / / sum bitfield members: 12 bits, bit holes: 1, sum bit holes: 4 bits / / paddings: 1, sum paddings: 4 / / forced alignments: 1 / / last cacheline: 48 bytes */ }; Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240216162006.2342759-1-edumazet@google.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> diff 0b05b0cd Mon Oct 16 07:47:42 MDT 2023 Breno Leitao <leitao@debian.org> net/socket: Break down __sys_getsockopt Split __sys_getsockopt() into two functions by removing the core logic into a sub-function (do_sock_getsockopt()). This will avoid code duplication when doing the same operation in other callers, for instance. do_sock_getsockopt() will be called by io_uring getsockopt() command operation in the following patch. The same was done for the setsockopt pair. Suggested-by: Martin KaFai Lau <martin.lau@linux.dev> Signed-off-by: Breno Leitao <leitao@debian.org> Acked-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Martin KaFai Lau <martin.lau@kernel.org> Link: https://lore.kernel.org/r/20231016134750.1381153-5-leitao@debian.org Signed-off-by: Jens Axboe <axboe@kernel.dk> diff 5e6300e7 Thu Aug 31 07:52:09 MDT 2023 Eric Dumazet <edumazet@google.com> net: annotate data-races around sk->sk_forward_alloc Every time sk->sk_forward_alloc is read locklessly, add a READ_ONCE(). Add sk_forward_alloc_add() helper to centralize updates, to reduce number of WRITE_ONCE(). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
/linux-master/net/core/
H A D	sock.c	diff 5d4cc874 Fri Feb 16 09:20:06 MST 2024 Eric Dumazet <edumazet@google.com> net: reorganize "struct sock" fields Last major reorg happened in commit 9115e8cd2a0c ("net: reorganize struct sock for better data locality") Since then, many changes have been done. Before SO_PEEK_OFF support is added to TCP, we need to move sk_peek_off to a better location. It is time to make another pass, and add six groups, without explicit alignment. - sock_write_rx (following sk_refcnt) read-write fields in rx path. - sock_read_rx read-mostly fields in rx path. - sock_read_rxtx read-mostly fields in both rx and tx paths. - sock_write_rxtx read-write fields in both rx and tx paths. - sock_write_tx read-write fields in tx paths. - sock_read_tx read-mostly fields in tx paths. Results on TCP_RR benchmarks seem to show a gain (4 to 5 %). It is possible UDP needs a change, because sk_peek_off shares a cache line with sk_receive_queue. If this the case, we can exchange roles of sk->sk_receive and up->reader_queue queues. After this change, we have the following layout: struct sock { struct sock_common __sk_common; /* 0 0x88 / / --- cacheline 2 boundary (128 bytes) was 8 bytes ago --- / __u8 __cacheline_group_begin__sock_write_rx[0]; / 0x88 0 / atomic_t sk_drops; / 0x88 0x4 / __s32 sk_peek_off; / 0x8c 0x4 / struct sk_buff_head sk_error_queue; / 0x90 0x18 / struct sk_buff_head sk_receive_queue; / 0xa8 0x18 / / --- cacheline 3 boundary (192 bytes) --- / struct { atomic_t rmem_alloc; / 0xc0 0x4 / int len; / 0xc4 0x4 / struct sk_buff head; /* 0xc8 0x8 / struct sk_buff tail; /* 0xd0 0x8 / } sk_backlog; / 0xc0 0x18 / struct { atomic_t rmem_alloc; / 0 0x4 / int len; / 0x4 0x4 / struct sk_buff head; /* 0x8 0x8 / struct sk_buff tail; /* 0x10 0x8 / / size: 24, cachelines: 1, members: 4 / / last cacheline: 24 bytes / }; __u8 __cacheline_group_end__sock_write_rx[0]; / 0xd8 0 / __u8 __cacheline_group_begin__sock_read_rx[0]; / 0xd8 0 / rcu sk_rx_dst; /* 0xd8 0x8 / int sk_rx_dst_ifindex; / 0xe0 0x4 / u32 sk_rx_dst_cookie; / 0xe4 0x4 / unsigned int sk_ll_usec; / 0xe8 0x4 / unsigned int sk_napi_id; / 0xec 0x4 / u16 sk_busy_poll_budget; / 0xf0 0x2 / u8 sk_prefer_busy_poll; / 0xf2 0x1 / u8 sk_userlocks; / 0xf3 0x1 / int sk_rcvbuf; / 0xf4 0x4 / rcu sk_filter; /* 0xf8 0x8 / / --- cacheline 4 boundary (256 bytes) --- / union { rcu sk_wq; /* 0x100 0x8 / struct socket_wq sk_wq_raw; /* 0x100 0x8 / }; / 0x100 0x8 / union { rcu sk_wq; /* 0 0x8 / struct socket_wq sk_wq_raw; /* 0 0x8 / }; void (sk_data_ready)(struct sock ); / 0x108 0x8 / long sk_rcvtimeo; / 0x110 0x8 / int sk_rcvlowat; / 0x118 0x4 / __u8 __cacheline_group_end__sock_read_rx[0]; / 0x11c 0 / __u8 __cacheline_group_begin__sock_read_rxtx[0]; / 0x11c 0 / int sk_err; / 0x11c 0x4 / struct socket sk_socket; /* 0x120 0x8 / struct mem_cgroup sk_memcg; /* 0x128 0x8 / rcu sk_policy[2]; /* 0x130 0x10 / / --- cacheline 5 boundary (320 bytes) --- / __u8 __cacheline_group_end__sock_read_rxtx[0]; / 0x140 0 / __u8 __cacheline_group_begin__sock_write_rxtx[0]; / 0x140 0 / socket_lock_t sk_lock; / 0x140 0x20 / u32 sk_reserved_mem; / 0x160 0x4 / int sk_forward_alloc; / 0x164 0x4 / u32 sk_tsflags; / 0x168 0x4 / __u8 __cacheline_group_end__sock_write_rxtx[0]; / 0x16c 0 / __u8 __cacheline_group_begin__sock_write_tx[0]; / 0x16c 0 / int sk_write_pending; / 0x16c 0x4 / atomic_t sk_omem_alloc; / 0x170 0x4 / int sk_sndbuf; / 0x174 0x4 / int sk_wmem_queued; / 0x178 0x4 / refcount_t sk_wmem_alloc; / 0x17c 0x4 / / --- cacheline 6 boundary (384 bytes) --- / unsigned long sk_tsq_flags; / 0x180 0x8 / union { struct sk_buff sk_send_head; /* 0x188 0x8 / struct rb_root tcp_rtx_queue; / 0x188 0x8 / }; / 0x188 0x8 / union { struct sk_buff sk_send_head; /* 0 0x8 / struct rb_root tcp_rtx_queue; / 0 0x8 / }; struct sk_buff_head sk_write_queue; / 0x190 0x18 / u32 sk_dst_pending_confirm; / 0x1a8 0x4 / u32 sk_pacing_status; / 0x1ac 0x4 / struct page_frag sk_frag; / 0x1b0 0x10 / / --- cacheline 7 boundary (448 bytes) --- / struct timer_list sk_timer; / 0x1c0 0x28 / / XXX last struct has 4 bytes of padding / unsigned long sk_pacing_rate; / 0x1e8 0x8 / atomic_t sk_zckey; / 0x1f0 0x4 / atomic_t sk_tskey; / 0x1f4 0x4 / __u8 __cacheline_group_end__sock_write_tx[0]; / 0x1f8 0 / __u8 __cacheline_group_begin__sock_read_tx[0]; / 0x1f8 0 / unsigned long sk_max_pacing_rate; / 0x1f8 0x8 / / --- cacheline 8 boundary (512 bytes) --- / long sk_sndtimeo; / 0x200 0x8 / u32 sk_priority; / 0x208 0x4 / u32 sk_mark; / 0x20c 0x4 / rcu sk_dst_cache; /* 0x210 0x8 / netdev_features_t sk_route_caps; / 0x218 0x8 / u16 sk_gso_type; / 0x220 0x2 / u16 sk_gso_max_segs; / 0x222 0x2 / unsigned int sk_gso_max_size; / 0x224 0x4 / gfp_t sk_allocation; / 0x228 0x4 / u32 sk_txhash; / 0x22c 0x4 / u8 sk_pacing_shift; / 0x230 0x1 / bool sk_use_task_frag; / 0x231 0x1 / __u8 __cacheline_group_end__sock_read_tx[0]; / 0x232 0 / u8 sk_gso_disabled:1; / 0x232: 0 0x1 / u8 sk_kern_sock:1; / 0x232:0x1 0x1 / u8 sk_no_check_tx:1; / 0x232:0x2 0x1 / u8 sk_no_check_rx:1; / 0x232:0x3 0x1 / / XXX 4 bits hole, try to pack / u8 sk_shutdown; / 0x233 0x1 / u16 sk_type; / 0x234 0x2 / u16 sk_protocol; / 0x236 0x2 / unsigned long sk_lingertime; / 0x238 0x8 / / --- cacheline 9 boundary (576 bytes) --- / struct proto sk_prot_creator; /* 0x240 0x8 / rwlock_t sk_callback_lock; / 0x248 0x8 / int sk_err_soft; / 0x250 0x4 / u32 sk_ack_backlog; / 0x254 0x4 / u32 sk_max_ack_backlog; / 0x258 0x4 / kuid_t sk_uid; / 0x25c 0x4 / spinlock_t sk_peer_lock; / 0x260 0x4 / int sk_bind_phc; / 0x264 0x4 / struct pid sk_peer_pid; /* 0x268 0x8 / const struct cred sk_peer_cred; /* 0x270 0x8 / ktime_t sk_stamp; / 0x278 0x8 / / --- cacheline 10 boundary (640 bytes) --- / int sk_disconnects; / 0x280 0x4 / u8 sk_txrehash; / 0x284 0x1 / u8 sk_clockid; / 0x285 0x1 / u8 sk_txtime_deadline_mode:1; / 0x286: 0 0x1 / u8 sk_txtime_report_errors:1; / 0x286:0x1 0x1 / u8 sk_txtime_unused:6; / 0x286:0x2 0x1 / / XXX 1 byte hole, try to pack / void sk_user_data; /* 0x288 0x8 / void sk_security; /* 0x290 0x8 / struct sock_cgroup_data sk_cgrp_data; / 0x298 0x8 / void (sk_state_change)(struct sock ); / 0x2a0 0x8 / void (sk_write_space)(struct sock ); / 0x2a8 0x8 / void (sk_error_report)(struct sock ); / 0x2b0 0x8 / int (sk_backlog_rcv)(struct sock , struct sk_buff ); /* 0x2b8 0x8 / / --- cacheline 11 boundary (704 bytes) --- / void (sk_destruct)(struct sock ); / 0x2c0 0x8 / rcu sk_reuseport_cb; /* 0x2c8 0x8 / rcu sk_bpf_storage; /* 0x2d0 0x8 / struct callback_head sk_rcu __attribute__((__aligned__(8))); / 0x2d8 0x10 / netns_tracker ns_tracker; / 0x2e8 0x8 / / size: 752, cachelines: 12, members: 105 / / sum members: 749, holes: 1, sum holes: 1 / / sum bitfield members: 12 bits, bit holes: 1, sum bit holes: 4 bits / / paddings: 1, sum paddings: 4 / / forced alignments: 1 / / last cacheline: 48 bytes / }; Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240216162006.2342759-1-edumazet@google.