| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAL+tcoDXZhptPXK8D_OSS_m8+LAvdZy6wKXaZvtOYQobzuosxg@mail.gmail.com>
Date: Mon, 16 Jan 2023 10:24:05 +0800
From: Jason Xing <kerneljasonxing@...il.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: davem@...emloft.net, yoshfuji@...ux-ipv6.org, dsahern@...nel.org,
kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, Jason Xing <kernelxing@...cent.com>
Subject: Re: [PATCH v2 net] tcp: avoid the lookup process failing to get sk in
ehash table
On Mon, Jan 16, 2023 at 8:36 AM Jason Xing <kerneljasonxing@...il.com> wrote:
>
> On Mon, Jan 16, 2023 at 12:12 AM Eric Dumazet <edumazet@...gle.com> wrote:
> >
> > On Sat, Jan 14, 2023 at 2:27 PM Jason Xing <kerneljasonxing@...il.com> wrote:
> > >
> > > From: Jason Xing <kernelxing@...cent.com>
> > >
> > >
> > > Fixes: 5e0724d027f0 ("tcp/dccp: fix hashdance race for passive sessions")
> > > Suggested-by: Eric Dumazet <edumazet@...gle.com>
> > > Signed-off-by: Jason Xing <kernelxing@...cent.com>
> > > Link: https://lore.kernel.org/lkml/20230112065336.41034-1-kerneljasonxing@gmail.com/
> > > ---
> > > v2:
> > > 1) adding the sk node into the tail of list to prevent the race.
> > > 2) fix the race condition when handling time-wait socket hashdance.
> > > ---
> > > net/ipv4/inet_hashtables.c | 10 ++++++++++
> > > net/ipv4/inet_timewait_sock.c | 6 +++---
> > > 2 files changed, 13 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
> > > index 24a38b56fab9..b0b54ad55507 100644
> > > --- a/net/ipv4/inet_hashtables.c
> > > +++ b/net/ipv4/inet_hashtables.c
> > > @@ -650,7 +650,16 @@ bool inet_ehash_insert(struct sock *sk, struct sock *osk, bool *found_dup_sk)
> > > spin_lock(lock);
> > > if (osk) {
> > > WARN_ON_ONCE(sk->sk_hash != osk->sk_hash);
> > > + if (sk_hashed(osk))
> >
> >
> > nit: this should be:
> >
> > if (sk_hashed(osk)) { [1]
> > /* multi-line ....
> > * .... comment.
> > */
> > ret = sk_nulls_del_node_init_rcu(osk);
> > goto unlock;
> > }
Well, after I dug into this part, I found something as below.
If we enter into the 'if (osk) {', we should always skip the next
if-statement which is 'if (found_dup_sk) {' and return a proper value
depending on if the osk is hashed.
However, the code as above would leave variable @ret to be true if the
sk_hashed(osk) returned false, then It would not go to unlock and then
add the node to the list and at last return true which is unexpected.
> > if (found_dup_sk) { [2]
> >
> > 1) parentheses needed in [1]
> > 2) No else if in [2], since you added a "goto unlock;"
I think this modification is fine and makes the code clearer.
Thanks,
Jason
> >
>
> I'll do that. It looks much better.
>
> Thanks,
> Jason
>
> > > + /* Before deleting the node, we insert a new one to make
> > > + * sure that the look-up-sk process would not miss either
> > > + * of them and that at least one node would exist in ehash
> > > + * table all the time. Otherwise there's a tiny chance
> > > + * that lookup process could find nothing in ehash table.
> > > + */
> > > + __sk_nulls_add_node_tail_rcu(sk, list);
> > > ret = sk_nulls_del_node_init_rcu(osk);
> > > + goto unlock;
> > > } else if (found_dup_sk) {
> > > *found_dup_sk = inet_ehash_lookup_by_sk(sk, list);
> > > if (*found_dup_sk)
> > > @@ -660,6 +669,7 @@ bool inet_ehash_insert(struct sock *sk, struct sock *osk, bool *found_dup_sk)
> > > if (ret)
> > > __sk_nulls_add_node_rcu(sk, list);
> > >
> > > +unlock:
> > > spin_unlock(lock);
> >
> > Thanks.
Powered by blists - more mailing lists