| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 May 2023 08:30:41 +0200
From: Eric Dumazet <edumazet@...gle.com>
To: John Fastabend <john.fastabend@...il.com>
Cc: jakub@...udflare.com, daniel@...earbox.net, bpf@...r.kernel.org,
netdev@...r.kernel.org, ast@...nel.org, andrii@...nel.org, will@...valent.com
Subject: Re: [PATCH bpf v10 07/14] bpf: sockmap, wake up polling after data copy
On Tue, May 23, 2023 at 4:56 AM John Fastabend <john.fastabend@...il.com> wrote:
>
> When TCP stack has data ready to read sk_data_ready() is called. Sockmap
> overwrites this with its own handler to call into BPF verdict program.
> But, the original TCP socket had sock_def_readable that would additionally
> wake up any user space waiters with sk_wake_async().
>
> Sockmap saved the callback when the socket was created so call the saved
> data ready callback and then we can wake up any epoll() logic waiting
> on the read.
>
> Note we call on 'copied >= 0' to account for returning 0 when a FIN is
> received because we need to wake up user for this as well so they
> can do the recvmsg() -> 0 and detect the shutdown.
>
> Fixes: 04919bed948dc ("tcp: Introduce tcp_read_skb()")
> Reviewed-by: Jakub Sitnicki <jakub@...udflare.com>
> Signed-off-by: John Fastabend <john.fastabend@...il.com>
> ---
> net/core/skmsg.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/net/core/skmsg.c b/net/core/skmsg.c
> index bcd45a99a3db..08be5f409fb8 100644
> --- a/net/core/skmsg.c
> +++ b/net/core/skmsg.c
> @@ -1199,12 +1199,21 @@ static int sk_psock_verdict_recv(struct sock *sk, struct sk_buff *skb)
> static void sk_psock_verdict_data_ready(struct sock *sk)
> {
> struct socket *sock = sk->sk_socket;
> + int copied;
>
> trace_sk_data_ready(sk);
>
> if (unlikely(!sock || !sock->ops || !sock->ops->read_skb))
> return;
> - sock->ops->read_skb(sk, sk_psock_verdict_recv);
> + copied = sock->ops->read_skb(sk, sk_psock_verdict_recv);
> + if (copied >= 0) {
> + struct sk_psock *psock;
> +
> + rcu_read_lock();
> + psock = sk_psock(sk);
> + psock->saved_data_ready(sk);
> + rcu_read_unlock();
> + }
> }
>
> void sk_psock_start_verdict(struct sock *sk, struct sk_psock *psock)
> --
> 2.33.0
>
It seems psock could be NULL here, right ?
What do you think if I submit the following fix ?
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index a9060e1f0e4378fa47cfd375b4729b5b0a9f54ec..a29508e1ff3568583263b9307f7b1a0e814ba76d
100644
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -1210,7 +1210,8 @@ static void sk_psock_verdict_data_ready(struct sock *sk)
rcu_read_lock();
psock = sk_psock(sk);
- psock->saved_data_ready(sk);
+ if (psock)
+ psock->saved_data_ready(sk);
rcu_read_unlock();
}
}
Powered by blists - more mailing lists