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> diff 5d4cc874 Fri Feb 16 09:20:06 MST 2024 Eric Dumazet <edumazet@google.com> net: reorganize "struct sock" fields Last major reorg happened in commit 9115e8cd2a0c ("net: reorganize struct sock for better data locality") Since then, many changes have been done. Before SO_PEEK_OFF support is added to TCP, we need to move sk_peek_off to a better location. It is time to make another pass, and add six groups, without explicit alignment. - sock_write_rx (following sk_refcnt) read-write fields in rx path. - sock_read_rx read-mostly fields in rx path. - sock_read_rxtx read-mostly fields in both rx and tx paths. - sock_write_rxtx read-write fields in both rx and tx paths. - sock_write_tx read-write fields in tx paths. - sock_read_tx read-mostly fields in tx paths. Results on TCP_RR benchmarks seem to show a gain (4 to 5 %). It is possible UDP needs a change, because sk_peek_off shares a cache line with sk_receive_queue. If this the case, we can exchange roles of sk->sk_receive and up->reader_queue queues. After this change, we have the following layout: struct sock { struct sock_common __sk_common; / 0 0x88 / / --- cacheline 2 boundary (128 bytes) was 8 bytes ago --- / __u8 __cacheline_group_begin__sock_write_rx[0]; / 0x88 0 / atomic_t sk_drops; / 0x88 0x4 / __s32 sk_peek_off; / 0x8c 0x4 / struct sk_buff_head sk_error_queue; / 0x90 0x18 / struct sk_buff_head sk_receive_queue; / 0xa8 0x18 / / --- cacheline 3 boundary (192 bytes) --- / struct { atomic_t rmem_alloc; / 0xc0 0x4 / int len; / 0xc4 0x4 / struct sk_buff head; /* 0xc8 0x8 / struct sk_buff tail; /* 0xd0 0x8 / } sk_backlog; / 0xc0 0x18 / struct { atomic_t rmem_alloc; / 0 0x4 / int len; / 0x4 0x4 / struct sk_buff head; /* 0x8 0x8 / struct sk_buff tail; /* 0x10 0x8 / / size: 24, cachelines: 1, members: 4 / / last cacheline: 24 bytes / }; __u8 __cacheline_group_end__sock_write_rx[0]; / 0xd8 0 / __u8 __cacheline_group_begin__sock_read_rx[0]; / 0xd8 0 / rcu sk_rx_dst; /* 0xd8 0x8 / int sk_rx_dst_ifindex; / 0xe0 0x4 / u32 sk_rx_dst_cookie; / 0xe4 0x4 / unsigned int sk_ll_usec; / 0xe8 0x4 / unsigned int sk_napi_id; / 0xec 0x4 / u16 sk_busy_poll_budget; / 0xf0 0x2 / u8 sk_prefer_busy_poll; / 0xf2 0x1 / u8 sk_userlocks; / 0xf3 0x1 / int sk_rcvbuf; / 0xf4 0x4 / rcu sk_filter; /* 0xf8 0x8 / / --- cacheline 4 boundary (256 bytes) --- / union { rcu sk_wq; /* 0x100 0x8 / struct socket_wq sk_wq_raw; /* 0x100 0x8 / }; / 0x100 0x8 / union { rcu sk_wq; /* 0 0x8 / struct socket_wq sk_wq_raw; /* 0 0x8 / }; void (sk_data_ready)(struct sock ); / 0x108 0x8 / long sk_rcvtimeo; / 0x110 0x8 / int sk_rcvlowat; / 0x118 0x4 / __u8 __cacheline_group_end__sock_read_rx[0]; / 0x11c 0 / __u8 __cacheline_group_begin__sock_read_rxtx[0]; / 0x11c 0 / int sk_err; / 0x11c 0x4 / struct socket sk_socket; /* 0x120 0x8 / struct mem_cgroup sk_memcg; /* 0x128 0x8 / rcu sk_policy[2]; /* 0x130 0x10 / / --- cacheline 5 boundary (320 bytes) --- / __u8 __cacheline_group_end__sock_read_rxtx[0]; / 0x140 0 / __u8 __cacheline_group_begin__sock_write_rxtx[0]; / 0x140 0 / socket_lock_t sk_lock; / 0x140 0x20 / u32 sk_reserved_mem; / 0x160 0x4 / int sk_forward_alloc; / 0x164 0x4 / u32 sk_tsflags; / 0x168 0x4 / __u8 __cacheline_group_end__sock_write_rxtx[0]; / 0x16c 0 / __u8 __cacheline_group_begin__sock_write_tx[0]; / 0x16c 0 / int sk_write_pending; / 0x16c 0x4 / atomic_t sk_omem_alloc; / 0x170 0x4 / int sk_sndbuf; / 0x174 0x4 / int sk_wmem_queued; / 0x178 0x4 / refcount_t sk_wmem_alloc; / 0x17c 0x4 / / --- cacheline 6 boundary (384 bytes) --- / unsigned long sk_tsq_flags; / 0x180 0x8 / union { struct sk_buff sk_send_head; /* 0x188 0x8 / struct rb_root tcp_rtx_queue; / 0x188 0x8 / }; / 0x188 0x8 / union { struct sk_buff sk_send_head; /* 0 0x8 / struct rb_root tcp_rtx_queue; / 0 0x8 / }; struct sk_buff_head sk_write_queue; / 0x190 0x18 / u32 sk_dst_pending_confirm; / 0x1a8 0x4 / u32 sk_pacing_status; / 0x1ac 0x4 / struct page_frag sk_frag; / 0x1b0 0x10 / / --- cacheline 7 boundary (448 bytes) --- / struct timer_list sk_timer; / 0x1c0 0x28 / / XXX last struct has 4 bytes of padding / unsigned long sk_pacing_rate; / 0x1e8 0x8 / atomic_t sk_zckey; / 0x1f0 0x4 / atomic_t sk_tskey; / 0x1f4 0x4 / __u8 __cacheline_group_end__sock_write_tx[0]; / 0x1f8 0 / __u8 __cacheline_group_begin__sock_read_tx[0]; / 0x1f8 0 / unsigned long sk_max_pacing_rate; / 0x1f8 0x8 / / --- cacheline 8 boundary (512 bytes) --- / long sk_sndtimeo; / 0x200 0x8 / u32 sk_priority; / 0x208 0x4 / u32 sk_mark; / 0x20c 0x4 / rcu sk_dst_cache; /* 0x210 0x8 / netdev_features_t sk_route_caps; / 0x218 0x8 / u16 sk_gso_type; / 0x220 0x2 / u16 sk_gso_max_segs; / 0x222 0x2 / unsigned int sk_gso_max_size; / 0x224 0x4 / gfp_t sk_allocation; / 0x228 0x4 / u32 sk_txhash; / 0x22c 0x4 / u8 sk_pacing_shift; / 0x230 0x1 / bool sk_use_task_frag; / 0x231 0x1 / __u8 __cacheline_group_end__sock_read_tx[0]; / 0x232 0 / u8 sk_gso_disabled:1; / 0x232: 0 0x1 / u8 sk_kern_sock:1; / 0x232:0x1 0x1 / u8 sk_no_check_tx:1; / 0x232:0x2 0x1 / u8 sk_no_check_rx:1; / 0x232:0x3 0x1 / / XXX 4 bits hole, try to pack / u8 sk_shutdown; / 0x233 0x1 / u16 sk_type; / 0x234 0x2 / u16 sk_protocol; / 0x236 0x2 / unsigned long sk_lingertime; / 0x238 0x8 / / --- cacheline 9 boundary (576 bytes) --- / struct proto sk_prot_creator; /* 0x240 0x8 / rwlock_t sk_callback_lock; / 0x248 0x8 / int sk_err_soft; / 0x250 0x4 / u32 sk_ack_backlog; / 0x254 0x4 / u32 sk_max_ack_backlog; / 0x258 0x4 / kuid_t sk_uid; / 0x25c 0x4 / spinlock_t sk_peer_lock; / 0x260 0x4 / int sk_bind_phc; / 0x264 0x4 / struct pid sk_peer_pid; /* 0x268 0x8 / const struct cred sk_peer_cred; /* 0x270 0x8 / ktime_t sk_stamp; / 0x278 0x8 / / --- cacheline 10 boundary (640 bytes) --- / int sk_disconnects; / 0x280 0x4 / u8 sk_txrehash; / 0x284 0x1 / u8 sk_clockid; / 0x285 0x1 / u8 sk_txtime_deadline_mode:1; / 0x286: 0 0x1 / u8 sk_txtime_report_errors:1; / 0x286:0x1 0x1 / u8 sk_txtime_unused:6; / 0x286:0x2 0x1 / / XXX 1 byte hole, try to pack / void sk_user_data; /* 0x288 0x8 / void sk_security; /* 0x290 0x8 / struct sock_cgroup_data sk_cgrp_data; / 0x298 0x8 / void (sk_state_change)(struct sock ); / 0x2a0 0x8 / void (sk_write_space)(struct sock ); / 0x2a8 0x8 / void (sk_error_report)(struct sock ); / 0x2b0 0x8 / int (sk_backlog_rcv)(struct sock , struct sk_buff ); /* 0x2b8 0x8 / / --- cacheline 11 boundary (704 bytes) --- / void (sk_destruct)(struct sock ); / 0x2c0 0x8 / rcu sk_reuseport_cb; /* 0x2c8 0x8 / rcu sk_bpf_storage; /* 0x2d0 0x8 / struct callback_head sk_rcu __attribute__((__aligned__(8))); / 0x2d8 0x10 / netns_tracker ns_tracker; / 0x2e8 0x8 / / size: 752, cachelines: 12, members: 105 / / sum members: 749, holes: 1, sum holes: 1 / / sum bitfield members: 12 bits, bit holes: 1, sum bit holes: 4 bits / / paddings: 1, sum paddings: 4 / / forced alignments: 1 / / last cacheline: 48 bytes / }; Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240216162006.2342759-1-edumazet@google.