lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANn89i+Sz1xLmo1tFgbx0KH=RJks6Q=zw0O7NM962T-FG063aQ@mail.gmail.com>
Date:   Wed, 4 Aug 2021 10:34:28 +0200
From:   Eric Dumazet <edumazet@...gle.com>
To:     Pavel Tikhomirov <ptikhomirov@...tuozzo.com>
Cc:     netdev <netdev@...r.kernel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Arnd Bergmann <arnd@...db.de>, Paolo Abeni <pabeni@...hat.com>,
        Florian Westphal <fw@...len.de>,
        LKML <linux-kernel@...r.kernel.org>, linux-alpha@...r.kernel.org,
        linux-mips@...r.kernel.org, linux-parisc@...r.kernel.org,
        sparclinux@...r.kernel.org,
        linux-arch <linux-arch@...r.kernel.org>,
        Andrei Vagin <avagin@...il.com>, kernel@...nvz.org
Subject: Re: [PATCH v3] sock: allow reading and changing sk_userlocks with setsockopt

On Wed, Aug 4, 2021 at 9:56 AM Pavel Tikhomirov
<ptikhomirov@...tuozzo.com> wrote:
>
> SOCK_SNDBUF_LOCK and SOCK_RCVBUF_LOCK flags disable automatic socket
> buffers adjustment done by kernel (see tcp_fixup_rcvbuf() and
> tcp_sndbuf_expand()). If we've just created a new socket this adjustment
> is enabled on it, but if one changes the socket buffer size by
> setsockopt(SO_{SND,RCV}BUF*) it becomes disabled.
>
> CRIU needs to call setsockopt(SO_{SND,RCV}BUF*) on each socket on
> restore as it first needs to increase buffer sizes for packet queues
> restore and second it needs to restore back original buffer sizes.

We could argue the bug is in TCP_REPAIR code, not allowing restoring
queues unless
those setsockopt() calls have been done.

For instance SO_RCVLOWAT is able to automatically increase sk->sk_rcvbuf

But I think this feature might be useful regardless of TCP_REPAIR needs.

(There is no way to 'undo' a prior SO_RCVBUF or SO_SNDBUF since they are setting
the SOCK_[SND|RCV]BUF_LOCK bits permanently)

