lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 3 Mar 2020 18:38:35 +0000
From:   "Leppanen, Jere (Nokia - FI/Espoo)" <jere.leppanen@...ia.com>
To:     Xin Long <lucien.xin@...il.com>,
        network dev <netdev@...r.kernel.org>,
        "linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>
CC:     "davem@...emloft.net" <davem@...emloft.net>,
        Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
        Neil Horman <nhorman@...driver.com>,
        "michael.tuexen@...chi.franken.de" <michael.tuexen@...chi.franken.de>
Subject: RE: [PATCH net] sctp: return a one-to-one type socket when doing
 peeloff

On Mon, 2 Mar 2020, Xin Long wrote:

> As it says in rfc6458#section-9.2:
> 
>   The application uses the sctp_peeloff() call to branch off an
>   association into a separate socket.  (Note that the semantics are
>   somewhat changed from the traditional one-to-one style accept()
>   call.)  Note also that the new socket is a one-to-one style socket.
>   Thus, it will be confined to operations allowed for a one-to-one
>   style socket.
> 
> Prior to this patch, sctp_peeloff() returned a one-to-many type socket,
> on which some operations are not allowed, like shutdown, as Jere
> reported.
> 
> This patch is to change it to return a one-to-one type socket instead.

Thanks for looking into this. I like the patch, and it fixes my simple
test case.

But with this patch, peeled-off sockets are created by copying from a
one-to-many socket to a one-to-one socket. Are you sure that that's
not going to cause any problems? Is it possible that there was a
reason why peeloff wasn't implemented this way in the first place?

With this patch there's no way to create UDP_HIGH_BANDWIDTH style
sockets anymore, so the remaining references should probably be
cleaned up:

./net/sctp/socket.c:1886:       if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
./net/sctp/socket.c:8522:       if (sctp_style(sk, UDP_HIGH_BANDWIDTH))
./include/net/sctp/structs.h:144:       SCTP_SOCKET_UDP_HIGH_BANDWIDTH,

This patch disables those checks. The first one ignores a destination
address given to sendmsg() with a peeled-off socket - I don't know
why. The second one prevents listen() on a peeled-off socket.

> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-by: Leppanen, Jere (Nokia - FI/Espoo) <jere.leppanen@...ia.com>

Reported-by: Jere Leppanen <jere.leppanen@...ia.com>

> Signed-off-by: Xin Long <lucien.xin@...il.com>
> ---
>  net/sctp/socket.c | 15 ++++++---------
>  1 file changed, 6 insertions(+), 9 deletions(-)
> 
> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> index 1b56fc4..2b55beb 100644
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@ -88,8 +88,7 @@ static int sctp_send_asconf(struct sctp_association *asoc,
>  static int sctp_do_bind(struct sock *, union sctp_addr *, int);
>  static int sctp_autobind(struct sock *sk);
>  static int sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
> -			     struct sctp_association *assoc,
> -			     enum sctp_socket_type type);
> +			     struct sctp_association *assoc);
>  
>  static unsigned long sctp_memory_pressure;
>  static atomic_long_t sctp_memory_allocated;
> @@ -4965,7 +4964,7 @@ static struct sock *sctp_accept(struct sock *sk, int flags, int *err, bool kern)
>  	/* Populate the fields of the newsk from the oldsk and migrate the
>  	 * asoc to the newsk.
>  	 */
> -	error = sctp_sock_migrate(sk, newsk, asoc, SCTP_SOCKET_TCP);
> +	error = sctp_sock_migrate(sk, newsk, asoc);
>  	if (error) {
>  		sk_common_release(newsk);
>  		newsk = NULL;
> @@ -5711,7 +5710,7 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp)
>  		return -EINVAL;
>  
>  	/* Create a new socket.  */
> -	err = sock_create(sk->sk_family, SOCK_SEQPACKET, IPPROTO_SCTP, &sock);
> +	err = sock_create(sk->sk_family, SOCK_STREAM, IPPROTO_SCTP, &sock);
>  	if (err < 0)
>  		return err;
>  
> @@ -5727,8 +5726,7 @@ int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp)
>  	/* Populate the fields of the newsk from the oldsk and migrate the
>  	 * asoc to the newsk.
>  	 */
> -	err = sctp_sock_migrate(sk, sock->sk, asoc,
> -				SCTP_SOCKET_UDP_HIGH_BANDWIDTH);
> +	err = sctp_sock_migrate(sk, sock->sk, asoc);
>  	if (err) {
>  		sock_release(sock);
>  		sock = NULL;
> @@ -9453,8 +9451,7 @@ static inline void sctp_copy_descendant(struct sock *sk_to,
>   * and its messages to the newsk.
>   */
>  static int sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
> -			     struct sctp_association *assoc,
> -			     enum sctp_socket_type type)
> +			     struct sctp_association *assoc)
>  {
>  	struct sctp_sock *oldsp = sctp_sk(oldsk);
>  	struct sctp_sock *newsp = sctp_sk(newsk);
> @@ -9562,7 +9559,7 @@ static int sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
>  	 * original UDP-style socket or created with the accept() call on a
>  	 * TCP-style socket..
>  	 */
> -	newsp->type = type;
> +	newsp->type = SCTP_SOCKET_TCP;
>  
>  	/* Mark the new socket "in-use" by the user so that any packets
>  	 * that may arrive on the association after we've moved it are
> -- 
> 2.1.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