[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <483848f5-8807-fd97-babc-44740db96db4@arista.com>
Date: Wed, 2 Nov 2022 21:40:03 +0000
From: Dmitry Safonov <dima@...sta.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: linux-kernel@...r.kernel.org, David Ahern <dsahern@...nel.org>,
Bob Gilligan <gilligan@...sta.com>,
"David S. Miller" <davem@...emloft.net>,
Dmitry Safonov <0x7f454c46@...il.com>,
Francesco Ruggeri <fruggeri@...sta.com>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Salam Noureddine <noureddine@...sta.com>,
netdev@...r.kernel.org
Subject: Re: [PATCH 2/2] net/tcp: Disable TCP-MD5 static key on
tcp_md5sig_info destruction
On 11/2/22 21:25, Eric Dumazet wrote:
> On Wed, Nov 2, 2022 at 2:14 PM Dmitry Safonov <dima@...sta.com> wrote:
[..]
>> +int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
>> + int family, u8 prefixlen, int l3index, u8 flags,
>> + const u8 *newkey, u8 newkeylen)
>> +{
>> + struct tcp_sock *tp = tcp_sk(sk);
>> +
>> + if (!rcu_dereference_protected(tp->md5sig_info, lockdep_sock_is_held(sk))) {
>> + if (tcp_md5sig_info_add(sk, GFP_KERNEL))
>> + return -ENOMEM;
>> +
>> + static_branch_inc(&tcp_md5_needed.key);
>> + }
>> +
>> + return __tcp_md5_do_add(sk, addr, family, prefixlen, l3index, flags,
>> + newkey, newkeylen, GFP_KERNEL);
>> +}
>> EXPORT_SYMBOL(tcp_md5_do_add);
>>
>> +int tcp_md5_key_copy(struct sock *sk, const union tcp_md5_addr *addr,
>> + int family, u8 prefixlen, int l3index,
>> + struct tcp_md5sig_key *key)
>> +{
>> + struct tcp_sock *tp = tcp_sk(sk);
>> +
>> + if (!rcu_dereference_protected(tp->md5sig_info, lockdep_sock_is_held(sk))) {
>> + if (tcp_md5sig_info_add(sk, sk_gfp_mask(sk, GFP_ATOMIC)))
>> + return -ENOMEM;
>> +
>> + atomic_inc(&tcp_md5_needed.key.key.enabled);
>
> static_branch_inc ?
That's the difference between tcp_md5_do_add() and tcp_md5_key_copy():
the first one can sleep on either allocation or static branch patching,
while the second one is used where there is md5 key and it can't get
destroyed during the function call. tcp_md5_key_copy() is called
somewhere from the softirq handler so it needs an atomic allocation as
well as this a little bit hacky part.
[..]
>> @@ -337,11 +338,13 @@ EXPORT_SYMBOL(tcp_time_wait);
>> void tcp_twsk_destructor(struct sock *sk)
>> {
>> #ifdef CONFIG_TCP_MD5SIG
>> - if (static_branch_unlikely(&tcp_md5_needed)) {
>> + if (static_branch_unlikely(&tcp_md5_needed.key)) {
>> struct tcp_timewait_sock *twsk = tcp_twsk(sk);
>>
>> - if (twsk->tw_md5_key)
>> + if (twsk->tw_md5_key) {
>
> Orthogonal to this patch, but I wonder why we do not clear
> twsk->tw_md5_key before kfree_rcu()
>
> It seems a lookup could catch the invalid pointer.
>
>> kfree_rcu(twsk->tw_md5_key, rcu);
>> + static_branch_slow_dec_deferred(&tcp_md5_needed);
>> + }
>> }
>> #endif
A good question, let me check on this.
Thanks for the review,
Dmitry
Powered by blists - more mailing lists