Reviewed-by: Eric Dumazet <edumazet@...gle.com>


> So after CRIU restore all sockets become non-auto-adjustable, which can
> decrease network performance of restored applications significantly.
>
> CRIU need to be able to restore sockets with enabled/disabled adjustment
> to the same state it was before dump, so let's add special setsockopt
> for it.
>
> Let's also export SOCK_SNDBUF_LOCK and SOCK_RCVBUF_LOCK flags to uAPI so
> that using these interface one can reenable automatic socket buffer
> adjustment on their sockets.
>
> Signed-off-by: Pavel Tikhomirov <ptikhomirov@...tuozzo.com>
> ---
> Here is a corresponding CRIU commits using these new feature to fix slow
> download speed problem after migration:
> https://github.com/checkpoint-restore/criu/pull/1568
>
> Origin of the problem:
>
> We have a customer in Virtuozzo who mentioned that nginx server becomes
> slower after container migration. Especially it is easy to mention when
> you wget some big file via localhost from the same container which was
> just migrated.
>
> By strace-ing all nginx processes I see that nginx worker process before
> c/r sends data to local wget with big chunks ~1.5Mb, but after c/r it
> only succeeds to send by small chunks ~64Kb.
>
> Before:
> sendfile(12, 13, [7984974] => [9425600], 11479629) = 1440626 <0.000180>
>
> After:
> sendfile(8, 13, [1507275] => [1568768], 17957328) = 61493 <0.000675>
>
> Smaller buffer can explain the decrease in download speed. So as a POC I
> just commented out all buffer setting manipulations and that helped.
>
> Note: I'm not sure about the way I export flags to uAPI, probably there
> is some other better way without separating BUF and BIND lock flags to
> different header files.
>
> v2: define SOCK_BUF_LOCK_MASK mask
> v3: reject other flags except SOCK_SNDBUF_LOCK and SOCK_RCVBUF_LOCK, use
> mask in sock_getsockopt, export flags to uapi/linux/socket.h
> ---
>  arch/alpha/include/uapi/asm/socket.h  |  2 ++
>  arch/mips/include/uapi/asm/socket.h   |  2 ++
>  arch/parisc/include/uapi/asm/socket.h |  2 ++
>  arch/sparc/include/uapi/asm/socket.h  |  2 ++
>  include/net/sock.h                    |  3 +--
>  include/uapi/asm-generic/socket.h     |  2 ++
>  include/uapi/linux/socket.h           |  5 +++++
>  net/core/sock.c                       | 13 +++++++++++++
>  8 files changed, 29 insertions(+), 2 deletions(-)
>
> diff --git a/arch/alpha/include/uapi/asm/socket.h b/arch/alpha/include/uapi/asm/socket.h
> index 6b3daba60987..1dd9baf4a6c2 100644
> --- a/arch/alpha/include/uapi/asm/socket.h
> +++ b/arch/alpha/include/uapi/asm/socket.h
> @@ -129,6 +129,8 @@
>
>  #define SO_NETNS_COOKIE                71
>
> +#define SO_BUF_LOCK            72
> +
>  #if !defined(__KERNEL__)
>
>  #if __BITS_PER_LONG == 64
> diff --git a/arch/mips/include/uapi/asm/socket.h b/arch/mips/include/uapi/asm/socket.h
> index cdf404a831b2..1eaf6a1ca561 100644
> --- a/arch/mips/include/uapi/asm/socket.h
> +++ b/arch/mips/include/uapi/asm/socket.h
> @@ -140,6 +140,8 @@
>
>  #define SO_NETNS_COOKIE                71
>
> +#define SO_BUF_LOCK            72
> +
>  #if !defined(__KERNEL__)
>
>  #if __BITS_PER_LONG == 64
> diff --git a/arch/parisc/include/uapi/asm/socket.h b/arch/parisc/include/uapi/asm/socket.h
> index 5b5351cdcb33..8baaad52d799 100644
> --- a/arch/parisc/include/uapi/asm/socket.h
> +++ b/arch/parisc/include/uapi/asm/socket.h
> @@ -121,6 +121,8 @@
>
>  #define SO_NETNS_COOKIE                0x4045
>
> +#define SO_BUF_LOCK            0x4046
> +
>  #if !defined(__KERNEL__)
>
>  #if __BITS_PER_LONG == 64
> diff --git a/arch/sparc/include/uapi/asm/socket.h b/arch/sparc/include/uapi/asm/socket.h
> index 92675dc380fa..e80ee8641ac3 100644
> --- a/arch/sparc/include/uapi/asm/socket.h
> +++ b/arch/sparc/include/uapi/asm/socket.h
> @@ -122,6 +122,8 @@
>
>  #define SO_NETNS_COOKIE          0x0050
>
> +#define SO_BUF_LOCK              0x0051
> +
>  #if !defined(__KERNEL__)
>
>
> diff --git a/include/net/sock.h b/include/net/sock.h
> index ff1be7e7e90b..6e761451c927 100644
> --- a/include/net/sock.h
> +++ b/include/net/sock.h
> @@ -68,6 +68,7 @@
>  #include <net/tcp_states.h>
>  #include <linux/net_tstamp.h>
>  #include <net/l3mdev.h>
> +#include <uapi/linux/socket.h>
>
>  /*
>   * This structure really needs to be cleaned up.
> @@ -1438,8 +1439,6 @@ static inline int __sk_prot_rehash(struct sock *sk)
>  #define RCV_SHUTDOWN   1
>  #define SEND_SHUTDOWN  2
>
> -#define SOCK_SNDBUF_LOCK       1
> -#define SOCK_RCVBUF_LOCK       2
>  #define SOCK_BINDADDR_LOCK     4
>  #define SOCK_BINDPORT_LOCK     8
>
> diff --git a/include/uapi/asm-generic/socket.h b/include/uapi/asm-generic/socket.h
> index d588c244ec2f..1f0a2b4864e4 100644
> --- a/include/uapi/asm-generic/socket.h
> +++ b/include/uapi/asm-generic/socket.h
> @@ -124,6 +124,8 @@
>
>  #define SO_NETNS_COOKIE                71
>
> +#define SO_BUF_LOCK            72
> +
>  #if !defined(__KERNEL__)
>
>  #if __BITS_PER_LONG == 64 || (defined(__x86_64__) && defined(__ILP32__))
> diff --git a/include/uapi/linux/socket.h b/include/uapi/linux/socket.h
> index c3409c8ec0dd..eb0a9a5b6e71 100644
> --- a/include/uapi/linux/socket.h
> +++ b/include/uapi/linux/socket.h
> @@ -26,4 +26,9 @@ struct __kernel_sockaddr_storage {
>         };
>  };
>
> +#define SOCK_SNDBUF_LOCK       1
> +#define SOCK_RCVBUF_LOCK       2
> +
> +#define SOCK_BUF_LOCK_MASK (SOCK_SNDBUF_LOCK | SOCK_RCVBUF_LOCK)
> +
>  #endif /* _UAPI_LINUX_SOCKET_H */
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 9671c32e6ef5..aada649e07e8 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -1358,6 +1358,15 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
>                 ret = sock_bindtoindex_locked(sk, val);
>                 break;
>
> +       case SO_BUF_LOCK:
> +               if (val & ~SOCK_BUF_LOCK_MASK) {
> +                       ret = -EINVAL;
> +                       break;
> +               }
> +               sk->sk_userlocks = val | (sk->sk_userlocks &
> +                                         ~SOCK_BUF_LOCK_MASK);
> +               break;
> +
>         default:
>                 ret = -ENOPROTOOPT;
>                 break;
> @@ -1720,6 +1729,10 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
>                 v.val64 = sock_net(sk)->net_cookie;
>                 break;
>
> +       case SO_BUF_LOCK:
> +               v.val = sk->sk_userlocks & SOCK_BUF_LOCK_MASK;
> +               break;
> +
>         default:
>                 /* We implement the SO_SNDLOWAT etc to not be settable
>                  * (1003.1g 7).
> --
> 2.31.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