lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CADvbK_e3FzBAU5k4-p2+xue7Mgo6f9diFvbeWzbbYa66fsAvGw@mail.gmail.com>
Date:   Mon, 12 Nov 2018 18:58:53 +0900
From:   Xin Long <lucien.xin@...il.com>
To:     Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Cc:     network dev <netdev@...r.kernel.org>, linux-sctp@...r.kernel.org,
        Neil Horman <nhorman@...driver.com>,
        davem <davem@...emloft.net>
Subject: Re: [PATCH net-next 2/3] sctp: add sock_reuseport for the sock in __sctp_hash_endpoint

On Mon, Oct 22, 2018 at 11:15 PM Marcelo Ricardo Leitner
<marcelo.leitner@...il.com> wrote:
>
> On Sun, Oct 21, 2018 at 12:43:37PM +0800, Xin Long wrote:
> > This is a part of sk_reuseport support for sctp. It defines a helper
> > sctp_bind_addrs_check() to check if the bind_addrs in two socks are
> > matched. It will add sock_reuseport if they are completely matched,
> > and return err if they are partly matched, and alloc sock_reuseport
> > if all socks are not matched at all.
> >
> > It will work until sk_reuseport support is added in
> > sctp_get_port_local() in the next patch.
> >
> > Signed-off-by: Xin Long <lucien.xin@...il.com>
> > ---
> >  include/net/sctp/sctp.h    |  2 +-
> >  include/net/sctp/structs.h |  2 ++
> >  net/core/sock_reuseport.c  |  1 +
> >  net/sctp/bind_addr.c       | 28 ++++++++++++++++++++++
> >  net/sctp/input.c           | 60 +++++++++++++++++++++++++++++++++++++++-------
> >  net/sctp/socket.c          |  3 +--
> >  6 files changed, 85 insertions(+), 11 deletions(-)
> >
> > diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
> > index 8c2caa3..b8cd58d 100644
> > --- a/include/net/sctp/sctp.h
> > +++ b/include/net/sctp/sctp.h
> > @@ -152,7 +152,7 @@ int sctp_primitive_RECONF(struct net *net, struct sctp_association *asoc,
> >   */
> >  int sctp_rcv(struct sk_buff *skb);
> >  void sctp_v4_err(struct sk_buff *skb, u32 info);
> > -void sctp_hash_endpoint(struct sctp_endpoint *);
> > +int sctp_hash_endpoint(struct sctp_endpoint *ep);
> >  void sctp_unhash_endpoint(struct sctp_endpoint *);
> >  struct sock *sctp_err_lookup(struct net *net, int family, struct sk_buff *,
> >                            struct sctphdr *, struct sctp_association **,
> > diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
> > index a11f937..15d017f 100644
> > --- a/include/net/sctp/structs.h
> > +++ b/include/net/sctp/structs.h
> > @@ -1190,6 +1190,8 @@ int sctp_bind_addr_conflict(struct sctp_bind_addr *, const union sctp_addr *,
> >                        struct sctp_sock *, struct sctp_sock *);
> >  int sctp_bind_addr_state(const struct sctp_bind_addr *bp,
> >                        const union sctp_addr *addr);
> > +int sctp_bind_addrs_check(struct sctp_sock *sp,
> > +                       struct sctp_sock *sp2, int cnt2);
> >  union sctp_addr *sctp_find_unmatch_addr(struct sctp_bind_addr        *bp,
> >                                       const union sctp_addr   *addrs,
> >                                       int                     addrcnt,
> > diff --git a/net/core/sock_reuseport.c b/net/core/sock_reuseport.c
> > index ba5cba5..d8fe3e5 100644
> > --- a/net/core/sock_reuseport.c
> > +++ b/net/core/sock_reuseport.c
> > @@ -187,6 +187,7 @@ int reuseport_add_sock(struct sock *sk, struct sock *sk2, bool bind_inany)
> >               call_rcu(&old_reuse->rcu, reuseport_free_rcu);
> >       return 0;
> >  }
> > +EXPORT_SYMBOL(reuseport_add_sock);
> >
> >  void reuseport_detach_sock(struct sock *sk)
> >  {
> > diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
> > index 7df3704..78d0d93 100644
> > --- a/net/sctp/bind_addr.c
> > +++ b/net/sctp/bind_addr.c
> > @@ -337,6 +337,34 @@ int sctp_bind_addr_match(struct sctp_bind_addr *bp,
> >       return match;
> >  }
> >
> > +int sctp_bind_addrs_check(struct sctp_sock *sp,
> > +                       struct sctp_sock *sp2, int cnt2)
> > +{
> > +     struct sctp_bind_addr *bp2 = &sp2->ep->base.bind_addr;
> > +     struct sctp_bind_addr *bp = &sp->ep->base.bind_addr;
> > +     struct sctp_sockaddr_entry *laddr, *laddr2;
> > +     bool exist = false;
> > +     int cnt = 0;
> > +
> > +     rcu_read_lock();
> > +     list_for_each_entry_rcu(laddr, &bp->address_list, list) {
> > +             list_for_each_entry_rcu(laddr2, &bp2->address_list, list) {
> > +                     if (sp->pf->af->cmp_addr(&laddr->a, &laddr2->a) &&
> > +                         laddr->valid == laddr2->valid) {
>
> I think by here in the normal run laddr2->valid will always be true,
> but as is it gives the impression that it accepts 0 == 0 too, which
> would be bad.  May be on a fast BINDX_REM/BINDX_ADD it could trigger
> laddr2->valid = 0 in there, not sure.
