• John Fastabend's avatar
    bpf, sockmap: Convert schedule_work into delayed_work · 29173d07
    John Fastabend authored
    Sk_buffs are fed into sockmap verdict programs either from a strparser
    (when the user might want to decide how framing of skb is done by attaching
    another parser program) or directly through tcp_read_sock. The
    tcp_read_sock is the preferred method for performance when the BPF logic is
    a stream parser.
    
    The flow for Cilium's common use case with a stream parser is,
    
     tcp_read_sock()
      sk_psock_verdict_recv
        ret = bpf_prog_run_pin_on_cpu()
        sk_psock_verdict_apply(sock, skb, ret)
         // if system is under memory pressure or app is slow we may
         // need to queue skb. Do this queuing through ingress_skb and
         // then kick timer to wake up handler
         skb_queue_tail(ingress_skb, skb)
         schedule_work(work);
    
    The work queue is wired up to sk_psock_backlog(). This will then walk the
    ingress_skb skb list that holds our sk_buffs that could not be handled,
    but should be OK to run at some later point. However, its possible that
    the workqueue doing this work still hits an error when sending the skb.
    When this happens the skbuff is requeued on a temporary 'state' struct
    kept with the workqueue. This is necessary because its possible to
    partially send an skbuff before hitting an error and we need to know how
    and where to restart when the workqueue runs next.
    
    Now for the trouble, we don't rekick the workqueue. This can cause a
    stall where the skbuff we just cached on the state variable might never
    be sent. This happens when its the last packet in a flow and no further
    packets come along that would cause the system to kick the workqueue from
    that side.
    
    To fix we could do simple schedule_work(), but while under memory pressure
    it makes sense to back off some instead of continue to retry repeatedly. So
    instead to fix convert schedule_work to schedule_delayed_work and add
    backoff logic to reschedule from backlog queue on errors. Its not obvious
    though what a good backoff is so use '1'.
    
    To test we observed some flakes whil running NGINX compliance test with
    sockmap we attributed these failed test to this bug and subsequent issue.
    
    >From on list discussion. This commit
    
     bec21719("skmsg: Schedule psock work if the cached skb exists on the psock")
    
    was intended to address similar race, but had a couple cases it missed.
    Most obvious it only accounted for receiving traffic on the local socket
    so if redirecting into another socket we could still get an sk_buff stuck
    here. Next it missed the case where copied=0 in the recv() handler and
    then we wouldn't kick the scheduler. Also its sub-optimal to require
    userspace to kick the internal mechanisms of sockmap to wake it up and
    copy data to user. It results in an extra syscall and requires the app
    to actual handle the EAGAIN correctly.
    
    Fixes: 04919bed ("tcp: Introduce tcp_read_skb()")
    Signed-off-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Tested-by: default avatarWilliam Findlay <will@isovalent.com>
    Reviewed-by: default avatarJakub Sitnicki <jakub@cloudflare.com>
    Link: https://lore.kernel.org/bpf/20230523025618.113937-3-john.fastabend@gmail.com
    29173d07
sock_map.c 40.7 KB