| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Nov 2022 11:18:27 +0100
From: Paolo Abeni <pabeni@...hat.com>
To: Breno Leitao <leitao@...ian.org>, edumazet@...gle.com,
davem@...emloft.net, kuba@...nel.org
Cc: netdev@...r.kernel.org, leit@...com, yoshfuji@...ux-ipv6.org,
dsahern@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH RESEND net-next] tcp: socket-specific version of
WARN_ON_ONCE()
Hello,
On Thu, 2022-11-24 at 03:22 -0800, Breno Leitao wrote:
> There are cases where we need information about the socket during a
> warning, so, it could help us to find bugs that happens and do not have
> an easy repro.
>
> This diff creates a TCP socket-specific version of WARN_ON_ONCE(), which
> dumps more information about the TCP socket.
>
> This new warning is not only useful to give more insight about kernel bugs, but,
> it is also helpful to expose information that might be coming from buggy
> BPF applications, such as BPF applications that sets invalid
> tcp_sock->snd_cwnd values.
I personally find this use-case a little too tight, you could likelly
fetch the same information with a perf probe or something similar.
> Signed-off-by: Breno Leitao <leitao@...ian.org>
> ---
> include/net/tcp.h | 3 ++-
> include/net/tcp_debug.h | 10 ++++++++++
> net/ipv4/tcp.c | 30 ++++++++++++++++++++++++++++++
> 3 files changed, 42 insertions(+), 1 deletion(-)
> create mode 100644 include/net/tcp_debug.h
>
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index 14d45661a84d..e490af8e6fdc 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -40,6 +40,7 @@
> #include <net/inet_ecn.h>
> #include <net/dst.h>
> #include <net/mptcp.h>
> +#include <net/tcp_debug.h>
>
> #include <linux/seq_file.h>
> #include <linux/memcontrol.h>
> @@ -1229,7 +1230,7 @@ static inline u32 tcp_snd_cwnd(const struct tcp_sock *tp)
>
> static inline void tcp_snd_cwnd_set(struct tcp_sock *tp, u32 val)
> {
> - WARN_ON_ONCE((int)val <= 0);
> + TCP_SOCK_WARN_ON_ONCE(tp, (int)val <= 0);
> tp->snd_cwnd = val;
> }
>
> diff --git a/include/net/tcp_debug.h b/include/net/tcp_debug.h
> new file mode 100644
> index 000000000000..50e96d87d335
> --- /dev/null
> +++ b/include/net/tcp_debug.h
> @@ -0,0 +1,10 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef _LINUX_TCP_DEBUG_H
> +#define _LINUX_TCP_DEBUG_H
> +
> +void tcp_sock_warn(const struct tcp_sock *tp);
> +
> +#define TCP_SOCK_WARN_ON_ONCE(tcp_sock, condition) \
> + DO_ONCE_LITE_IF(condition, tcp_sock_warn, tcp_sock)
> +
> +#endif /* _LINUX_TCP_DEBUG_H */
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 54836a6b81d6..dd682f60c7cb 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -4705,6 +4705,36 @@ int tcp_abort(struct sock *sk, int err)
> }
> EXPORT_SYMBOL_GPL(tcp_abort);
>
> +void tcp_sock_warn(const struct tcp_sock *tp)
> +{
> + const struct sock *sk = (const struct sock *)tp;
> + struct inet_sock *inet = inet_sk(sk);
> + struct inet_connection_sock *icsk = inet_csk(sk);
> +
> + WARN_ON(1);
> +
> + if (!tp)
> + return;
> +
> + pr_warn("Socket Info: family=%u state=%d sport=%u dport=%u ccname=%s cwnd=%u",
> + sk->sk_family, sk->sk_state, ntohs(inet->inet_sport),
> + ntohs(inet->inet_dport), icsk->icsk_ca_ops->name, tcp_snd_cwnd(tp));
> +
> + switch (sk->sk_family) {
> + case AF_INET:
> + pr_warn("saddr=%pI4 daddr=%pI4", &inet->inet_saddr,
> + &inet->inet_daddr);
> + break;
> +#if IS_ENABLED(CONFIG_IPV6)
> + case AF_INET6:
> + pr_warn("saddr=%pI6 daddr=%pI6", &sk->sk_v6_rcv_saddr,
> + &sk->sk_v6_daddr);
> + break;
> +#endif
Please, adjust the output format as suggested by Kuniyuki,
thanks!
Paolo
Powered by blists - more mailing lists