lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y4X/XidkaLaD5Zak@gmail.com>
Date:   Tue, 29 Nov 2022 04:47:26 -0800
From:   Breno Leitao <leitao@...ian.org>
To:     Kuniyuki Iwashima <kuniyu@...zon.com>
Cc:     davem@...emloft.net, dsahern@...nel.org, edumazet@...gle.com,
        kuba@...nel.org, leit@...com, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, pabeni@...hat.com, yoshfuji@...ux-ipv6.org
Subject: Re: [PATCH RESEND net-next] tcp: socket-specific version of
 WARN_ON_ONCE()

On Tue, Nov 29, 2022 at 10:00:55AM +0900, Kuniyuki Iwashima wrote:
> From:   Breno Leitao <leitao@...ian.org>
> Date:   Thu, 24 Nov 2022 03:22:29 -0800
> > There are cases where we need information about the socket during a
> > warning, so, it could help us to find bugs that happens and do not have
> > an easy repro.
> > 
> > This diff creates a TCP socket-specific version of WARN_ON_ONCE(), which
> > dumps more information about the TCP socket.
> > 
> > This new warning is not only useful to give more insight about kernel bugs, but,
> > it is also helpful to expose information that might be coming from buggy
> > BPF applications, such as BPF applications that sets invalid
> > tcp_sock->snd_cwnd values.
> 
> Have you finally found a root cause on BPF or TCP side ?

Yes, this demonstrated to be very useful to find out BPF applications
that are doing nasty things with the congestion window.

We currently have this patch applied to Meta's infrastructure to track
BPF applications that are misbehaving, and easily track down to which
BPF application is the responsible one.

> > +#endif  /* _LINUX_TCP_DEBUG_H */
> > diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> > index 54836a6b81d6..dd682f60c7cb 100644
> > --- a/net/ipv4/tcp.c
> > +++ b/net/ipv4/tcp.c
> > @@ -4705,6 +4705,36 @@ int tcp_abort(struct sock *sk, int err)
> >  }
> >  EXPORT_SYMBOL_GPL(tcp_abort);
> >  
> > +void tcp_sock_warn(const struct tcp_sock *tp)
> > +{
> > +	const struct sock *sk = (const struct sock *)tp;
> > +	struct inet_sock *inet = inet_sk(sk);
> > +	struct inet_connection_sock *icsk = inet_csk(sk);
> > +
> > +	WARN_ON(1);
> > +
> > +	if (!tp)
> 
> Is this needed ?

We are de-referencing tp/sk in the lines below, so, I think it is safe to
check if they are not NULL before the de-refencing it.

Should I do check for "ck" instead of "tp" to make the code a bit
cleaner to read?

> > +	pr_warn("Socket Info: family=%u state=%d sport=%u dport=%u ccname=%s cwnd=%u",
> > +		sk->sk_family, sk->sk_state, ntohs(inet->inet_sport),
> > +		ntohs(inet->inet_dport), icsk->icsk_ca_ops->name, tcp_snd_cwnd(tp));
> > +
> > +	switch (sk->sk_family) {
> > +	case AF_INET:
> > +		pr_warn("saddr=%pI4 daddr=%pI4", &inet->inet_saddr,
> > +			&inet->inet_daddr);
> 
> As with tcp_syn_flood_action(), [address]:port format is easy
> to read and consistent in kernel ?

Absolutely. I am going to fix it in v2. Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