lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 1 Oct 2020 17:07:45 -0700 (PDT)
From:   Mat Martineau <mathew.j.martineau@...ux.intel.com>
To:     Stephen Rothwell <sfr@...b.auug.org.au>
cc:     David Miller <davem@...emloft.net>,
        Networking <netdev@...r.kernel.org>,
        Linux Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Paolo Abeni <pabeni@...hat.com>
Subject: Re: linux-next: manual merge of the net-next tree with the net
 tree


On Thu, 1 Oct 2020, Stephen Rothwell wrote:

> Hi all,
>
> Today's linux-next merge of the net-next tree got a conflict in:
>
>  net/mptcp/protocol.c
>
> between commit:
>
>  917944da3bfc ("mptcp: Consistently use READ_ONCE/WRITE_ONCE with msk->ack_seq")
>
> from the net tree and commit:
>
>  8268ed4c9d19 ("mptcp: introduce and use mptcp_try_coalesce()")
>  ab174ad8ef76 ("mptcp: move ooo skbs into msk out of order queue.")
>
> from the net-next tree.
>
> I fixed it up (I think - see below) and can carry the fix as
> necessary. This is now fixed as far as linux-next is concerned, but any
> non trivial conflicts should be mentioned to your upstream maintainer
> when your tree is submitted for merging.  You may also want to consider
> cooperating with the maintainer of the conflicting tree to minimise any
> particularly complex conflicts.
>

Hi Stephen,

I am fine with introducing the WRITE_ONCE() in __mptcp_move_skb() as your 
conflict resolution does, or I can submit a patch later to add the 
WRITE_ONCE() in that location. The latter is what I suggested to David 
when submitting the patch to the net tree.

