lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 29 Oct 2022 21:09:51 +0800
From:   menglong8.dong@...il.com
To:     edumazet@...gle.com, kuba@...nel.org
Cc:     davem@...emloft.net, pabeni@...hat.com, yoshfuji@...ux-ipv6.org,
        dsahern@...nel.org, imagedong@...cent.com, kafai@...com,
        asml.silence@...il.com, keescook@...omium.org,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: [PATCH net-next 3/9] net: tcp: use the drop reasons stored in tcp_skb_cb

From: Menglong Dong <imagedong@...cent.com>

The drop reasons for skb can be stored in tcp_skb_cb in some function
when it needs to be dropped. The following functions will do it in the
latter commits:

  tcp_rcv_state_process
  tcp_conn_request
  tcp_rcv_state_process
  tcp_timewait_state_process
  tcp_rcv_synsent_state_process

Now, we initialize the drop_reason in tcp_skb_cb to
SKB_DROP_REASON_NOT_SPECIFIED. try_kfree_skb() should be used if any code
path makes the drop_reason to SKB_NOT_DROPPED_YET. Don't try to set it
to SKB_NOT_DROPPED_YET if the skb has any posibility to be dropped later.

Signed-off-by: Menglong Dong <imagedong@...cent.com>
---
 net/ipv4/tcp_ipv4.c | 15 +++++++++++++--
 net/ipv6/tcp_ipv6.c | 20 ++++++++++++++++----
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 87d440f47a70..a85bc7483c5a 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1693,6 +1693,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
 			goto discard;
 		if (nsk != sk) {
 			if (tcp_child_process(sk, nsk, skb)) {
+				reason = TCP_SKB_CB(skb)->drop_reason;
 				rsk = nsk;
 				goto reset;
 			}
@@ -1702,6 +1703,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
 		sock_rps_save_rxhash(sk, skb);
 
 	if (tcp_rcv_state_process(sk, skb)) {
+		reason = TCP_SKB_CB(skb)->drop_reason;
 		rsk = sk;
 		goto reset;
 	}
@@ -1945,6 +1947,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
 	int ret;
 
 	drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
+	TCP_SKB_DR(skb, NOT_SPECIFIED);
 	if (skb->pkt_type != PACKET_HOST)
 		goto discard_it;
 
@@ -2050,6 +2053,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
 			reqsk_put(req);
 			tcp_v4_restore_cb(skb);
 		} else if (tcp_child_process(sk, nsk, skb)) {
+			drop_reason = TCP_SKB_CB(skb)->drop_reason;
 			tcp_v4_send_reset(nsk, skb);
 			goto discard_and_relse;
 		} else {
@@ -2136,6 +2140,11 @@ int tcp_v4_rcv(struct sk_buff *skb)
 	kfree_skb_reason(skb, drop_reason);
 	return 0;
 
+free_it:
+	drop_reason = TCP_SKB_CB(skb)->drop_reason;
+	try_kfree_skb(skb, drop_reason);
+	return 0;
+
 discard_and_relse:
 	sk_drops_add(sk, skb);
 	if (refcounted)
@@ -2171,6 +2180,8 @@ int tcp_v4_rcv(struct sk_buff *skb)
 			refcounted = false;
 			goto process;
 		}
+		/* TCP_FLAGS or NO_SOCKET? */
+		TCP_SKB_DR(skb, TCP_FLAGS);
 	}
 		/* to ACK */
 		fallthrough;
@@ -2180,10 +2191,10 @@ int tcp_v4_rcv(struct sk_buff *skb)
 	case TCP_TW_RST:
 		tcp_v4_send_reset(sk, skb);
 		inet_twsk_deschedule_put(inet_twsk(sk));
-		goto discard_it;
+		goto free_it;
 	case TCP_TW_SUCCESS:;
 	}
-	goto discard_it;
+	goto free_it;
 }
 
 static struct timewait_sock_ops tcp_timewait_sock_ops = {
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index f676be14e6b6..2c2048832714 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1515,8 +1515,10 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
 			goto discard;
 
 		if (nsk != sk) {
-			if (tcp_child_process(sk, nsk, skb))
+			if (tcp_child_process(sk, nsk, skb)) {
+				reason = TCP_SKB_CB(skb)->drop_reason;
 				goto reset;
+			}
 			if (opt_skb)
 				__kfree_skb(opt_skb);
 			return 0;
@@ -1524,8 +1526,10 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
 	} else
 		sock_rps_save_rxhash(sk, skb);
 
-	if (tcp_rcv_state_process(sk, skb))
+	if (tcp_rcv_state_process(sk, skb)) {
+		reason = TCP_SKB_CB(skb)->drop_reason;
 		goto reset;
+	}
 	if (opt_skb)
 		goto ipv6_pktoptions;
 	return 0;
@@ -1615,6 +1619,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 	struct net *net = dev_net(skb->dev);
 
 	drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
+	TCP_SKB_DR(skb, NOT_SPECIFIED);
 	if (skb->pkt_type != PACKET_HOST)
 		goto discard_it;
 
@@ -1711,6 +1716,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 			reqsk_put(req);
 			tcp_v6_restore_cb(skb);
 		} else if (tcp_child_process(sk, nsk, skb)) {
+			drop_reason = TCP_SKB_CB(skb)->drop_reason;
 			tcp_v6_send_reset(nsk, skb);
 			goto discard_and_relse;
 		} else {
@@ -1792,6 +1798,11 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 	kfree_skb_reason(skb, drop_reason);
 	return 0;
 
+free_it:
+	drop_reason = TCP_SKB_CB(skb)->drop_reason;
+	try_kfree_skb(skb, drop_reason);
+	return 0;
+
 discard_and_relse:
 	sk_drops_add(sk, skb);
 	if (refcounted)
@@ -1832,6 +1843,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 			refcounted = false;
 			goto process;
 		}
+		TCP_SKB_DR(skb, TCP_FLAGS);
 	}
 		/* to ACK */
 		fallthrough;
@@ -1841,11 +1853,11 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
 	case TCP_TW_RST:
 		tcp_v6_send_reset(sk, skb);
 		inet_twsk_deschedule_put(inet_twsk(sk));
-		goto discard_it;
+		goto free_it;
 	case TCP_TW_SUCCESS:
 		;
 	}
-	goto discard_it;
+	goto free_it;
 }
 
 void tcp_v6_early_demux(struct sk_buff *skb)
-- 
2.37.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