Received: by 10.213.65.68 with SMTP id h4csp1955970imn; Thu, 29 Mar 2018 14:25:22 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+33WneOYJ2ywS3zxaauHz8ns1TYWm//wztDmEqVPT4QWCrKYjQcWf8f/3LG9ebggjh4lR4 X-Received: by 10.101.97.165 with SMTP id i5mr6558908pgv.449.1522358722240; Thu, 29 Mar 2018 14:25:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522358722; cv=none; d=google.com; s=arc-20160816; b=e/xHUuDTN2QCspdsIQOV06fNc9qG4VsuuESwzfDNTGFvQmPj+vEdKTIVZnvpLBHLrU 0RPLx2JCFKeW2+cZu0CGMe1TXNczcD0fF/JisUCx8JBTcgL7f4omH2/aka0D6CppBvm3 bCqi7ujnwmB/k8WV50OTNspp8HKCrg7FGNCl5phVz/qbPDE4b+7MnLUnPjFY2e43an5O EL+LsgcSlGuaReP2jm88rIYKhONRfkgS/M7wWUrizK7EIikzidp4eqgMHY2UhOKcpokZ EOPoNFt0Gi2vlH2YuDIuDAjCsFtd2pbvLdIgV4NtQlYG4y5oVyKPdZ2QCZPBwjU1Pudb 8hZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:date:cc:to:from:subject :message-id:arc-authentication-results; bh=SWS/Qd8krexQ7iUXbw5phD1sctA+KiL6e7+wiSztJt8=; b=Nxg/fx96Ept6k72zP92z2I83uGbOWkyhMRRIEZQoxUl+QEYitFejgSt3TcGgxGpmk5 xb+gLEOHGhuFdITHjjbq4ShQCwcTf/Om7+OspPzBc/UP+G/OKe+j4m9sNrtzhHuMHJng NS9V1gK+xj/lzeZr0aQZCnKqwP4DG8oIcBci0nF8P5zdEHC816CzzOAftV+dJGHwNjgT hCT9PjULvyCxnvhWCvkIGLqKbyNEjqNFOwBsWYyfB+wiju9U6dCHSxbKyb92VGfl4Uh8 ZDD0nKxKZ2qp3dxMJ9T52sRCZ4RuW3aw51GMiPkS9wf1w0RuRv/srkR8/2BTggDTpY8Y iarw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codethink.co.uk Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l7si4571941pgu.518.2018.03.29.14.25.06; Thu, 29 Mar 2018 14:25:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=codethink.co.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751398AbeC2VX4 (ORCPT + 99 others); Thu, 29 Mar 2018 17:23:56 -0400 Received: from imap1.codethink.co.uk ([176.9.8.82]:46775 "EHLO imap1.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750735AbeC2VXz (ORCPT ); Thu, 29 Mar 2018 17:23:55 -0400 Received: from 167-98-27-229.cust-167.exponential-e.net ([167.98.27.229] helo=xylophone) by imap1.codethink.co.uk with esmtpsa (Exim 4.84_2 #1 (Debian)) id 1f1f1P-0005qk-18; Thu, 29 Mar 2018 22:23:47 +0100 Message-ID: <1522358626.2654.39.camel@codethink.co.uk> Subject: Re: [PATCH 4.4 033/134] tcp: sysctl: Fix a race to avoid unexpected 0 window from space From: Ben Hutchings To: Gao Feng , "David S. Miller" Cc: stable@vger.kernel.org, Sasha Levin , Greg Kroah-Hartman , linux-kernel@vger.kernel.org Date: Thu, 29 Mar 2018 22:23:46 +0100 In-Reply-To: <20180319171854.104088447@linuxfoundation.org> References: <20180319171849.024066323@linuxfoundation.org> <20180319171854.104088447@linuxfoundation.org> Organization: Codethink Ltd. Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.6-1+deb9u1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2018-03-19 at 19:05 +0100, Greg Kroah-Hartman wrote: > 4.4-stable review patch.  If anyone has any objections, please let me know. > > ------------------ > > From: Gao Feng > > > [ Upstream commit c48367427a39ea0b85c7cf018fe4256627abfd9e ] > > Because sysctl_tcp_adv_win_scale could be changed any time, so there > is one race in tcp_win_from_space. > For example, > 1.sysctl_tcp_adv_win_scale<=0 (sysctl_tcp_adv_win_scale is negative now) > 2.space>>(-sysctl_tcp_adv_win_scale) (sysctl_tcp_adv_win_scale is postive now) > > As a result, tcp_win_from_space returns 0. It is unexpected. > > Certainly if the compiler put the sysctl_tcp_adv_win_scale into one > register firstly, then use the register directly, it would be ok. > But we could not depend on the compiler behavior. This is true, but the compiler can also decide that this local variable is just an alias for the global variable and still read it twice. It is necessary to use READ_ONCE() to prevent that. Ben. > Signed-off-by: Gao Feng > Signed-off-by: David S. Miller > Signed-off-by: Sasha Levin > Signed-off-by: Greg Kroah-Hartman > --- >  include/net/tcp.h |    8 +++++--- >  1 file changed, 5 insertions(+), 3 deletions(-) > > --- a/include/net/tcp.h > +++ b/include/net/tcp.h > @@ -1199,9 +1199,11 @@ void tcp_select_initial_window(int __spa >   >  static inline int tcp_win_from_space(int space) >  { > - return sysctl_tcp_adv_win_scale<=0 ? > - (space>>(-sysctl_tcp_adv_win_scale)) : > - space - (space>>sysctl_tcp_adv_win_scale); > + int tcp_adv_win_scale = sysctl_tcp_adv_win_scale; > + > + return tcp_adv_win_scale <= 0 ? > + (space>>(-tcp_adv_win_scale)) : > + space - (space>>tcp_adv_win_scale); >  } >   >  /* Note: caller must be prepared to deal with negative returns */ -- Ben Hutchings Software Developer, Codethink Ltd.