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> diff 5d4cc874 Fri Feb 16 09:20:06 MST 2024 Eric Dumazet <edumazet@google.com> net: reorganize "struct sock" fields Last major reorg happened in commit 9115e8cd2a0c ("net: reorganize struct sock for better data locality") Since then, many changes have been done. Before SO_PEEK_OFF support is added to TCP, we need to move sk_peek_off to a better location. It is time to make another pass, and add six groups, without explicit alignment. - sock_write_rx (following sk_refcnt) read-write fields in rx path. - sock_read_rx read-mostly fields in rx path. - sock_read_rxtx read-mostly fields in both rx and tx paths. - sock_write_rxtx read-write fields in both rx and tx paths. - sock_write_tx read-write fields in tx paths. - sock_read_tx read-mostly fields in tx paths. Results on TCP_RR benchmarks seem to show a gain (4 to 5 %). It is possible UDP needs a change, because sk_peek_off shares a cache line with sk_receive_queue. If this the case, we can exchange roles of sk->sk_receive and up->reader_queue queues. After this change, we have the following layout: struct sock { struct sock_common __sk_common; / 0 0x88 / / --- cacheline 2 boundary (128 bytes) was 8 bytes ago --- / __u8 __cacheline_group_begin__sock_write_rx[0]; / 0x88 0 / atomic_t sk_drops; / 0x88 0x4 / __s32 sk_peek_off; / 0x8c 0x4 / struct sk_buff_head sk_error_queue; / 0x90 0x18 / struct sk_buff_head sk_receive_queue; / 0xa8 0x18 / / --- cacheline 3 boundary (192 bytes) --- / struct { atomic_t rmem_alloc; / 0xc0 0x4 / int len; / 0xc4 0x4 / struct sk_buff head; /* 0xc8 0x8 / struct sk_buff tail; /* 0xd0 0x8 / } sk_backlog; / 0xc0 0x18 / struct { atomic_t rmem_alloc; / 0 0x4 / int len; / 0x4 0x4 / struct sk_buff head; /* 0x8 0x8 / struct sk_buff tail; /* 0x10 0x8 / / size: 24, cachelines: 1, members: 4 / / last cacheline: 24 bytes / }; __u8 __cacheline_group_end__sock_write_rx[0]; / 0xd8 0 / __u8 __cacheline_group_begin__sock_read_rx[0]; / 0xd8 0 / rcu sk_rx_dst; /* 0xd8 0x8 / int sk_rx_dst_ifindex; / 0xe0 0x4 / u32 sk_rx_dst_cookie; / 0xe4 0x4 / unsigned int sk_ll_usec; / 0xe8 0x4 / unsigned int sk_napi_id; / 0xec 0x4 / u16 sk_busy_poll_budget; / 0xf0 0x2 / u8 sk_prefer_busy_poll; / 0xf2 0x1 / u8 sk_userlocks; / 0xf3 0x1 / int sk_rcvbuf; / 0xf4 0x4 / rcu sk_filter; /* 0xf8 0x8 / / --- cacheline 4 boundary (256 bytes) --- / union { rcu sk_wq; /* 0x100 0x8 / struct socket_wq sk_wq_raw; /* 0x100 0x8 / }; / 0x100 0x8 / union { rcu sk_wq; /* 0 0x8 / struct socket_wq sk_wq_raw; /* 0 0x8 / }; void (sk_data_ready)(struct sock ); / 0x108 0x8 / long sk_rcvtimeo; / 0x110 0x8 / int sk_rcvlowat; / 0x118 0x4 / __u8 __cacheline_group_end__sock_read_rx[0]; / 0x11c 0 / __u8 __cacheline_group_begin__sock_read_rxtx[0]; / 0x11c 0 / int sk_err; / 0x11c 0x4 / struct socket sk_socket; /* 0x120 0x8 / struct mem_cgroup sk_memcg; /* 0x128 0x8 / rcu sk_policy[2]; /* 0x130 0x10 / / --- cacheline 5 boundary (320 bytes) --- / __u8 __cacheline_group_end__sock_read_rxtx[0]; / 0x140 0 / __u8 __cacheline_group_begin__sock_write_rxtx[0]; / 0x140 0 / socket_lock_t sk_lock; / 0x140 0x20 / u32 sk_reserved_mem; / 0x160 0x4 / int sk_forward_alloc; / 0x164 0x4 / u32 sk_tsflags; / 0x168 0x4 / __u8 __cacheline_group_end__sock_write_rxtx[0]; / 0x16c 0 / __u8 __cacheline_group_begin__sock_write_tx[0]; / 0x16c 0 / int sk_write_pending; / 0x16c 0x4 / atomic_t sk_omem_alloc; / 0x170 0x4 / int sk_sndbuf; / 0x174 0x4 / int sk_wmem_queued; / 0x178 0x4 / refcount_t sk_wmem_alloc; / 0x17c 0x4 / / --- cacheline 6 boundary (384 bytes) --- / unsigned long sk_tsq_flags; / 0x180 0x8 / union { struct sk_buff sk_send_head; /* 0x188 0x8 / struct rb_root tcp_rtx_queue; / 0x188 0x8 / }; / 0x188 0x8 / union { struct sk_buff sk_send_head; /* 0 0x8 / struct rb_root tcp_rtx_queue; / 0 0x8 / }; struct sk_buff_head sk_write_queue; / 0x190 0x18 / u32 sk_dst_pending_confirm; / 0x1a8 0x4 / u32 sk_pacing_status; / 0x1ac 0x4 / struct page_frag sk_frag; / 0x1b0 0x10 / / --- cacheline 7 boundary (448 bytes) --- / struct timer_list sk_timer; / 0x1c0 0x28 / / XXX last struct has 4 bytes of padding / unsigned long sk_pacing_rate; / 0x1e8 0x8 / atomic_t sk_zckey; / 0x1f0 0x4 / atomic_t sk_tskey; / 0x1f4 0x4 / __u8 __cacheline_group_end__sock_write_tx[0]; / 0x1f8 0 / __u8 __cacheline_group_begin__sock_read_tx[0]; / 0x1f8 0 / unsigned long sk_max_pacing_rate; / 0x1f8 0x8 / / --- cacheline 8 boundary (512 bytes) --- / long sk_sndtimeo; / 0x200 0x8 / u32 sk_priority; / 0x208 0x4 / u32 sk_mark; / 0x20c 0x4 / rcu sk_dst_cache; /* 0x210 0x8 / netdev_features_t sk_route_caps; / 0x218 0x8 / u16 sk_gso_type; / 0x220 0x2 / u16 sk_gso_max_segs; / 0x222 0x2 / unsigned int sk_gso_max_size; / 0x224 0x4 / gfp_t sk_allocation; / 0x228 0x4 / u32 sk_txhash; / 0x22c 0x4 / u8 sk_pacing_shift; / 0x230 0x1 / bool sk_use_task_frag; / 0x231 0x1 / __u8 __cacheline_group_end__sock_read_tx[0]; / 0x232 0 / u8 sk_gso_disabled:1; / 0x232: 0 0x1 / u8 sk_kern_sock:1; / 0x232:0x1 0x1 / u8 sk_no_check_tx:1; / 0x232:0x2 0x1 / u8 sk_no_check_rx:1; / 0x232:0x3 0x1 / / XXX 4 bits hole, try to pack / u8 sk_shutdown; / 0x233 0x1 / u16 sk_type; / 0x234 0x2 / u16 sk_protocol; / 0x236 0x2 / unsigned long sk_lingertime; / 0x238 0x8 / / --- cacheline 9 boundary (576 bytes) --- / struct proto sk_prot_creator; /* 0x240 0x8 / rwlock_t sk_callback_lock; / 0x248 0x8 / int sk_err_soft; / 0x250 0x4 / u32 sk_ack_backlog; / 0x254 0x4 / u32 sk_max_ack_backlog; / 0x258 0x4 / kuid_t sk_uid; / 0x25c 0x4 / spinlock_t sk_peer_lock; / 0x260 0x4 / int sk_bind_phc; / 0x264 0x4 / struct pid sk_peer_pid; /* 0x268 0x8 / const struct cred sk_peer_cred; /* 0x270 0x8 / ktime_t sk_stamp; / 0x278 0x8 / / --- cacheline 10 boundary (640 bytes) --- / int sk_disconnects; / 0x280 0x4 / u8 sk_txrehash; / 0x284 0x1 / u8 sk_clockid; / 0x285 0x1 / u8 sk_txtime_deadline_mode:1; / 0x286: 0 0x1 / u8 sk_txtime_report_errors:1; / 0x286:0x1 0x1 / u8 sk_txtime_unused:6; / 0x286:0x2 0x1 / / XXX 1 byte hole, try to pack / void sk_user_data; /* 0x288 0x8 / void sk_security; /* 0x290 0x8 / struct sock_cgroup_data sk_cgrp_data; / 0x298 0x8 / void (sk_state_change)(struct sock ); / 0x2a0 0x8 / void (sk_write_space)(struct sock ); / 0x2a8 0x8 / void (sk_error_report)(struct sock ); / 0x2b0 0x8 / int (sk_backlog_rcv)(struct sock , struct sk_buff ); /* 0x2b8 0x8 / / --- cacheline 11 boundary (704 bytes) --- / void (sk_destruct)(struct sock ); / 0x2c0 0x8 / rcu sk_reuseport_cb; /* 0x2c8 0x8 / rcu sk_bpf_storage; /* 0x2d0 0x8 / struct callback_head sk_rcu __attribute__((__aligned__(8))); / 0x2d8 0x10 / netns_tracker ns_tracker; / 0x2e8 0x8 / / size: 752, cachelines: 12, members: 105 / / sum members: 749, holes: 1, sum holes: 1 / / sum bitfield members: 12 bits, bit holes: 1, sum bit holes: 4 bits / / paddings: 1, sum paddings: 4 / / forced alignments: 1 / / last cacheline: 48 bytes */ }; Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Paolo Abeni <pabeni@redhat.com> Link: https://lore.kernel.org/r/20240216162006.2342759-1-edumazet@google.