lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 24 Sep 2022 07:59:15 +0000
From:   "liujian (CE)" <>
To:     John Fastabend <>,
        Jakub Sitnicki <>,
        Eric Dumazet <>,
        davem <>,
        "" <>,
        "" <>,
        Jakub Kicinski <>,
        Paolo Abeni <>
CC:     netdev <>,
        "" <>
Subject: [bug report] one possible out-of-order issue in sockmap


I had a scp failure problem here. I analyze the code, and the reasons may be as follows:

>From commit e7a5f1f1cd00 ("bpf/sockmap: Read psock ingress_msg before
 sk_receive_queue", if we use sockops (BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB
and BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB) to enable socket's sockmap
function, and don't enable strparse and verdict function, the out-of-order
problem may occur in the following process.

client SK                                   server SK
      tcp_set_state(sk, TCP_ESTABLISHED);
      // insert SK to sockmap
    wake up waitter

// msgA will go tcp stack
                                                //insert SK to sockmap
                                              wake up waitter
// msgB go sockmap
                                                //msgB, out-of-order
                                                //msgA, out-of-order

Even if msgA arrives earlier than msgB (in most cases), tcp_bpf_recvmsg receives msg from the psock queue first.
The worst case is that msgA waits for serverSK to change to TCP_ESTABLISHED in the protocol stack. msgA may arrive at the serverSK receive queue later than msgB.
If msgA befor than msgB, 

If the ACK packets of the three-way TCP handshake are dropped for a period of time, the OOO problem is easily reproduced.

iptables -A INPUT -p tcp -m tcp --dport 5006 --tcp-flags SYN,RST,ACK,FIN ACK -j DROP
iptables -D INPUT -p tcp -m tcp --dport 5006 --tcp-flags SYN,RST,ACK,FIN ACK -j DROP

Best Wishes
Liu Jian

Powered by blists - more mailing lists