| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Jun 2022 22:29:47 +0200
From: Wenjia Zhang <wenjia@...ux.ibm.com>
To: guangguan.wang@...ux.alibaba.com
Cc: Karsten Graul <kgraul@...ux.ibm.com>, liuyacan@...p.netease.com,
davem@...emloft.net, kuba@...nel.org, linux-kernel@...r.kernel.org,
linux-s390@...r.kernel.org, netdev@...r.kernel.org,
pabeni@...hat.com
Subject: Re: [PATCH net-next v2] net/smc: align the connect behaviour with TCP
On 24.05.22 15:05, Karsten Graul wrote:
> On 24/05/2022 14:57, liuyacan@...p.netease.com wrote:
>>>>
>>>>
>>>> On 2022/5/23 20:24, Karsten Graul wrote:
>>>>> On 13/05/2022 04:24, Guangguan Wang wrote:
>>>>>> Connect with O_NONBLOCK will not be completed immediately
>>>>>> and returns -EINPROGRESS. It is possible to use selector/poll
>>>>>> for completion by selecting the socket for writing. After select
>>>>>> indicates writability, a second connect function call will return
>>>>>> 0 to indicate connected successfully as TCP does, but smc returns
>>>>>> -EISCONN. Use socket state for smc to indicate connect state, which
>>>>>> can help smc aligning the connect behaviour with TCP.
>>>>>>
>>>>>> Signed-off-by: Guangguan Wang <guangguan.wang@...ux.alibaba.com>
>>>>>> Acked-by: Karsten Graul <kgraul@...ux.ibm.com>
>>>>>> ---
>>>>>> net/smc/af_smc.c | 50 ++++++++++++++++++++++++++++++++++++++++++++----
>>>>>> 1 file changed, 46 insertions(+), 4 deletions(-)
>>>>>>
>>>>>> diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
>>>>>> index fce16b9d6e1a..5f70642a8044 100644
>>>>>> --- a/net/smc/af_smc.c
>>>>>> +++ b/net/smc/af_smc.c
>>>>>> @@ -1544,9 +1544,29 @@ static int smc_connect(struct socket *sock, struct sockaddr *addr,
>>>>>> goto out_err;
>>>>>>
>>>>>> lock_sock(sk);
>>>>>> + switch (sock->state) {
>>>>>> + default:
>>>>>> + rc = -EINVAL;
>>>>>> + goto out;
>>>>>> + case SS_CONNECTED:
>>>>>> + rc = sk->sk_state == SMC_ACTIVE ? -EISCONN : -EINVAL;
>>>>>> + goto out;
>>>>>> + case SS_CONNECTING:
>>>>>> + if (sk->sk_state == SMC_ACTIVE)
>>>>>> + goto connected;
>>>>>
>>>>> I stumbled over this when thinking about the fallback processing. If for whatever reason
>>>>> fallback==true during smc_connect(), the "if (smc->use_fallback)" below would set sock->state
>>>>> to e.g. SS_CONNECTED. But in the fallback case sk_state keeps SMC_INIT. So during the next call
>>>>> the SS_CONNECTING case above would break because sk_state in NOT SMC_ACTIVE, and we would end
>>>>> up calling kernel_connect() again. Which seems to be no problem when kernel_connect() returns
>>>>> -EISCONN and we return this to the caller. But is this how it should work, or does it work by chance?
>>>>>
>>>>
>>>> Since the sk_state keeps SMC_INIT and does not correctly indicate the state of clcsock, it should end
>>>> up calling kernel_connect() again to get the actual connection state of clcsock.
>>>>
>>>> And I'm sorry there is a problem that if sock->state==SS_CONNECTED and sk_state==SMC_INIT, further call
>>>> of smc_connect will return -EINVAL where -EISCONN is preferred.
>>>> The steps to reproduce:
>>>> 1)switch fallback before connect, such as setsockopt TCP_FASTOPEN
>>>> 2)connect with noblocking and returns -EINPROGRESS. (sock->state changes to SS_CONNECTING)
>>>> 3) end up calling connect with noblocking again and returns 0. (kernel_connect() returns 0 and sock->state changes to
>>>> SS_CONNECTED but sk->sk_state stays SMC_INIT)
>>>> 4) call connect again, maybe by mistake, will return -EINVAL, but -EISCONN is preferred.
>>>>
>>>> What do you think about if we synchronize the sk_state to SMC_ACTIVE instead of keeping SMC_INIT when clcsock
>>>> connected successfully in fallback case described above.
>>>>
>>>> ...
>>>
>>> I start thinking that the fix in 86434744 introduced a problem. Before that fix a connect with
>>> fallback always reached __smc_connect() and on top of that function in case of fallback
>>> smc_connect_fallback() is called, which itself sets sk_state to SMC_ACTIVE.
>>>
>>> 86434744 removed that code path and I wonder what it actually fixed, because at this time the
>>> fallback check in __smc_connect() was already present.
>>>
>>> Without that "goto out;" the state would be set correctly in smc_connect_fallback(), and the
>>> socket close processing would work as expected.
>>
>> I think it is OK without that "goto out;". And I guess the purpose of "goto out;" is to avoid calling __smc_connect(),
>> because it is impossible to establish an rdma channel at this time.
>
> Yes that was the purpose, but this disabled all the extra processing that should be done
> for fallback sockets during connect().
>
Since Karsten's suggestion, we didn't hear from you any more. We just
want to know:
- What do you think about the commit (86434744)? Could it be the trigger
of the problem you met?
- Have you ever tried to just remove the following lines from
smc_connection(), and check if your scenario could run correctly?
if (smc->use_fallback)
goto out;
In our opinion, we don't see the necessity of the patch, if partly
reverting the commit (86434744) could solve the problem.
Powered by blists - more mailing lists