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> diff 0b05b0cd Mon Oct 16 07:47:42 MDT 2023 Breno Leitao <leitao@debian.org> net/socket: Break down __sys_getsockopt Split __sys_getsockopt() into two functions by removing the core logic into a sub-function (do_sock_getsockopt()). This will avoid code duplication when doing the same operation in other callers, for instance. do_sock_getsockopt() will be called by io_uring getsockopt() command operation in the following patch. The same was done for the setsockopt pair. Suggested-by: Martin KaFai Lau <martin.lau@linux.dev> Signed-off-by: Breno Leitao <leitao@debian.org> Acked-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Martin KaFai Lau <martin.lau@kernel.org> Link: https://lore.kernel.org/r/20231016134750.1381153-5-leitao@debian.org Signed-off-by: Jens Axboe <axboe@kernel.dk> diff 5eef0b8d Thu Sep 21 14:28:16 MDT 2023 Eric Dumazet <edumazet@google.com> net: lockless implementation of SO_TXREHASH sk->sk_txrehash readers are already safe against concurrent change of this field. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> diff 5e6300e7 Thu Aug 31 07:52:09 MDT 2023 Eric Dumazet <edumazet@google.com> net: annotate data-races around sk->sk_forward_alloc Every time sk->sk_forward_alloc is read locklessly, add a READ_ONCE(). Add sk_forward_alloc_add() helper to centralize updates, to reduce number of WRITE_ONCE(). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> diff 25a9c8a4 Mon Jun 26 10:43:13 MDT 2023 Kuniyuki Iwashima <kuniyu@amazon.com> netlink: Add __sock_i_ino() for __netlink_diag_dump(). syzbot reported a warning in __local_bh_enable_ip(). [0] Commit 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") converted read_lock(&nl_table_lock) to read_lock_irqsave() in __netlink_diag_dump() to prevent a deadlock. However, __netlink_diag_dump() calls sock_i_ino() that uses read_lock_bh() and read_unlock_bh(). If CONFIG_TRACE_IRQFLAGS=y, read_unlock_bh() finally enables IRQ even though it should stay disabled until the following read_unlock_irqrestore(). Using read_lock() in sock_i_ino() would trigger a lockdep splat in another place that was fixed in commit f064af1e500a ("net: fix a lockdep splat"), so let's add __sock_i_ino() that would be safe to use under BH disabled. [0]: WARNING: CPU: 0 PID: 5012 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 0 PID: 5012 Comm: syz-executor487 Not tainted 6.4.0-rc7-syzkaller-00202-g6f68fc395f49 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Code: 45 bf 01 00 00 00 e8 91 5b 0a 00 e8 3c 15 3d 00 fb 65 8b 05 ec e9 b5 7e 85 c0 74 58 5b 5d c3 65 8b 05 b2 b6 b4 7e 85 c0 75 a2 <0f> 0b eb 9e e8 89 15 3d 00 eb 9f 48 89 ef e8 6f 49 18 00 eb a8 0f RSP: 0018:ffffc90003a1f3d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000201 RCX: 1ffffffff1cf5996 RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8805c6f3 RBP: ffffffff8805c6f3 R08: 0000000000000001 R09: ffff8880152b03a3 R10: ffffed1002a56074 R11: 0000000000000005 R12: 00000000000073e4 R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000 FS: 0000555556726300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000045ad50 CR3: 000000007c646000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_i_ino+0x83/0xa0 net/core/sock.c:2559 __netlink_diag_dump+0x45c/0x790 net/netlink/diag.c:171 netlink_diag_dump+0xd6/0x230 net/netlink/diag.c:207 netlink_dump+0x570/0xc50 net/netlink/af_netlink.c:2269 __netlink_dump_start+0x64b/0x910 net/netlink/af_netlink.c:2374 netlink_dump_start include/linux/netlink.h:329 [inline] netlink_diag_handler_dump+0x1ae/0x250 net/netlink/diag.c:238 __sock_diag_cmd net/core/sock_diag.c:238 [inline] sock_diag_rcv_msg+0x31e/0x440 net/core/sock_diag.c:269 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2547 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1914 sock_sendmsg_nosec net/socket.c:724 [inline] sock_sendmsg+0xde/0x190 net/socket.c:747 ____sys_sendmsg+0x71c/0x900 net/socket.c:2503 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2557 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2586 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f5303aaabb9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc7506e548 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5303aaabb9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f5303a6ed60 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5303a6edf0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Fixes: 8d61f926d420 ("netlink: fix potential deadlock in netlink_set_err()") Reported-by: syzbot+5da61cf6a9bc1902d422@syzkaller.appspotmail.com Link: https://syzkaller.appspot.com/bug?extid=5da61cf6a9bc1902d422 Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20230626164313.52528-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
/linux-master/kernel/sched/
H A D	core.c	diff cd9b2901 Wed Jan 31 07:49:36 MST 2024 Andrea Parri <parri.andrea@gmail.com> membarrier: riscv: Provide core serializing command RISC-V uses xRET instructions on return from interrupt and to go back to user-space; the xRET instruction is not core serializing. Use FENCE.I for providing core serialization as follows: - by calling sync_core_before_usermode() on return from interrupt (cf. ipi_sync_core()), - via switch_mm() and sync_core_before_usermode() (respectively, for uthread->uthread and kthread->uthread transitions) before returning to user-space. On RISC-V, the serialization in switch_mm() is activated by resetting the icache_stale_mask of the mm at prepare_sync_core_cmd(). Suggested-by: Palmer Dabbelt <palmer@dabbelt.com> Signed-off-by: Andrea Parri <parri.andrea@gmail.com> Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Link: https://lore.kernel.org/r/20240131144936.29190-5-parri.andrea@gmail.com Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> diff cf8e8658 Thu Oct 20 07:54:33 MDT 2022 Ard Biesheuvel <ardb@kernel.org> arch: Remove Itanium (IA-64) architecture The Itanium architecture is obsolete, and an informal survey [0] reveals that any residual use of Itanium hardware in production is mostly HP-UX or OpenVMS based. The use of Linux on Itanium appears to be limited to enthusiasts that occasionally boot a fresh Linux kernel to see whether things are still working as intended, and perhaps to churn out some distro packages that are rarely used in practice. None of the original companies behind Itanium still produce or support any hardware or software for the architecture, and it is listed as 'Orphaned' in the MAINTAINERS file, as apparently, none of the engineers that contributed on behalf of those companies (nor anyone else, for that matter) have been willing to support or maintain the architecture upstream or even be responsible for applying the odd fix. The Intel firmware team removed all IA-64 support from the Tianocore/EDK2 reference implementation of EFI in 2018. (Itanium is the original architecture for which EFI was developed, and the way Linux supports it deviates significantly from other architectures.) Some distros, such as Debian and Gentoo, still maintain [unofficial] ia64 ports, but many have dropped support years ago. While the argument is being made [1] that there is a 'for the common good' angle to being able to build and run existing projects such as the Grid Community Toolkit [2] on Itanium for interoperability testing, the fact remains that none of those projects are known to be deployed on Linux/ia64, and very few people actually have access to such a system in the first place. Even if there were ways imaginable in which Linux/ia64 