Bug 127528 - incorrect socket sndbuf accounting for multicast sockets with IP_MULTICAST_LOOP set
Summary: incorrect socket sndbuf accounting for multicast sockets with IP_MULTICAST_LO...
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Neil Horman
QA Contact: Brian Brock
Depends On:
Blocks: 123574
TreeView+ depends on / blocked
Reported: 2004-07-09 14:49 UTC by Neil Horman
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-20 20:55:36 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
C++ test case to demonstrate sendto blocking failure (3.98 KB, text/plain)
2004-07-09 14:50 UTC, Neil Horman
no flags Details
patch to adjust socket buffer accounting. (1.03 KB, patch)
2004-07-09 14:59 UTC, Neil Horman
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2004:550 normal SHIPPED_LIVE Updated kernel packages available for Red Hat Enterprise Linux 3 Update 4 2004-12-20 05:00:00 UTC

Description Neil Horman 2004-07-09 14:49:36 UTC
Description of problem:
when sending fragmented packets over multicast sockets, if the
IP_MULTICAST_LOOP option is enabled, each skbuff is cloned and
fragmented.  The accounting for the sockets SNDBUF is preformed on
each fragment, but after the frame is transmitted the kfree_skb call
fails to preform the reverse accounting, since the cloned skbuffs are
not freed, only the top level skbuff representing the entire frame. 
Only after the socket is read from, clearing the received skbuff from
the receive queue, is the reverse accounting preformed.  This can lead
to inacurate sndbuf values, and if the socket is not read from often
enough, the user process using the socket can block indefinately on a
send(to/msg) call.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1) Remove iptables modules from the system (iptables can prematurely
free buffers to prevent queue backlog).

2) build and run the attached testcase (multicast_test.C).  Specify
when running a large packet size (I've been using 10000 bytes) so as
to incur fragmenting.  Also specify that IP_MUTLICAST_LOOP should be
set, and that the reader thread should never read.

Actual results:
After a few packets, the call to sendto will block forever, waiting
for available memory in the SNDBUF buffer.  This will not be made
available until the socket is read from

Expected results:
Socket sends only block until frames are transmitted, at which point
memory should be available in the send buffer.

Additional info:

Comment 1 Neil Horman 2004-07-09 14:50:10 UTC
Created attachment 101749 [details]
C++ test case to demonstrate sendto blocking failure

Comment 2 Neil Horman 2004-07-09 14:59:27 UTC
Created attachment 101751 [details]
patch to adjust socket buffer accounting.

This patch corrects this issue by moving socket layer accounting to the top
level skbuff.  By doing this all SNDBUF memory is released on the freeing of
the top level skbuff, which allows individual fragments to be cloned without
affecting the accounting.  I also checked, and this problem seems to present in
the 2.6 kernel as well, so this patch should probably be pushed there.

Comment 3 Ernie Petrides 2004-08-31 04:16:52 UTC
A fix for this problem has just been committed to the RHEL3 U4
patch pool this evening (in kernel version 2.4.21-20.1.EL).

Comment 4 John Flanagan 2004-12-20 20:55:36 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.