From: Eric Dumazet <eric.duma...@gmail.com>
Date: Wed, 21 Dec 2016 05:42:43 -0800
> From: Eric Dumazet <eduma...@google.com>
>
> Madalin reported crashes happening in tcp_tasklet_func() on powerpc64
>
> Before TSQ_QUEUED bit is cleared, we must ensure the changes done
> by list_del(&tp->tsq_node); are committed to memory, otherwise
> corruption might happen, as an other cpu could catch TSQ_QUEUED
> clearance too soon.
>
> We can notice that old kernels were immune to this bug, because
> TSQ_QUEUED was cleared after a bh_lock_sock(sk)/bh_unlock_sock(sk)
> section, but they could have missed a kick to write additional bytes,
> when NIC interrupts for a given flow are spread to multiple cpus.
>
> Affected TCP flows would need an incoming ACK or RTO timer to add more
> packets to the pipe. So overall situation should be better now.
>
> Fixes: b223feb9de2a ("tcp: tsq: add shortcut in tcp_tasklet_func()")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: Madalin Bucur <madalin.bu...@nxp.com>
> Tested-by: Madalin Bucur <madalin.bu...@nxp.com>
Applied, thanks Eric.