could be put to good use today, what matters is whether anyone is actually doing that, and this does not appear to be the case. There are no emulators widely available, and so boot testing Itanium is generally infeasible for ordinary contributors. GCC still supports IA-64 but its compile farm [3] no longer has any IA-64 machines. GLIBC would like to get rid of IA-64 [4] too because it would permit some overdue code cleanups. In summary, the benefits to the ecosystem of having IA-64 be part of it are mostly theoretical, whereas the maintenance overhead of keeping it supported is real. So let's rip off the band aid, and remove the IA-64 arch code entirely. This follows the timeline proposed by the Debian/ia64 maintainer [5], which removes support in a controlled manner, leaving IA-64 in a known good state in the most recent LTS release. Other projects will follow once the kernel support is removed. [0] https://lore.kernel.org/all/CAMj1kXFCMh_578jniKpUtx_j8ByHnt=s7S+yQ+vGbKt9ud7+kQ@mail.gmail.com/ [1] https://lore.kernel.org/all/0075883c-7c51-00f5-2c2d-5119c1820410@web.de/ [2] https://gridcf.org/gct-docs/latest/index.html [3] https://cfarm.tetaneutral.net/machines/list/ [4] https://lore.kernel.org/all/87bkiilpc4.fsf@mid.deneb.enyo.de/ [5] https://lore.kernel.org/all/ff58a3e76e5102c94bb5946d99187b358def688a.camel@physik.fu-berlin.de/ Acked-by: Tony Luck <tony.luck@intel.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> diff cf8e8658 Thu Oct 20 07:54:33 MDT 2022 Ard Biesheuvel <ardb@kernel.org> arch: Remove Itanium (IA-64) architecture The Itanium architecture is obsolete, and an informal survey [0] reveals that any residual use of Itanium hardware in production is mostly HP-UX or OpenVMS based. The use of Linux on Itanium appears to be limited to enthusiasts that occasionally boot a fresh Linux kernel to see whether things are still working as intended, and perhaps to churn out some distro packages that are rarely used in practice. None of the original companies behind Itanium still produce or support any hardware or software for the architecture, and it is listed as 'Orphaned' in the MAINTAINERS file, as apparently, none of the engineers that contributed on behalf of those companies (nor anyone else, for that matter) have been willing to support or maintain the architecture upstream or even be responsible for applying the odd fix. The Intel firmware team removed all IA-64 support from the Tianocore/EDK2 reference implementation of EFI in 2018. (Itanium is the original architecture for which EFI was developed, and the way Linux supports it deviates significantly from other architectures.) Some distros, such as Debian and Gentoo, still maintain [unofficial] ia64 ports, but many have dropped support years ago. While the argument is being made [1] that there is a 'for the common good' angle to being able to build and run existing projects such as the Grid Community Toolkit [2] on Itanium for interoperability testing, the fact remains that none of those projects are known to be deployed on Linux/ia64, and very few people actually have access to such a system in the first place. Even if there were ways imaginable in which Linux/ia64 could be put to good use today, what matters is whether anyone is actually doing that, and this does not appear to be the case. There are no emulators widely available, and so boot testing Itanium is generally infeasible for ordinary contributors. GCC still supports IA-64 but its compile farm [3] no longer has any IA-64 machines. GLIBC would like to get rid of IA-64 [4] too because it would permit some overdue code cleanups. In summary, the benefits to the ecosystem of having IA-64 be part of it are mostly theoretical, whereas the maintenance overhead of keeping it supported is real. So let's rip off the band aid, and remove the IA-64 arch code entirely. This follows the timeline proposed by the Debian/ia64 maintainer [5], which removes support in a controlled manner, leaving IA-64 in a known good state in the most recent LTS release. Other projects will follow once the kernel support is removed. [0] https://lore.kernel.org/all/CAMj1kXFCMh_578jniKpUtx_j8ByHnt=s7S+yQ+vGbKt9ud7+kQ@mail.gmail.com/ [1] https://lore.kernel.org/all/0075883c-7c51-00f5-2c2d-5119c1820410@web.de/ [2] https://gridcf.org/gct-docs/latest/index.html [3] https://cfarm.tetaneutral.net/machines/list/ [4] https://lore.kernel.org/all/87bkiilpc4.fsf@mid.deneb.enyo.de/ [5] https://lore.kernel.org/all/ff58a3e76e5102c94bb5946d99187b358def688a.camel@physik.fu-berlin.de/ Acked-by: Tony Luck <tony.luck@intel.com> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> diff 5ebde09d Thu Oct 12 03:00:03 MDT 2023 Hao Jia <jiahao.os@bytedance.com> sched/core: Fix RQCF_ACT_SKIP leak Igor Raits and Bagas Sanjaya report a RQCF_ACT_SKIP leak warning. This warning may be triggered in the following situations: CPU0 CPU1 __schedule() rq->clock_update_flags <<= 1; unregister_fair_sched_group() pick_next_task_fair+0x4a/0x410 destroy_cfs_bandwidth() newidle_balance+0x115/0x3e0 for_each_possible_cpu(i) i=0 rq_unpin_lock(this_rq, rf) __cfsb_csd_unthrottle() raw_spin_rq_unlock(this_rq) rq_lock(CPU0_rq, &rf) rq_clock_start_loop_update() rq->clock_update_flags & RQCF_ACT_SKIP <-- raw_spin_rq_lock(this_rq) The purpose of RQCF_ACT_SKIP is to skip the update rq clock, but the update is very early in __schedule(), but we clear RQCF__SKIP very late, causing it to span that gap above and triggering this warning. In __schedule() we can clear the RQCF__SKIP flag immediately after update_rq_clock() to avoid this RQCF_ACT_SKIP leak warning. And set rq->clock_update_flags to RQCF_UPDATED to avoid rq->clock_update_flags < RQCF_ACT_SKIP warning that may be triggered later. Fixes: ebb83d84e49b ("sched/core: Avoid multiple calling update_rq_clock() in __cfsb_csd_unthrottle()") Closes: https://lore.kernel.org/all/20230913082424.73252-1-jiahao.os@bytedance.com Reported-by: Igor Raits <igor.raits@gmail.com> Reported-by: Bagas Sanjaya <bagasdotme@gmail.com> Suggested-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Hao Jia <jiahao.os@bytedance.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/all/a5dd536d-041a-2ce9-f4b7-64d8d85c86dc@gmail.com diff 6b596e62 Fri Sep 08 10:22:51 MDT 2023 Peter Zijlstra <peterz@infradead.org> sched: Provide rt_mutex specific scheduler helpers With PREEMPT_RT there is a rt_mutex recursion problem where sched_submit_work() can use an rtlock (aka spinlock_t). More specifically what happens is: mutex_lock() /* really rt_mutex / ... __rt_mutex_slowlock_locked() task_blocks_on_rt_mutex() // enqueue current task as waiter // do PI chain walk rt_mutex_slowlock_block() schedule() sched_submit_work() ... spin_lock() / really rtlock / ... __rt_mutex_slowlock_locked() task_blocks_on_rt_mutex() // enqueue current task as waiter AGAIN* // CONFUSION Fix this by making rt_mutex do the sched_submit_work() early, before it enqueues itself as a waiter -- before it even knows if it will wait. [[ basically Thomas' patch but with different naming and a few asserts added ]] Originally-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20230908162254.999499-5-bigeasy@linutronix.de diff cff9b233 Fri Sep 15 11:44:44 MDT 2023 Liam R. Howlett <Liam.Howlett@oracle.com> kernel/sched: Modify initial boot task idle setup Initial booting is setting the task flag to idle (PF_IDLE) by the call path sched_init() -> init_idle(). Having the task idle and calling call_rcu() in