lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 12 May 2020 07:46:34 -0700
From:   Eric Dumazet <edumazet@...gle.com>
To:     Paolo Abeni <pabeni@...hat.com>
Cc:     netdev <netdev@...r.kernel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Christoph Paasch <cpaasch@...le.com>
Subject: Re: [RFC PATCH 1/3] mptcp: add new sock flag to deal with join subflows

On Tue, May 12, 2020 at 7:11 AM Paolo Abeni <pabeni@...hat.com> wrote:
>
> MP_JOIN subflows must not land into the accept queue.
> Currently tcp_check_req() calls an mptcp specific helper
> to detect such scenario.
>
> Such helper leverages the subflow context to check for
> MP_JOIN subflows. We need to deal also with MP JOIN
> failures, even when the subflow context is not available
> due to allocation failure.
>
> A possible solution would be changing the syn_recv_sock()
> signature to allow returning a more descriptive action/
> error code and deal with that in tcp_check_req().
>
> Since the above need is MPTCP specific, this patch instead
> uses a TCP socket hole to add an MPTCP specific flag.
> Such flag is used by the MPTCP syn_recv_sock() to tell
> tcp_check_req() how to deal with the request socket.
>
> This change is a no-op for !MPTCP build, and makes the
> MPTCP code simpler. It allows also the next patch to deal
> correctly with MP JOIN failure.
>
> Signed-off-by: Paolo Abeni <pabeni@...hat.com>
> ---
>  include/linux/tcp.h      |  1 +
>  include/net/mptcp.h      | 17 ++++++++++-------
>  net/ipv4/tcp_minisocks.c |  2 +-
>  net/mptcp/protocol.c     |  7 -------
>  net/mptcp/subflow.c      |  2 ++
>  5 files changed, 14 insertions(+), 15 deletions(-)
>
> diff --git a/include/linux/tcp.h b/include/linux/tcp.h
> index e60db06ec28d..dc12c59db41e 100644
> --- a/include/linux/tcp.h
> +++ b/include/linux/tcp.h
> @@ -385,6 +385,7 @@ struct tcp_sock {
>                            */
>  #if IS_ENABLED(CONFIG_MPTCP)
>         bool    is_mptcp;
> +       bool    drop_req;
>  #endif

This looks like this should only be needed in struct tcp_request_sock ?

Does this information need to be kept in the TCP socket after accept() ?

>
>  #ifdef CONFIG_TCP_MD5SIG
> diff --git a/include/net/mptcp.h b/include/net/mptcp.h
> index e60275659de6..c4809c24a185 100644
> --- a/include/net/mptcp.h
> +++ b/include/net/mptcp.h
> @@ -68,6 +68,11 @@ static inline bool rsk_is_mptcp(const struct request_sock *req)
>         return tcp_rsk(req)->is_mptcp;
>  }
>
> +static inline bool sk_drop_req(const struct sock *sk)
> +{
> +       return tcp_sk(sk)->is_mptcp && tcp_sk(sk)->drop_req;
> +}
> +
>  void mptcp_space(const struct sock *ssk, int *space, int *full_space);
>  bool mptcp_syn_options(struct sock *sk, const struct sk_buff *skb,
>                        unsigned int *size, struct mptcp_out_options *opts);
> @@ -121,8 +126,6 @@ static inline bool mptcp_skb_can_collapse(const struct sk_buff *to,
>                                  skb_ext_find(from, SKB_EXT_MPTCP));
>  }
>
> -bool mptcp_sk_is_subflow(const struct sock *sk);
> -
>  void mptcp_seq_show(struct seq_file *seq);
>  #else
>
> @@ -140,6 +143,11 @@ static inline bool rsk_is_mptcp(const struct request_sock *req)
>         return false;
>  }
>
> +static inline bool sk_drop_req(const struct sock *sk)
> +{
> +       return false;
> +}
> +
>  static inline void mptcp_parse_option(const struct sk_buff *skb,
>                                       const unsigned char *ptr, int opsize,
>                                       struct tcp_options_received *opt_rx)
> @@ -190,11 +198,6 @@ static inline bool mptcp_skb_can_collapse(const struct sk_buff *to,
>         return true;
>  }
>
> -static inline bool mptcp_sk_is_subflow(const struct sock *sk)
> -{
> -       return false;
> -}
> -
>  static inline void mptcp_space(const struct sock *ssk, int *s, int *fs) { }
>  static inline void mptcp_seq_show(struct seq_file *seq) { }
>  #endif /* CONFIG_MPTCP */
> diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
> index 7e40322cc5ec..ba7cfb22dc79 100644
> --- a/net/ipv4/tcp_minisocks.c
> +++ b/net/ipv4/tcp_minisocks.c
> @@ -774,7 +774,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
>         if (!child)
>                 goto listen_overflow;
>
> -       if (own_req && sk_is_mptcp(child) && mptcp_sk_is_subflow(child)) {
> +       if (own_req && sk_drop_req(child)) {
>                 reqsk_queue_removed(&inet_csk(sk)->icsk_accept_queue, req);
>                 inet_csk_reqsk_queue_drop_and_put(sk, req);
>                 return child;
> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
> index e1f23016ed3f..a61e60e94137 100644
> --- a/net/mptcp/protocol.c
> +++ b/net/mptcp/protocol.c
> @@ -1638,13 +1638,6 @@ bool mptcp_finish_join(struct sock *sk)
>         return ret;
>  }
>
> -bool mptcp_sk_is_subflow(const struct sock *sk)
> -{
> -       struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
> -
> -       return subflow->mp_join == 1;
> -}
> -
>  static bool mptcp_memory_free(const struct sock *sk, int wake)
>  {
>         struct mptcp_sock *msk = mptcp_sk(sk);
> diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
> index 009d5c478062..b39a66ffac7a 100644
> --- a/net/mptcp/subflow.c
> +++ b/net/mptcp/subflow.c
> @@ -500,6 +500,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk,
>                         ctx->remote_key = mp_opt.sndr_key;
>                         ctx->fully_established = mp_opt.mp_capable;
>                         ctx->can_ack = mp_opt.mp_capable;
> +                       tcp_sk(child)->drop_req = false;
>                 } else if (ctx->mp_join) {
>                         struct mptcp_sock *owner;
>
> @@ -512,6 +513,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk,
>                                 goto close_child;
>
>                         SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINACKRX);
> +                       tcp_sk(child)->drop_req = true;
>                 }
>         }
>
> --
> 2.21.3
>

Powered by blists - more mailing lists