>
> Anyway, may be '... laddr->valid && laddr2->valid' instead or you
> really want to allow the 0 == 0 case?
>
will improve it in v2. thanks.

> > +                             exist = true;
> > +                             goto next;
> > +                     }
> > +             }
> > +             cnt = 0;
> > +             break;
> > +next:
> > +             cnt++;
> > +     }
> > +     rcu_read_unlock();
> > +
> > +     return (cnt == cnt2) ? 0 : (exist ? -EEXIST : 1);
> > +}
> > +
> >  /* Does the address 'addr' conflict with any addresses in
> >   * the bp.
> >   */
> > diff --git a/net/sctp/input.c b/net/sctp/input.c
> > index 60ede89..6bfeb10 100644
> > --- a/net/sctp/input.c
> > +++ b/net/sctp/input.c
> > @@ -723,43 +723,87 @@ static int sctp_rcv_ootb(struct sk_buff *skb)
> >  }
> >
> >  /* Insert endpoint into the hash table.  */
> > -static void __sctp_hash_endpoint(struct sctp_endpoint *ep)
> > +static int __sctp_hash_endpoint(struct sctp_endpoint *ep)
> >  {
> > -     struct net *net = sock_net(ep->base.sk);
> > -     struct sctp_ep_common *epb;
> > +     struct sock *sk = ep->base.sk;
> > +     struct net *net = sock_net(sk);
> >       struct sctp_hashbucket *head;
> > +     struct sctp_ep_common *epb;
> >
> >       epb = &ep->base;
> > -
> >       epb->hashent = sctp_ep_hashfn(net, epb->bind_addr.port);
> >       head = &sctp_ep_hashtable[epb->hashent];
> >
> > +     if (sk->sk_reuseport) {
> > +             bool any = sctp_is_ep_boundall(sk);
> > +             struct sctp_ep_common *epb2;
> > +             struct list_head *list;
> > +             int cnt = 0, err = 1;
> > +
> > +             list_for_each(list, &ep->base.bind_addr.address_list)
> > +                     cnt++;
> > +
> > +             sctp_for_each_hentry(epb2, &head->chain) {
> > +                     struct sock *sk2 = epb2->sk;
> > +
> > +                     if (!net_eq(sock_net(sk2), net) || sk2 == sk ||
> > +                         !uid_eq(sock_i_uid(sk2), sock_i_uid(sk)) ||
> > +                         !sk2->sk_reuseport)
> > +                             continue;
> > +
> > +                     err = sctp_bind_addrs_check(sctp_sk(sk2),
> > +                                                 sctp_sk(sk), cnt);
> > +                     if (!err) {
> > +                             err = reuseport_add_sock(sk, sk2, any);
> > +                             if (err)
> > +                                     return err;
> > +                             break;
> > +                     } else if (err < 0) {
> > +                             return err;
> > +                     }
> > +             }
> > +
> > +             if (err) {
> > +                     err = reuseport_alloc(sk, any);
> > +                     if (err)
> > +                             return err;
> > +             }
> > +     }
> > +
> >       write_lock(&head->lock);
> >       hlist_add_head(&epb->node, &head->chain);
> >       write_unlock(&head->lock);
> > +     return 0;
> >  }
> >
> >  /* Add an endpoint to the hash. Local BH-safe. */
> > -void sctp_hash_endpoint(struct sctp_endpoint *ep)
> > +int sctp_hash_endpoint(struct sctp_endpoint *ep)
> >  {
> > +     int err;
> > +
> >       local_bh_disable();
> > -     __sctp_hash_endpoint(ep);
> > +     err = __sctp_hash_endpoint(ep);
> >       local_bh_enable();
> > +
> > +     return err;
> >  }
> >
> >  /* Remove endpoint from the hash table.  */
> >  static void __sctp_unhash_endpoint(struct sctp_endpoint *ep)
> >  {
> > -     struct net *net = sock_net(ep->base.sk);
> > +     struct sock *sk = ep->base.sk;
> >       struct sctp_hashbucket *head;
> >       struct sctp_ep_common *epb;
> >
> >       epb = &ep->base;
> >
> > -     epb->hashent = sctp_ep_hashfn(net, epb->bind_addr.port);
> > +     epb->hashent = sctp_ep_hashfn(sock_net(sk), epb->bind_addr.port);
> >
> >       head = &sctp_ep_hashtable[epb->hashent];
> >
> > +     if (rcu_access_pointer(sk->sk_reuseport_cb))
> > +             reuseport_detach_sock(sk);
> > +
> >       write_lock(&head->lock);
> >       hlist_del_init(&epb->node);
> >       write_unlock(&head->lock);
> > diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> > index fc0386e..44e7d8c 100644
> > --- a/net/sctp/socket.c
> > +++ b/net/sctp/socket.c
> > @@ -7850,8 +7850,7 @@ static int sctp_listen_start(struct sock *sk, int backlog)
> >       }
> >
> >       sk->sk_max_ack_backlog = backlog;
> > -     sctp_hash_endpoint(ep);
> > -     return 0;
> > +     return sctp_hash_endpoint(ep);
> >  }
> >
> >  /*
> > --
> > 2.1.0
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