kernel/rcu/tiny.c means that TIF_NEED_RESCHED will be set. Subsequent calls to any cond_resched() will enable IRQs, potentially earlier than the IRQ setup has completed. Recent changes have caused just this scenario and IRQs have been enabled early. This causes a warning later in start_kernel() as interrupts are enabled before they are fully set up. Fix this issue by setting the PF_IDLE flag later in the boot sequence. Although the boot task was marked as idle since (at least) d80e4fda576d, I am not sure that it is wrong to do so. The forced context-switch on idle task was introduced in the tiny_rcu update, so I'm going to claim this fixes 5f6130fa52ee. Fixes: 5f6130fa52ee ("tiny_rcu: Directly force QS when call_rcu_[bh\|sched]() on idle_task") Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/linux-mm/CAMuHMdWpvpWoDa=Ox-do92czYRvkok6_x6pYUH+ZouMcJbXy+Q@mail.gmail.com/ diff cff9b233 Fri Sep 15 11:44:44 MDT 2023 Liam R. Howlett <Liam.Howlett@oracle.com> kernel/sched: Modify initial boot task idle setup Initial booting is setting the task flag to idle (PF_IDLE) by the call path sched_init() -> init_idle(). Having the task idle and calling call_rcu() in kernel/rcu/tiny.c means that TIF_NEED_RESCHED will be set. Subsequent calls to any cond_resched() will enable IRQs, potentially earlier than the IRQ setup has completed. Recent changes have caused just this scenario and IRQs have been enabled early. This causes a warning later in start_kernel() as interrupts are enabled before they are fully set up. Fix this issue by setting the PF_IDLE flag later in the boot sequence. Although the boot task was marked as idle since (at least) d80e4fda576d, I am not sure that it is wrong to do so. The forced context-switch on idle task was introduced in the tiny_rcu update, so I'm going to claim this fixes 5f6130fa52ee. Fixes: 5f6130fa52ee ("tiny_rcu: Directly force QS when call_rcu_[bh\|sched]() on idle_task") Signed-off-by: Liam R. Howlett <Liam.Howlett@oracle.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/linux-mm/CAMuHMdWpvpWoDa=Ox-do92czYRvkok6_x6pYUH+ZouMcJbXy+Q@mail.gmail.com/ diff 5bb76f1d Tue Aug 01 14:41:24 MDT 2023 Peter Zijlstra <peterz@infradead.org> sched: Simplify: migrate_swap_stop() Use guards to reduce gotos and simplify control flow. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Valentin Schneider <vschneid@redhat.com> Link: https://lore.kernel.org/r/20230801211811.964370836@infradead.org diff 1c069187 Wed May 31 08:39:07 MDT 2023 Peter Zijlstra <peterz@infradead.org> sched: Consider task_struct::saved_state in wait_task_inactive() With the introduction of task_struct::saved_state in commit 5f220be21418 ("sched/wakeup: Prepare for RT sleeping spin/rwlocks") matching the task state has gotten more complicated. That same commit changed try_to_wake_up() to consider both states, but wait_task_inactive() has been neglected. Sebastian noted that the wait_task_inactive() usage in ptrace_check_attach() can misbehave when ptrace_stop() is blocked on the tasklist_lock after it sets TASK_TRACED. Therefore extract a common helper from ttwu_state_match() and use that to teach wait_task_inactive() about the PREEMPT_RT locks. Originally-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Link: https://lkml.kernel.org/r/20230601091234.GW83892@hirez.programming.kicks-ass.net diff 713a2e21 Thu Sep 22 12:00:40 MDT 2022 Waiman Long <longman@redhat.com> sched: Introduce affinity_context In order to prepare for passing through additional data through the affinity call-chains, convert the mask and flags argument into a structure. Suggested-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Waiman Long <longman@redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20220922180041.1768141-5-longman@redhat.com
/linux-master/mm/
H A D	memcontrol.c	diff f6c7590b Thu Jan 11 11:12:19 MST 2024 Matthew Wilcox (Oracle) <willy@infradead.org> memcg: use a folio in get_mctgt_type_thp Replace five calls to compound_head() with one. Link: https://lkml.kernel.org/r/20240111181219.3462852-5-willy@infradead.org Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Reviewed-by: Roman Gushchin <roman.gushchin@linux.dev> Reviewed-by: Muchun Song <muchun.song@linux.dev> Acked-by: Shakeel Butt <shakeelb@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> diff 508bed88 Tue Nov 28 20:21:49 MST 2023 Yosry Ahmed <yosryahmed@google.com> mm: memcg: change flush_next_time to flush_last_time Patch series "mm: memcg: subtree stats flushing and thresholds", v4. This series attempts to address shortages in today's approach for memcg stats flushing, namely occasionally stale or expensive stat reads. The series does so by changing the threshold that we use to decide whether to trigger a flush to be per memcg instead of global (patch 3), and then changing flushing to be per memcg (i.e. subtree flushes) instead of global (patch 5). This patch (of 5): flush_next_time is an inaccurate name. It's not the next time that periodic flushing will happen, it's rather the next time that ratelimited flushing can happen if the periodic flusher is late. Simplify its semantics by just storing the timestamp of the last flush instead, flush_last_time. Move the 2FLUSH_TIME addition to mem_cgroup_flush_stats_ratelimited(), and add a comment explaining it. This way, all the ratelimiting semantics live in one place. No functional change intended. Link: https://lkml.kernel.org/r/20231129032154.3710765-1-yosryahmed@google.com Link: https://lkml.kernel.org/r/20231129032154.3710765-2-yosryahmed@google.com Signed-off-by: Yosry Ahmed <yosryahmed@google.com> Tested-by: Domenico Cerasuolo <cerasuolodomenico@gmail.com> Acked-by: Shakeel Butt <shakeelb@google.com> Acked-by: Chris Li <chrisl@kernel.org> (Google) Tested-by: Bagas Sanjaya <bagasdotme@gmail.com> Cc: Greg Thelen <gthelen@google.com> Cc: Ivan Babrou <ivan@cloudflare.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Michal Koutny <mkoutny@suse.com> Cc: Muchun Song <muchun.song@linux.dev> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: Tejun Heo <tj@kernel.org> Cc: Waiman Long <longman@redhat.com> Cc: Wei Xu <weixugc@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> diff 508bed88 Tue Nov 28 20:21:49 MST 2023 Yosry Ahmed <yosryahmed@google.com> mm: memcg: change flush_next_time to flush_last_time Patch series "mm: memcg: subtree stats flushing and thresholds", v4. This series attempts to address shortages in today's approach for memcg stats flushing, namely occasionally stale or expensive stat reads. The series does so by changing the threshold that we use to decide whether to trigger a flush to be per memcg instead of global (patch 3), and then changing flushing to be per memcg (i.e. subtree flushes) instead of global (patch 5). This patch (of 5): flush_next_time is an inaccurate name. It's not the next time that periodic flushing will happen, it's rather the next time that ratelimited flushing can happen if the periodic flusher is late. Simplify its semantics by just storing the timestamp of the last flush instead, flush_last_time. Move the 2FLUSH_TIME addition to mem_cgroup_flush_stats_ratelimited(), and add a comment explaining it. This way, all the ratelimiting semantics live in one place. No functional change intended. Link: https://lkml.kernel.org/r/20231129032154.3710765-1-yosryahmed@google.com Link: https://lkml.kernel.org/r/20231129032154.3710765-2-yosryahmed@google.com Signed-off-by: Yosry Ahmed <yosryahmed@google.com> Tested-by: Domenico Cerasuolo <cerasuolodomenico@gmail.com> Acked-by: Shakeel Butt <shakeelb@google.com> Acked-by: Chris Li <chrisl@kernel.org> (Google) Tested-by: Bagas Sanjaya <bagasdotme@gmail.com> Cc: Greg Thelen <gthelen@google.com> Cc: Ivan Babrou <ivan@cloudflare.