Thanks,

Mat


>
> diff --cc net/mptcp/protocol.c
> index 5d747c6a610e,34c037731f35..000000000000
> --- a/net/mptcp/protocol.c
> +++ b/net/mptcp/protocol.c
> @@@ -112,64 -112,205 +112,205 @@@ static int __mptcp_socket_create(struc
>  	return 0;
>  }
>
> - static void __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk,
> - 			     struct sk_buff *skb,
> - 			     unsigned int offset, size_t copy_len)
> + static void mptcp_drop(struct sock *sk, struct sk_buff *skb)
> + {
> + 	sk_drops_add(sk, skb);
> + 	__kfree_skb(skb);
> + }
> +
> + static bool mptcp_try_coalesce(struct sock *sk, struct sk_buff *to,
> + 			       struct sk_buff *from)
> + {
> + 	bool fragstolen;
> + 	int delta;
> +
> + 	if (MPTCP_SKB_CB(from)->offset ||
> + 	    !skb_try_coalesce(to, from, &fragstolen, &delta))
> + 		return false;
> +
> + 	pr_debug("colesced seq %llx into %llx new len %d new end seq %llx",
> + 		 MPTCP_SKB_CB(from)->map_seq, MPTCP_SKB_CB(to)->map_seq,
> + 		 to->len, MPTCP_SKB_CB(from)->end_seq);
> + 	MPTCP_SKB_CB(to)->end_seq = MPTCP_SKB_CB(from)->end_seq;
> + 	kfree_skb_partial(from, fragstolen);
> + 	atomic_add(delta, &sk->sk_rmem_alloc);
> + 	sk_mem_charge(sk, delta);
> + 	return true;
> + }
> +
> + static bool mptcp_ooo_try_coalesce(struct mptcp_sock *msk, struct sk_buff *to,
> + 				   struct sk_buff *from)
> + {
> + 	if (MPTCP_SKB_CB(from)->map_seq != MPTCP_SKB_CB(to)->end_seq)
> + 		return false;
> +
> + 	return mptcp_try_coalesce((struct sock *)msk, to, from);
> + }
> +
> + /* "inspired" by tcp_data_queue_ofo(), main differences:
> +  * - use mptcp seqs
> +  * - don't cope with sacks
> +  */
> + static void mptcp_data_queue_ofo(struct mptcp_sock *msk, struct sk_buff *skb)
>  {
>  	struct sock *sk = (struct sock *)msk;
> - 	struct sk_buff *tail;
> + 	struct rb_node **p, *parent;
> + 	u64 seq, end_seq, max_seq;
> + 	struct sk_buff *skb1;
> + 	int space;
> +
> + 	seq = MPTCP_SKB_CB(skb)->map_seq;
> + 	end_seq = MPTCP_SKB_CB(skb)->end_seq;
> + 	space = tcp_space(sk);
> + 	max_seq = space > 0 ? space + msk->ack_seq : msk->ack_seq;
> +
> + 	pr_debug("msk=%p seq=%llx limit=%llx empty=%d", msk, seq, max_seq,
> + 		 RB_EMPTY_ROOT(&msk->out_of_order_queue));
> + 	if (after64(seq, max_seq)) {
> + 		/* out of window */
> + 		mptcp_drop(sk, skb);
> + 		MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_NODSSWINDOW);
> + 		return;
> + 	}
>
> - 	__skb_unlink(skb, &ssk->sk_receive_queue);
> + 	p = &msk->out_of_order_queue.rb_node;
> + 	MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUE);
> + 	if (RB_EMPTY_ROOT(&msk->out_of_order_queue)) {
> + 		rb_link_node(&skb->rbnode, NULL, p);
> + 		rb_insert_color(&skb->rbnode, &msk->out_of_order_queue);
> + 		msk->ooo_last_skb = skb;
> + 		goto end;
> + 	}
>
> - 	skb_ext_reset(skb);
> - 	skb_orphan(skb);
> - 	WRITE_ONCE(msk->ack_seq, msk->ack_seq + copy_len);
> + 	/* with 2 subflows, adding at end of ooo queue is quite likely
> + 	 * Use of ooo_last_skb avoids the O(Log(N)) rbtree lookup.
> + 	 */
> + 	if (mptcp_ooo_try_coalesce(msk, msk->ooo_last_skb, skb)) {
> + 		MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE);
> + 		MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL);
> + 		return;
> + 	}
>
> - 	tail = skb_peek_tail(&sk->sk_receive_queue);
> - 	if (offset == 0 && tail) {
> - 		bool fragstolen;
> - 		int delta;
> + 	/* Can avoid an rbtree lookup if we are adding skb after ooo_last_skb */
> + 	if (!before64(seq, MPTCP_SKB_CB(msk->ooo_last_skb)->end_seq)) {
> + 		MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOQUEUETAIL);
> + 		parent = &msk->ooo_last_skb->rbnode;
> + 		p = &parent->rb_right;
> + 		goto insert;
> + 	}
>
> - 		if (skb_try_coalesce(tail, skb, &fragstolen, &delta)) {
> - 			kfree_skb_partial(skb, fragstolen);
> - 			atomic_add(delta, &sk->sk_rmem_alloc);
> - 			sk_mem_charge(sk, delta);
> + 	/* Find place to insert this segment. Handle overlaps on the way. */
> + 	parent = NULL;
> + 	while (*p) {
> + 		parent = *p;
> + 		skb1 = rb_to_skb(parent);
> + 		if (before64(seq, MPTCP_SKB_CB(skb1)->map_seq)) {
> + 			p = &parent->rb_left;
> + 			continue;
> + 		}
> + 		if (before64(seq, MPTCP_SKB_CB(skb1)->end_seq)) {
> + 			if (!after64(end_seq, MPTCP_SKB_CB(skb1)->end_seq)) {
> + 				/* All the bits are present. Drop. */
