| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Jul 2022 08:20:19 -0700
From: Yuchung Cheng <ycheng@...gle.com>
To: Kuniyuki Iwashima <kuniyu@...zon.com>
Cc: "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
David Ahern <dsahern@...nel.org>,
Kuniyuki Iwashima <kuni1840@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH v1 net 14/15] tcp: Fix data-races around sysctl_tcp_fastopen.
On Fri, Jul 15, 2022 at 10:21 AM Kuniyuki Iwashima <kuniyu@...zon.com> wrote:
>
> While reading sysctl_tcp_fastopen, it can be changed concurrently.
> Thus, we need to add READ_ONCE() to its readers.
>
> Fixes: 2100c8d2d9db ("net-tcp: Fast Open base")
> Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> ---
> CC: Yuchung Cheng <ycheng@...gle.com>
Thanks for the improvement
Acked-by: Yuchung Cheng <ycheng@...gle.com>
> ---
> net/ipv4/af_inet.c | 2 +-
> net/ipv4/tcp.c | 6 ++++--
> net/ipv4/tcp_fastopen.c | 4 ++--
> 3 files changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index 4bc24f9e38b3..59a0c5406fc1 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -217,7 +217,7 @@ int inet_listen(struct socket *sock, int backlog)
> * because the socket was in TCP_LISTEN state previously but
> * was shutdown() rather than close().
> */
> - tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;
> + tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
> if ((tcp_fastopen & TFO_SERVER_WO_SOCKOPT1) &&
> (tcp_fastopen & TFO_SERVER_ENABLE) &&
> !inet_csk(sk)->icsk_accept_queue.fastopenq.max_qlen) {
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index b1b1bcbc4f60..2faaaaf540ac 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -1150,7 +1150,8 @@ static int tcp_sendmsg_fastopen(struct sock *sk, struct msghdr *msg,
> struct sockaddr *uaddr = msg->msg_name;
> int err, flags;
>
> - if (!(sock_net(sk)->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) ||
> + if (!(READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) &
> + TFO_CLIENT_ENABLE) ||
> (uaddr && msg->msg_namelen >= sizeof(uaddr->sa_family) &&
> uaddr->sa_family == AF_UNSPEC))
> return -EOPNOTSUPP;
> @@ -3617,7 +3618,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level, int optname,
> case TCP_FASTOPEN_CONNECT:
> if (val > 1 || val < 0) {
> err = -EINVAL;
> - } else if (net->ipv4.sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) {
> + } else if (READ_ONCE(net->ipv4.sysctl_tcp_fastopen) &
> + TFO_CLIENT_ENABLE) {
> if (sk->sk_state == TCP_CLOSE)
> tp->fastopen_connect = val;
> else
> diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
> index fdbcf2a6d08e..0acdb5473850 100644
> --- a/net/ipv4/tcp_fastopen.c
> +++ b/net/ipv4/tcp_fastopen.c
> @@ -332,7 +332,7 @@ static bool tcp_fastopen_no_cookie(const struct sock *sk,
> const struct dst_entry *dst,
> int flag)
> {
> - return (sock_net(sk)->ipv4.sysctl_tcp_fastopen & flag) ||
> + return (READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen) & flag) ||
> tcp_sk(sk)->fastopen_no_cookie ||
> (dst && dst_metric(dst, RTAX_FASTOPEN_NO_COOKIE));
> }
> @@ -347,7 +347,7 @@ struct sock *tcp_try_fastopen(struct sock *sk, struct sk_buff *skb,
> const struct dst_entry *dst)
> {
> bool syn_data = TCP_SKB_CB(skb)->end_seq != TCP_SKB_CB(skb)->seq + 1;
> - int tcp_fastopen = sock_net(sk)->ipv4.sysctl_tcp_fastopen;
> + int tcp_fastopen = READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_fastopen);
> struct tcp_fastopen_cookie valid_foc = { .len = -1 };
> struct sock *child;
> int ret = 0;
> --
> 2.30.2
>
Powered by blists - more mailing lists