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Michal Koutny <mkoutny@suse.com> Cc: Muchun Song <muchun.song@linux.dev> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: Tejun Heo <tj@kernel.org> Cc: Waiman Long <longman@redhat.com> Cc: Wei Xu <weixugc@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> diff 7108cc3f Thu Nov 30 12:40:21 MST 2023 Domenico Cerasuolo <cerasuolodomenico@gmail.com> mm: memcg: add per-memcg zswap writeback stat Since zswap now writes back pages from memcg-specific LRUs, we now need a new stat to show writebacks count for each memcg. [nphamcs@gmail.com: rename ZSWP_WB to ZSWPWB] Link: https://lkml.kernel.org/r/20231205193307.2432803-1-nphamcs@gmail.com Link: https://lkml.kernel.org/r/20231130194023.4102148-5-nphamcs@gmail.com Suggested-by: Nhat Pham <nphamcs@gmail.com> Signed-off-by: Domenico Cerasuolo <cerasuolodomenico@gmail.com> Signed-off-by: Nhat Pham <nphamcs@gmail.com> Tested-by: Bagas Sanjaya <bagasdotme@gmail.com> Reviewed-by: Yosry Ahmed <yosryahmed@google.com> Cc: Chris Li <chrisl@kernel.org> Cc: Dan Streetman <ddstreet@ieee.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Muchun Song <muchun.song@linux.dev> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: Seth Jennings <sjenning@redhat.com> Cc: Shakeel Butt <shakeelb@google.com> Cc: Shuah Khan <shuah@kernel.org> Cc: Vitaly Wool <vitaly.wool@konsulko.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> diff 5f79489a Wed Nov 15 19:51:09 MST 2023 Roman Gushchin <roman.gushchin@linux.dev> mm: kmem: properly initialize local objcg variable in current_obj_cgroup() Erhard reported that the 6.7-rc1 kernel panics on boot if being built with clang-16. The problem was not reproducible with gcc. [ 5.975049] general protection fault, probably for non-canonical address 0xf555515555555557: 0000 [#1] SMP KASAN PTI [ 5.976422] KASAN: maybe wild-memory-access in range [0xaaaaaaaaaaaaaab8-0xaaaaaaaaaaaaaabf] [ 5.977475] CPU: 3 PID: 1 Comm: systemd Not tainted 6.7.0-rc1-Zen3 #77 [ 5.977860] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 [ 5.977860] RIP: 0010:obj_cgroup_charge_pages+0x27/0x2d5 [ 5.977860] Code: 90 90 90 55 41 57 41 56 41 55 41 54 53 89 d5 41 89 f6 49 89 ff 48 b8 00 00 00 00 00 fc ff df 49 83 c7 10 4d3 [ 5.977860] RSP: 0018:ffffc9000001fb18 EFLAGS: 00010a02 [ 5.977860] RAX: dffffc0000000000 RBX: aaaaaaaaaaaaaaaa RCX: ffff8883eb9a8b08 [ 5.977860] RDX: 0000000000000005 RSI: 0000000000400cc0 RDI: aaaaaaaaaaaaaaaa [ 5.977860] RBP: 0000000000000005 R08: 3333333333333333 R09: 0000000000000000 [ 5.977860] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8883eb9a8b18 [ 5.977860] R13: 1555555555555557 R14: 0000000000400cc0 R15: aaaaaaaaaaaaaaba [ 5.977860] FS: 00007f2976438b40(0000) GS:ffff8883eb980000(0000) knlGS:0000000000000000 [ 5.977860] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 5.977860] CR2: 00007f29769e0060 CR3: 0000000107222003 CR4: 0000000000370eb0 [ 5.977860] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 5.977860] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 5.977860] Call Trace: [ 5.977860] <TASK> [ 5.977860] ? __die_body+0x16/0x75 [ 5.977860] ? die_addr+0x4a/0x70 [ 5.977860] ? exc_general_protection+0x1c9/0x2d0 [ 5.977860] ? cgroup_mkdir+0x455/0x9fb [ 5.977860] ? __x64_sys_mkdir+0x69/0x80 [ 5.977860] ? asm_exc_general_protection+0x26/0x30 [ 5.977860] ? obj_cgroup_charge_pages+0x27/0x2d5 [ 5.977860] obj_cgroup_charge+0x114/0x1ab [ 5.977860] pcpu_alloc+0x1a6/0xa65 [ 5.977860] ? mem_cgroup_css_alloc+0x1eb/0x1140 [ 5.977860] ? cgroup_apply_control_enable+0x26b/0x7c0 [ 5.977860] mem_cgroup_css_alloc+0x23f/0x1140 [ 5.977860] cgroup_apply_control_enable+0x26b/0x7c0 [ 5.977860] ? cgroup_kn_set_ugid+0x2d/0x1a0 [ 5.977860] cgroup_mkdir+0x455/0x9fb [ 5.977860] ? __cfi_cgroup_mkdir+0x10/0x10 [ 5.977860] kernfs_iop_mkdir+0x130/0x170 [ 5.977860] vfs_mkdir+0x405/0x530 [ 5.977860] do_mkdirat+0x188/0x1f0 [ 5.977860] __x64_sys_mkdir+0x69/0x80 [ 5.977860] do_syscall_64+0x7d/0x100 [ 5.977860] ? do_syscall_64+0x89/0x100 [ 5.977860] ? do_syscall_64+0x89/0x100 [ 5.977860] ? do_syscall_64+0x89/0x100 [ 5.977860] ? do_syscall_64+0x89/0x100 [ 5.977860] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 5.977860] RIP: 0033:0x7f297671defb [ 5.977860] Code: 8b 05 39 7f 0d 00 bb ff ff ff ff 64 c7 00 16 00 00 00 e9 61 ff ff ff e8 23 0c 02 00 0f 1f 00 f3 0f 1e fa b88 [ 5.977860] RSP: 002b:00007ffee6242bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 5.977860] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f297671defb [ 5.977860] RDX: 0000000000000000 RSI: 00000000000001ed RDI: 000055c6b449f0e0 [ 5.977860] RBP: 00007ffee6242bf0 R08: 000000000000000e R09: 0000000000000000 [ 5.977860] R10: 0000000000000000 R11: 0000000000000246 R12: 000055c6b445db80 [ 5.977860] R13: 00000000000003a0 R14: 00007f2976a68651 R15: 00000000000003a0 [ 5.977860] </TASK> [ 5.977860] Modules linked in: [ 6.014095] ---[ end trace 0000000000000000 ]--- [ 6.014701] RIP: 0010:obj_cgroup_charge_pages+0x27/0x2d5 [ 6.015348] Code: 90 90 90 55 41 57 41 56 41 55 41 54 53 89 d5 41 89 f6 49 89 ff 48 b8 00 00 00 00 00 fc ff df 49 83 c7 10 4d3 [ 6.017575] RSP: 0018:ffffc9000001fb18 EFLAGS: 00010a02 [ 6.018255] RAX: dffffc0000000000 RBX: aaaaaaaaaaaaaaaa RCX: ffff8883eb9a8b08 [ 6.019120] RDX: 0000000000000005 RSI: 0000000000400cc0 RDI: aaaaaaaaaaaaaaaa [ 6.019983] RBP: 0000000000000005 R08: 3333333333333333 R09: 0000000000000000 [ 6.020849] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8883eb9a8b18 [ 6.021747] R13: 1555555555555557 R14: 0000000000400cc0 R15: aaaaaaaaaaaaaaba [ 6.022609] FS: 00007f2976438b40(0000) GS:ffff8883eb980000(0000) knlGS:0000000000000000 [ 6.023593] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.024296] CR2: 00007f29769e0060 CR3: 0000000107222003 CR4: 0000000000370eb0 [ 6.025279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 6.026139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 6.027000] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b Actually the problem is caused by uninitialized local variable in current_obj_cgroup(). If the root memory cgroup is set as an active memory cgroup for a charging scope (as in the trace, where systemd tries to create the first non-root cgroup, so the parent cgroup is the root cgroup), the "for" loop is skipped and uninitialized objcg is returned, causing a panic down the accounting stack. The fix is trivial: initialize the objcg variable to NULL unconditionally before the "for" loop. [vbabka@suse.cz: remove redundant assignment] Link: https://lkml.kernel.org/r/4bd106d5-c3e3-6731-9a74-cff81e2392de@suse.cz Link: https://lkml.kernel.org/r/20231116025109.3775055-1-roman.gushchin@linux.dev Fixes: e86828e5446d ("mm: kmem: scoped objcg protection") Signed-off-by: Roman Gushchin (Cruise) <roman.gushchin@linux.dev> Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Reported-by: Erhard Furtner <erhard_f@mailbox.org> Closes: https://github.com/ClangBuiltLinux/linux/issues/1959 Tested-by: Erhard Furtner <erhard_f@mailbox.org> Acked-by: Vlastimil Babka <vbabka@suse.cz> Acked-by: Shakeel Butt <shakeelb@google.com> Cc: David Rientjes <rientjes@google.com> Cc: Dennis Zhou <dennis@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Muchun Song <muchun.song@linux.dev> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> diff 24948e3b Tue Nov 07 10:18:02 MST 2023 Roman Gushchin <roman.gushchin@linux.dev> mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors Objcg vectors attached to slab pages to store slab object ownership information are allocated using gfp flags for the original slab allocation. Depending on slab page order and the size of slab objects, objcg vector can take several pages. If the original allocation was done with the __GFP_NOFAIL flag, it triggered a warning in the page allocation code. Indeed, order > 1 pages should not been allocated with the __GFP_NOFAIL flag. Fix this by simply dropping the __GFP_NOFAIL flag when allocating the objcg vector. It effectively allows to skip the accounting of a single slab object under a heavy memory pressure. An alternative would be to implement the mechanism to fallback to order-0 allocations for accounting metadata, which is also not perfect because it will increase performance penalty and memory footprint of the kernel memory accounting under memory pressure. Link: https://lkml.kernel.org/r/ZUp8ZFGxwmCx4ZFr@P9FQF9L96D.corp.robot.car Signed-off-by: Roman Gushchin <roman.gushchin@linux.dev> Reported-by: Christoph Lameter <cl@linux.com> Closes: https://lkml.kernel.org/r/6b42243e-f197-600a-5d22-56bd728a5ad8@gentwo.org Acked-by: Shakeel Butt <shakeelb@google.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> diff e86828e5 Thu Oct 19 16:53:44 MDT 2023 Roman Gushchin <roman.gushchin@linux.dev> mm: kmem: scoped objcg protection Switch to a scope-based protection of the objcg pointer on slab/kmem allocation paths. Instead of using the get_() semantics in the pre-allocation hook and put the reference afterwards, let's rely on the fact that objcg is pinned by the scope. It's possible because: 1) if the objcg is received from the current task struct, the task is keeping a reference to the objcg. 2) if the objcg is received from an active memcg (remote charging), the memcg is pinned by the scope and has a reference to the corresponding objcg. Link: https://lkml.kernel.org/r/20231019225346.1822282-5-roman.gushchin@linux.dev Signed-off-by: Roman Gushchin (Cruise) <roman.gushchin@linux.dev> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> Acked-by: Shakeel Butt <shakeelb@google.com> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Cc: David Rientjes <rientjes@google.com> Cc: Dennis Zhou <dennis@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Muchun Song <muchun.song@linux.dev> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> diff 7d0715d0 Thu Oct 19 16:53:41 MDT 2023 Roman Gushchin <roman.gushchin@linux.dev> mm: kmem: optimize get_obj_cgroup_from_current() Patch series "mm: improve performance of accounted kernel memory allocations", v5. This patchset improves the performance of accounted kernel memory allocations by ~30% as measured by a micro-benchmark [1]. The benchmark is very straightforward: 1M of 64 bytes-large kmalloc() allocations. Below are results with the disabled kernel memory accounting, the original state and with this patchset applied. \| \| Kmem disabled \| Original \| Patched \| Delta \| \|-------------+---------------+----------+---------+--------\| \| User cgroup \| 29764 \| 84548 \| 59078 \| -30.0% \| \| Root cgroup \| 29742 \| 48342 \| 31501 \| -34.8% \| As we can see, the patchset removes the majority of the overhead when there is no actual accounting (a task belongs to the root memory cgroup) and almost halves the accounting overhead otherwise. The main idea is to get rid of unnecessary memcg to objcg conversions and switch to a scope-based protection of objcgs, which eliminates extra operations with objcg reference counters under a rcu read lock. More details are provided in individual commit descriptions. This patch (of 5): Manually inline memcg_kmem_bypass() and active_memcg() to speed up get_obj_cgroup_from_current() by avoiding duplicate in_task() checks and active_memcg() readings. Also add a likely() macro to __get_obj_cgroup_from_memcg(): obj_cgroup_tryget() should succeed at almost all times except a very unlikely race with the memcg deletion path. Link: https://lkml.kernel.org/r/20231019225346.1822282-1-roman.gushchin@linux.dev Link: https://lkml.kernel.org/r/20231019225346.1822282-2-roman.gushchin@linux.dev Signed-off-by: Roman Gushchin (Cruise) <roman.gushchin@linux.dev> Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org> Acked-by: Shakeel Butt <shakeelb@google.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Cc: David Rientjes <rientjes@google.com> Cc: Dennis Zhou <dennis@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Muchun Song <muchun.song@linux.dev> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> diff 7bd5bc3c Fri Sep 22 11:57:40 MDT 2023 Yosry Ahmed <yosryahmed@google.com> mm: memcg: normalize the value passed into memcg_rstat_updated() memcg_rstat_updated() uses the value of the state update to keep track of the magnitude of pending updates, so that we only do a stats flush when it's worth the work. Most values passed into memcg_rstat_updated() are in pages, however, a few of them are actually in bytes or KBs. To put this into perspective, a 512 byte slab allocation today would look the same as allocating 512 pages. This may result in premature flushes, which means unnecessary work and latency. Normalize all the state values passed into memcg_rstat_updated() to pages. Round up non-zero sub-page to 1 page, because memcg_rstat_updated() ignores 0 page updates. Link: https://lkml.kernel.org/r/20230922175741.635002-3-yosryahmed@google.com Fixes: 5b3be698a872 ("memcg: better bounds on the memcg stats updates") Signed-off-by: Yosry Ahmed <yosryahmed@google.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Michal Koutný <mkoutny@suse.com> Cc: Muchun Song <muchun.song@linux.dev> Cc: Roman Gushchin <roman.gushchin@linux.dev> Cc: Shakeel Butt <shakeelb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> diff 5c7e7a0d Mon May 22 05:20:56 MDT 2023 T.J. Alumbaugh <talumbau@google.com> mm: multi-gen LRU: cleanup lru_gen_soft_reclaim() lru_gen_soft_reclaim() gets the lruvec from the memcg and node ID to keep a cleaner interface on the caller side. Link: https://lkml.kernel.org/r/20230522112058.2965866-2-talumbau@google.com Signed-off-by: T.J. Alumbaugh <talumbau@google.com> Reviewed-by: Yuanchu Xie <yuanchu@google.com> Cc: David Hildenbrand <david@redhat.com> Cc: Yu Zhao <yuzhao@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Completed in 1104 milliseconds

asus-wl-520gu-7.0.1.45
asuswrt-rt-n18u-9.0.0.4.380.2695
barrelfish-2018-10-04
barrelfish-master
broadcom-cfe-1.4.2
darwin-on-arm
freebsd-10-stable
freebsd-10.0-release
freebsd-10.1-release
freebsd-10.2-release
freebsd-10.3-release
freebsd-11-stable
freebsd-11.0-release
freebsd-12-stable
freebsd-13-stable
freebsd-9.3-release
freebsd-current
fuchsia
haiku
haiku-buildtools
haiku-fatelf
haikuporter
haikuports
linux-master
macosx-10.10
macosx-10.10.1
macosx-10.5.8
macosx-10.9.5
netbsd-6-1-5-RELEASE
netbsd-current
netgear-R7000-V1.0.7.12_1.2.5
netgear-R7800-V1.0.2.28
netgear-WNDR4500-V1.0.1.40_1.0.68
netgear-WNDR4500v2-V1.0.0.60_1.0.38
openbsd-current
openjdk10
openjdk9
opensolaris-onvv-gate
openwrt
seL4-camkes-master
seL4-l4v-10.1.1
seL4-l4v-master
seL4-mcs-10.1.1
seL4-refos-master
seL4-test-master
u-boot
xnu-2422.115.4
xnu-2782.1.97