issue: 1792164 Fix race access to error queue

Signed-off-by: Igor Ivanov <[email protected]>

Author: igor-ivanov

src/vma/sock/sockinfo.cpp

@@ -1663,7 +1663,9 @@ void sockinfo::handle_recv_errqueue(struct cmsg_state *cm_state)
 		return;
 	}
 
+	m_error_queue_lock.lock();
 	buff = m_error_queue.get_and_pop_front();
+	m_error_queue_lock.unlock();
 
 	if (!(buff->m_flags & mem_buf_desc_t::CLONED)) {
 		si_logerr("Detected invalid element in socket error queue as %p with flags 0x%x",

src/vma/sock/sockinfo.h

@@ -269,6 +269,7 @@ class sockinfo : public socket_fd_api, public pkt_rcvr_sink, public pkt_sndr_sou
 	 * to provide notification ability.
 	 */
 	descq_t    m_error_queue;
+	lock_spin  m_error_queue_lock;
 
 	/* TX zcopy counter
 	 * The notification itself for tx zcopy operation is a simple scalar value.

src/vma/sock/sockinfo_tcp.cpp

@@ -4635,10 +4635,6 @@ mem_buf_desc_t* sockinfo_tcp::tcp_tx_zc_alloc(mem_buf_desc_t* p_desc)
 
 void sockinfo_tcp::tcp_tx_zc_callback(mem_buf_desc_t* p_desc)
 {
-	uint32_t lo, hi;
-	uint16_t count;
-	uint32_t prev_lo, prev_hi;
-	mem_buf_desc_t* err_queue = NULL;
 	sockinfo_tcp* sock = NULL;
 
 	if (!p_desc) {
@@ -4655,6 +4651,22 @@ void sockinfo_tcp::tcp_tx_zc_callback(mem_buf_desc_t* p_desc)
 		goto cleanup;
 	}
 
+	sock->tcp_tx_zc_handle(p_desc);
+
+cleanup:
+        /* Clean up */
+        p_desc->m_flags &= ~mem_buf_desc_t::ZCOPY;
+        memset(&p_desc->tx.zc, 0, sizeof(p_desc->tx.zc));
+}
+
+void sockinfo_tcp::tcp_tx_zc_handle(mem_buf_desc_t* p_desc)
+{
+	uint32_t lo, hi;
+	uint16_t count;
+	uint32_t prev_lo, prev_hi;
+	mem_buf_desc_t* err_queue = NULL;
+	sockinfo_tcp* sock = this;
+
 	count = p_desc->tx.zc.count;
 	lo = p_desc->tx.zc.id;
 	hi = lo + count - 1;
@@ -4665,6 +4677,8 @@ void sockinfo_tcp::tcp_tx_zc_callback(mem_buf_desc_t* p_desc)
 	p_desc->ee.ee_info = lo;
 //	p_desc->ee.ee_code |= SO_EE_CODE_ZEROCOPY_COPIED;
 
+	m_error_queue_lock.lock();
+
 	/* Update last error queue element in case it has the same type */
 	err_queue = sock->m_error_queue.back();
 	if (err_queue &&
@@ -4691,14 +4705,11 @@ void sockinfo_tcp::tcp_tx_zc_callback(mem_buf_desc_t* p_desc)
 		sock->m_error_queue.push_back(err_queue);
 	}
 
+	m_error_queue_lock.unlock();
+
 	/* Signal events on socket */
 	NOTIFY_ON_EVENTS(sock, EPOLLERR);
 	sock->do_wakeup();
-
-cleanup:
-        /* Clean up */
-        p_desc->m_flags &= ~mem_buf_desc_t::ZCOPY;
-        memset(&p_desc->tx.zc, 0, sizeof(p_desc->tx.zc));
 }
 
 struct tcp_seg * sockinfo_tcp::tcp_seg_alloc(void* p_conn)

src/vma/sock/sockinfo_tcp.h

@@ -187,6 +187,7 @@ class sockinfo_tcp : public sockinfo, public timer_handler
 
 	mem_buf_desc_t* tcp_tx_zc_alloc(mem_buf_desc_t* p_desc);
 	static void tcp_tx_zc_callback(mem_buf_desc_t* p_desc);
+	void tcp_tx_zc_handle(mem_buf_desc_t* p_desc);
 
 	bool inline is_readable(uint64_t *p_poll_sn, fd_array_t *p_fd_array = NULL);
 	bool inline is_writeable();