| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Oct 2022 21:09:51 +0800
From: menglong8.dong@...il.com
To: edumazet@...gle.com, kuba@...nel.org
Cc: davem@...emloft.net, pabeni@...hat.com, yoshfuji@...ux-ipv6.org,
dsahern@...nel.org, imagedong@...cent.com, kafai@...com,
asml.silence@...il.com, keescook@...omium.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: [PATCH net-next 3/9] net: tcp: use the drop reasons stored in tcp_skb_cb
From: Menglong Dong <imagedong@...cent.com>
The drop reasons for skb can be stored in tcp_skb_cb in some function
when it needs to be dropped. The following functions will do it in the
latter commits:
tcp_rcv_state_process
tcp_conn_request
tcp_rcv_state_process
tcp_timewait_state_process
tcp_rcv_synsent_state_process
Now, we initialize the drop_reason in tcp_skb_cb to
SKB_DROP_REASON_NOT_SPECIFIED. try_kfree_skb() should be used if any code
path makes the drop_reason to SKB_NOT_DROPPED_YET. Don't try to set it
to SKB_NOT_DROPPED_YET if the skb has any posibility to be dropped later.
Signed-off-by: Menglong Dong <imagedong@...cent.com>
---
net/ipv4/tcp_ipv4.c | 15 +++++++++++++--
net/ipv6/tcp_ipv6.c | 20 ++++++++++++++++----
2 files changed, 29 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 87d440f47a70..a85bc7483c5a 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1693,6 +1693,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
goto discard;
if (nsk != sk) {
if (tcp_child_process(sk, nsk, skb)) {
+ reason = TCP_SKB_CB(skb)->drop_reason;
rsk = nsk;
goto reset;
}
@@ -1702,6 +1703,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
sock_rps_save_rxhash(sk, skb);
if (tcp_rcv_state_process(sk, skb)) {
+ reason = TCP_SKB_CB(skb)->drop_reason;
rsk = sk;
goto reset;
}
@@ -1945,6 +1947,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
int ret;
drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
+ TCP_SKB_DR(skb, NOT_SPECIFIED);
if (skb->pkt_type != PACKET_HOST)
goto discard_it;
@@ -2050,6 +2053,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
reqsk_put(req);
tcp_v4_restore_cb(skb);
} else if (tcp_child_process(sk, nsk, skb)) {
+ drop_reason = TCP_SKB_CB(skb)->drop_reason;
tcp_v4_send_reset(nsk, skb);
goto discard_and_relse;
} else {
@@ -2136,6 +2140,11 @@ int tcp_v4_rcv(struct sk_buff *skb)
kfree_skb_reason(skb, drop_reason);
return 0;
+free_it:
+ drop_reason = TCP_SKB_CB(skb)->drop_reason;
+ try_kfree_skb(skb, drop_reason);
+ return 0;
+
discard_and_relse:
sk_drops_add(sk, skb);
if (refcounted)
@@ -2171,6 +2180,8 @@ int tcp_v4_rcv(struct sk_buff *skb)
refcounted = false;
goto process;
}
+ /* TCP_FLAGS or NO_SOCKET? */
+ TCP_SKB_DR(skb, TCP_FLAGS);
}
/* to ACK */
fallthrough;
@@ -2180,10 +2191,10 @@ int tcp_v4_rcv(struct sk_buff *skb)
case TCP_TW_RST:
tcp_v4_send_reset(sk, skb);
inet_twsk_deschedule_put(inet_twsk(sk));
- goto discard_it;
+ goto free_it;
case TCP_TW_SUCCESS:;
}
- goto discard_it;
+ goto free_it;
}
static struct timewait_sock_ops tcp_timewait_sock_ops = {
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index f676be14e6b6..2c2048832714 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1515,8 +1515,10 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
goto discard;
if (nsk != sk) {
- if (tcp_child_process(sk, nsk, skb))
+ if (tcp_child_process(sk, nsk, skb)) {
+ reason = TCP_SKB_CB(skb)->drop_reason;
goto reset;
+ }
if (opt_skb)
__kfree_skb(opt_skb);
return 0;
@@ -1524,8 +1526,10 @@ int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
} else
sock_rps_save_rxhash(sk, skb);
- if (tcp_rcv_state_process(sk, skb))
+ if (tcp_rcv_state_process(sk, skb)) {
+ reason = TCP_SKB_CB(skb)->drop_reason;
goto reset;
+ }
if (opt_skb)
goto ipv6_pktoptions;
return 0;
@@ -1615,6 +1619,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
struct net *net = dev_net(skb->dev);
drop_reason = SKB_DROP_REASON_NOT_SPECIFIED;
+ TCP_SKB_DR(skb, NOT_SPECIFIED);
if (skb->pkt_type != PACKET_HOST)
goto discard_it;
@@ -1711,6 +1716,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
reqsk_put(req);
tcp_v6_restore_cb(skb);
} else if (tcp_child_process(sk, nsk, skb)) {
+ drop_reason = TCP_SKB_CB(skb)->drop_reason;
tcp_v6_send_reset(nsk, skb);
goto discard_and_relse;
} else {
@@ -1792,6 +1798,11 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
kfree_skb_reason(skb, drop_reason);
return 0;
+free_it:
+ drop_reason = TCP_SKB_CB(skb)->drop_reason;
+ try_kfree_skb(skb, drop_reason);
+ return 0;
+
discard_and_relse:
sk_drops_add(sk, skb);
if (refcounted)
@@ -1832,6 +1843,7 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
refcounted = false;
goto process;
}
+ TCP_SKB_DR(skb, TCP_FLAGS);
}
/* to ACK */
fallthrough;
@@ -1841,11 +1853,11 @@ INDIRECT_CALLABLE_SCOPE int tcp_v6_rcv(struct sk_buff *skb)
case TCP_TW_RST:
tcp_v6_send_reset(sk, skb);
inet_twsk_deschedule_put(inet_twsk(sk));
- goto discard_it;
+ goto free_it;
case TCP_TW_SUCCESS:
;
}
- goto discard_it;
+ goto free_it;
}
void tcp_v6_early_demux(struct sk_buff *skb)
--
2.37.2
Powered by blists - more mailing lists