lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <66cca76683fbd_266e63294d1@willemb.c.googlers.com.notmuch>
Date: Mon, 26 Aug 2024 12:03:50 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Jason Xing <kerneljasonxing@...il.com>, 
 Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc: davem@...emloft.net, 
 edumazet@...gle.com, 
 kuba@...nel.org, 
 pabeni@...hat.com, 
 dsahern@...nel.org, 
 willemb@...gle.com, 
 netdev@...r.kernel.org, 
 Jason Xing <kernelxing@...cent.com>
Subject: Re: [PATCH net-next 1/2] tcp: make SOF_TIMESTAMPING_RX_SOFTWARE
 feature per socket

Jason Xing wrote:
> Hello Willem,
> 
> On Mon, Aug 26, 2024 at 9:24 PM Willem de Bruijn
> <willemdebruijn.kernel@...il.com> wrote:
> >
> > Jason Xing wrote:
> > > From: Jason Xing <kernelxing@...cent.com>
> > >
> > > Normally, if we want to record and print the rx timestamp after
> > > tcp_recvmsg_locked(), we must enable both SOF_TIMESTAMPING_SOFTWARE
> > > and SOF_TIMESTAMPING_RX_SOFTWARE flags, from which we also can notice
> > > through running rxtimestamp binary in selftests (see testcase 7).
> > >
> > > However, there is one particular case that fails the selftests with
> > > "./rxtimestamp: Expected swtstamp to not be set." error printing in
> > > testcase 6.
> > >
> > > How does it happen? When we keep running a thread starting a socket
> > > and set SOF_TIMESTAMPING_RX_HARDWARE option first, then running
> > > ./rxtimestamp, it will fail. The reason is the former thread
> > > switching on netstamp_needed_key that makes the feature global,
> > > every skb going through netif_receive_skb_list_internal() function
> > > will get a current timestamp in net_timestamp_check(). So the skb
> > > will have timestamp regardless of whether its socket option has
> > > SOF_TIMESTAMPING_RX_SOFTWARE or not.
> > >
> > > After this patch, we can pass the selftest and control each socket
> > > as we want when using rx timestamp feature.
> > >
> > > Signed-off-by: Jason Xing <kernelxing@...cent.com>
> > > ---
> > >  net/ipv4/tcp.c | 10 ++++++++--
> > >  1 file changed, 8 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> > > index 8514257f4ecd..49e73d66c57d 100644
> > > --- a/net/ipv4/tcp.c
> > > +++ b/net/ipv4/tcp.c
> > > @@ -2235,6 +2235,7 @@ void tcp_recv_timestamp(struct msghdr *msg, const struct sock *sk,
> > >                       struct scm_timestamping_internal *tss)
> > >  {
> > >       int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
> > > +     u32 tsflags = READ_ONCE(sk->sk_tsflags);
> > >       bool has_timestamping = false;
> > >
> > >       if (tss->ts[0].tv_sec || tss->ts[0].tv_nsec) {
> > > @@ -2274,14 +2275,19 @@ void tcp_recv_timestamp(struct msghdr *msg, const struct sock *sk,
> > >                       }
> > >               }
> > >
> > > -             if (READ_ONCE(sk->sk_tsflags) & SOF_TIMESTAMPING_SOFTWARE)
> > > +             /* skb may contain timestamp because another socket
> > > +              * turned on netstamp_needed_key which allows generate
> > > +              * the timestamp. So we need to check the current socket.
> > > +              */
> > > +             if (tsflags & SOF_TIMESTAMPING_SOFTWARE &&
> > > +                 tsflags & SOF_TIMESTAMPING_RX_SOFTWARE)
> > >                       has_timestamping = true;
> > >               else
> > >                       tss->ts[0] = (struct timespec64) {0};
> > >       }
> >
> > The current behavior is as described in
> > Documentation/networking/timestamping.rst:
> >
> > "The socket option configures timestamp generation for individual
> > sk_buffs (1.3.1), timestamp reporting to the socket's error
> > queue (1.3.2)"
> >
> > SOF_TIMESTAMPING_RX_SOFTWARE is a timestamp generation option.
> > SOF_TIMESTAMPING_SOFTWARE is a timestamp reporting option.
> 
> Thanks for your review.
> 
> Yes, it's true.
> 
> >
> > This patch changes that clearly defined behavior.
> 
> Why?

Because it repurposes generation flag SOF_TIMESTAMPING_RX_SOFTWARE in
timestamp reporting.

If a single flag configures both generation and reporting, why bother
with two flags at all.

> I don't get it. Please see those testcase in
> tools/testing/selftests/net/rxtimestamp.c.
> 
> >
> > On Tx the separation between generation and reporting has value, as it
> > allows setting the generation on a per packet basis with SCM_TSTAMP_*.
> 
> I didn't break the logic on the tx path. tcp_recv_timestamp() is only
> related to the rx path.
> 
> Regarding the tx path, I carefully take care of this logic in
> patch[2/2], so now the series only handles the issue happening in the
> rx path.
> 
> >
> > On Rx it is more subtle, but the two are still tested at different
> > points in the path, and can be updated by setsockopt in between a
> > packet arrival and a recvmsg().
> >
> > The interaction between sockets on software timestamping is a
> > longstanding issue. I don't think there is any urgency to change this
> 
> Oh, now I see.
> 
> > now. This proposed change makes the API less consistent, and may
> > also affect applications that depend on the current behavior.
> >
> 
> Maybe. But, it's not the original design which we expect, right?

It is. Your argument is against the current API design. This is not
a bug where behavior diverges from the intended interface. The doc is
clear on this.

The API makes a distinction between generation and reporting bits. The
shared generation early in the Rx path is a long standing known issue.

I'm not saying that the API is perfect. But it is clear in its use of
the bits. Muddling the distinction between reporting and generation
bits in one of the four cases makes the API less consistent and harder
to understand.

If you think the API as is is wrong, then at a minimum that would
require an update to timestamping.rst. But I think that medicine may
be worse than the ailment.

> I can make sure this series can fix the issue. This series is trying
> to ask users to use/set both flags to receive an expected timestamp.
> The purpose of using setsockopt is to control the socket itself
> insteading of interfering with others.
> 
> About the breakage issue, let me assume, if the user only sets the
> SOF_TIMESTAMPING_SOFTWARE flag, he cannot expect the socket will
> receive a timestamp, right? So what might happen if we fix the issue?
> I think the logics in the rxtimestamp.c selftest are very clear :)
> 
> Besides, test case 6 will fail under this circumstance

Sorry about that. My team added that test, and we expanded it over
time. Crucially, the test was added well after the SO_TIMESTAMPING
API, so it was never intended to be prescriptive.

Commit 0558c3960407 ("selftests/net: plug rxtimestamp test into
kselftest framework") actually mentions this issue:

    Also ignore failures of test case #6 by default. This case verifies
    that a receive timestamp is not reported if timestamp reporting is
    enabled for a socket, but generation is disabled. Receive timestamp
    generation has to be enabled globally, as no associated socket is
    known yet. A background process that enables rx timestamp generation
    therefore causes a false positive. Ntpd is one example that does.

    Add a "--strict" option to cause failure in the event that any test
    case fails, including test #6. This is useful for environments that
    are known to not have such background processes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