> + 				mptcp_drop(sk, skb);
> + 				MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
> + 				return;
> + 			}
> + 			if (after64(seq, MPTCP_SKB_CB(skb1)->map_seq)) {
> + 				/* partial overlap:
> + 				 *     |     skb      |
> + 				 *  |     skb1    |
> + 				 * continue traversing
> + 				 */
> + 			} else {
> + 				/* skb's seq == skb1's seq and skb covers skb1.
> + 				 * Replace skb1 with skb.
> + 				 */
> + 				rb_replace_node(&skb1->rbnode, &skb->rbnode,
> + 						&msk->out_of_order_queue);
> + 				mptcp_drop(sk, skb1);
> + 				MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
> + 				goto merge_right;
> + 			}
> + 		} else if (mptcp_ooo_try_coalesce(msk, skb1, skb)) {
> + 			MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_OFOMERGE);
>  			return;
>  		}
> + 		p = &parent->rb_right;
>  	}
>
> - 	skb_set_owner_r(skb, sk);
> - 	__skb_queue_tail(&sk->sk_receive_queue, skb);
> - 	MPTCP_SKB_CB(skb)->offset = offset;
> - }
> + insert:
> + 	/* Insert segment into RB tree. */
> + 	rb_link_node(&skb->rbnode, parent, p);
> + 	rb_insert_color(&skb->rbnode, &msk->out_of_order_queue);
>
> - static void mptcp_stop_timer(struct sock *sk)
> - {
> - 	struct inet_connection_sock *icsk = inet_csk(sk);
> + merge_right:
> + 	/* Remove other segments covered by skb. */
> + 	while ((skb1 = skb_rb_next(skb)) != NULL) {
> + 		if (before64(end_seq, MPTCP_SKB_CB(skb1)->end_seq))
> + 			break;
> + 		rb_erase(&skb1->rbnode, &msk->out_of_order_queue);
> + 		mptcp_drop(sk, skb1);
> + 		MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
> + 	}
> + 	/* If there is no skb after us, we are the last_skb ! */
> + 	if (!skb1)
> + 		msk->ooo_last_skb = skb;
>
> - 	sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
> - 	mptcp_sk(sk)->timer_ival = 0;
> + end:
> + 	skb_condense(skb);
> + 	skb_set_owner_r(skb, sk);
>  }
>
> - /* both sockets must be locked */
> - static bool mptcp_subflow_dsn_valid(const struct mptcp_sock *msk,
> - 				    struct sock *ssk)
> + static bool __mptcp_move_skb(struct mptcp_sock *msk, struct sock *ssk,
> + 			     struct sk_buff *skb, unsigned int offset,
> + 			     size_t copy_len)
>  {
>  	struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk);
> - 	u64 dsn = mptcp_subflow_get_mapped_dsn(subflow);
> + 	struct sock *sk = (struct sock *)msk;
> + 	struct sk_buff *tail;
>
> - 	/* revalidate data sequence number.
> - 	 *
> - 	 * mptcp_subflow_data_available() is usually called
> - 	 * without msk lock.  Its unlikely (but possible)
> - 	 * that msk->ack_seq has been advanced since the last
> - 	 * call found in-sequence data.
> + 	__skb_unlink(skb, &ssk->sk_receive_queue);
> +
> + 	skb_ext_reset(skb);
> + 	skb_orphan(skb);
> +
> + 	/* the skb map_seq accounts for the skb offset:
> + 	 * mptcp_subflow_get_mapped_dsn() is based on the current tp->copied_seq
> + 	 * value
>  	 */
> - 	if (likely(dsn == msk->ack_seq))
> + 	MPTCP_SKB_CB(skb)->map_seq = mptcp_subflow_get_mapped_dsn(subflow);
> + 	MPTCP_SKB_CB(skb)->end_seq = MPTCP_SKB_CB(skb)->map_seq + copy_len;
> + 	MPTCP_SKB_CB(skb)->offset = offset;
> +
> + 	if (MPTCP_SKB_CB(skb)->map_seq == msk->ack_seq) {
> + 		/* in sequence */
> -		msk->ack_seq += copy_len;
> ++		WRITE_ONCE(msk->ack_seq, msk->ack_seq + copy_len);
> + 		tail = skb_peek_tail(&sk->sk_receive_queue);
> + 		if (tail && mptcp_try_coalesce(sk, tail, skb))
> + 			return true;
> +
> + 		skb_set_owner_r(skb, sk);
> + 		__skb_queue_tail(&sk->sk_receive_queue, skb);
>  		return true;
> + 	} else if (after64(MPTCP_SKB_CB(skb)->map_seq, msk->ack_seq)) {
> + 		mptcp_data_queue_ofo(msk, skb);
> + 		return false;
> + 	}
>
> - 	subflow->data_avail = 0;
> - 	return mptcp_subflow_data_available(ssk);
> + 	/* old data, keep it simple and drop the whole pkt, sender
> + 	 * will retransmit as needed, if needed.
> + 	 */
> + 	MPTCP_INC_STATS(sock_net(sk), MPTCP_MIB_DUPDATA);
> + 	mptcp_drop(sk, skb);
> + 	return false;
> + }
> +
> + static void mptcp_stop_timer(struct sock *sk)
> + {
> + 	struct inet_connection_sock *icsk = inet_csk(sk);
> +
> + 	sk_stop_timer(sk, &icsk->icsk_retransmit_timer);
> + 	mptcp_sk(sk)->timer_ival = 0;
>  }
>
>  static void mptcp_check_data_fin_ack(struct sock *sk)
>

--
Mat Martineau
Intel

Powered by blists - more mailing lists