Date: Mon, 10 Oct 2011 18:26:23 +0000 (UTC) From: Andre Oppermann <andre@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r226228 - stable/9/sys/netinet Message-ID: <201110101826.p9AIQNg4075762@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: andre Date: Mon Oct 10 18:26:23 2011 New Revision: 226228 URL: http://svn.freebsd.org/changeset/base/226228 Log: MFC r226113: Prevent TCP sessions from stalling indefinitely in reassembly when reaching the zone limit of reassembly queue entries. Approved by: re (kib) Modified: stable/9/sys/netinet/tcp_reass.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/amd64/include/xen/ (props changed) stable/9/sys/boot/ (props changed) stable/9/sys/boot/i386/efi/ (props changed) stable/9/sys/boot/ia64/efi/ (props changed) stable/9/sys/boot/ia64/ski/ (props changed) stable/9/sys/boot/powerpc/boot1.chrp/ (props changed) stable/9/sys/boot/powerpc/ofw/ (props changed) stable/9/sys/cddl/contrib/opensolaris/ (props changed) stable/9/sys/conf/ (props changed) stable/9/sys/contrib/dev/acpica/ (props changed) stable/9/sys/contrib/octeon-sdk/ (props changed) stable/9/sys/contrib/pf/ (props changed) stable/9/sys/contrib/x86emu/ (props changed) Modified: stable/9/sys/netinet/tcp_reass.c ============================================================================== --- stable/9/sys/netinet/tcp_reass.c Mon Oct 10 18:20:36 2011 (r226227) +++ stable/9/sys/netinet/tcp_reass.c Mon Oct 10 18:26:23 2011 (r226228) @@ -177,7 +177,9 @@ tcp_reass(struct tcpcb *tp, struct tcphd struct tseg_qent *nq; struct tseg_qent *te = NULL; struct socket *so = tp->t_inpcb->inp_socket; + char *s = NULL; int flags; + struct tseg_qent tqs; INP_WLOCK_ASSERT(tp->t_inpcb); @@ -215,19 +217,40 @@ tcp_reass(struct tcpcb *tp, struct tcphd TCPSTAT_INC(tcps_rcvmemdrop); m_freem(m); *tlenp = 0; + if ((s = tcp_log_addrs(&tp->t_inpcb->inp_inc, th, NULL, NULL))) { + log(LOG_DEBUG, "%s; %s: queue limit reached, " + "segment dropped\n", s, __func__); + free(s, M_TCPLOG); + } return (0); } /* * Allocate a new queue entry. If we can't, or hit the zone limit * just drop the pkt. + * + * Use a temporary structure on the stack for the missing segment + * when the zone is exhausted. Otherwise we may get stuck. */ te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT); - if (te == NULL) { + if (te == NULL && th->th_seq != tp->rcv_nxt) { TCPSTAT_INC(tcps_rcvmemdrop); m_freem(m); *tlenp = 0; + if ((s = tcp_log_addrs(&tp->t_inpcb->inp_inc, th, NULL, NULL))) { + log(LOG_DEBUG, "%s; %s: global zone limit reached, " + "segment dropped\n", s, __func__); + free(s, M_TCPLOG); + } return (0); + } else if (th->th_seq == tp->rcv_nxt) { + bzero(&tqs, sizeof(struct tseg_qent)); + te = &tqs; + if ((s = tcp_log_addrs(&tp->t_inpcb->inp_inc, th, NULL, NULL))) { + log(LOG_DEBUG, "%s; %s: global zone limit reached, " + "using stack for missing segment\n", s, __func__); + free(s, M_TCPLOG); + } } tp->t_segqlen++; @@ -304,6 +327,8 @@ tcp_reass(struct tcpcb *tp, struct tcphd if (p == NULL) { LIST_INSERT_HEAD(&tp->t_segq, te, tqe_q); } else { + KASSERT(te != &tqs, ("%s: temporary stack based entry not " + "first element in queue", __func__)); LIST_INSERT_AFTER(p, te, tqe_q); } @@ -327,7 +352,8 @@ present: m_freem(q->tqe_m); else sbappendstream_locked(&so->so_rcv, q->tqe_m); - uma_zfree(V_tcp_reass_zone, q); + if (q != &tqs) + uma_zfree(V_tcp_reass_zone, q); tp->t_segqlen--; q = nq; } while (q && q->tqe_th->th_seq == tp->rcv_nxt);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110101826.p9AIQNg4075762>