lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <805bd3a1-ae85-4d87-8678-0bf63a261c66@kernel.org>
Date: Fri, 25 Oct 2024 17:52:28 +0200
From: Matthieu Baerts <matttbe@...nel.org>
To: Simon Horman <horms@...nel.org>
Cc: mptcp@...ts.linux.dev, Mat Martineau <martineau@...nel.org>,
 Geliang Tang <geliang@...nel.org>, "David S. Miller" <davem@...emloft.net>,
 Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
 Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, Gang Yan <yangang@...inos.cn>
Subject: Re: [PATCH net-next 2/4] mptcp: annotate data-races around
 subflow->fully_established

Hi Simon,

Thank you for the review!

On 25/10/2024 11:55, Simon Horman wrote:
> On Mon, Oct 21, 2024 at 05:14:04PM +0200, Matthieu Baerts (NGI0) wrote:
>> From: Gang Yan <yangang@...inos.cn>
>>
>> We introduce the same handling for potential data races with the
>> 'fully_established' flag in subflow as previously done for
>> msk->fully_established.
>>
>> Additionally, we make a crucial change: convert the subflow's
>> 'fully_established' from 'bit_field' to 'bool' type. This is
>> necessary because methods for avoiding data races don't work well
>> with 'bit_field'. Specifically, the 'READ_ONCE' needs to know
>> the size of the variable being accessed, which is not supported in
>> 'bit_field'. Also, 'test_bit' expect the address of 'bit_field'.
>>
>> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/516
>> Signed-off-by: Gang Yan <yangang@...inos.cn>
>> Reviewed-by: Matthieu Baerts (NGI0) <matttbe@...nel.org>
>> Signed-off-by: Matthieu Baerts (NGI0) <matttbe@...nel.org>
> 
> ...
> 
>> diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h
>> index 568a72702b080d7610425ce5c3a409c7b88da13a..a93e661ef5c435155066ce9cc109092661f0711c 100644
>> --- a/net/mptcp/protocol.h
>> +++ b/net/mptcp/protocol.h
>> @@ -513,7 +513,6 @@ struct mptcp_subflow_context {
>>  		request_bkup : 1,
>>  		mp_capable : 1,	    /* remote is MPTCP capable */
>>  		mp_join : 1,	    /* remote is JOINing */
>> -		fully_established : 1,	    /* path validated */
>>  		pm_notified : 1,    /* PM hook called for established status */
>>  		conn_finished : 1,
>>  		map_valid : 1,
>> @@ -532,10 +531,11 @@ struct mptcp_subflow_context {
>>  		is_mptfo : 1,	    /* subflow is doing TFO */
>>  		close_event_done : 1,       /* has done the post-closed part */
>>  		mpc_drop : 1,	    /* the MPC option has been dropped in a rtx */
>> -		__unused : 8;
>> +		__unused : 9;
>>  	bool	data_avail;
>>  	bool	scheduled;
>>  	bool	pm_listener;	    /* a listener managed by the kernel PM? */
>> +	bool	fully_established;  /* path validated */
>>  	u32	remote_nonce;
>>  	u64	thmac;
>>  	u32	local_nonce;
> 
> ...
> 
>> diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
>> index 6170f2fff71e4f9d64837f2ebf4d81bba224fafb..860903e0642255cf9efb39da9e24c39f6547481f 100644
>> --- a/net/mptcp/subflow.c
>> +++ b/net/mptcp/subflow.c
>> @@ -800,7 +800,7 @@ void __mptcp_subflow_fully_established(struct mptcp_sock *msk,
>>  				       const struct mptcp_options_received *mp_opt)
>>  {
>>  	subflow_set_remote_key(msk, subflow, mp_opt);
>> -	subflow->fully_established = 1;
>> +	WRITE_ONCE(subflow->fully_established, true);
>>  	WRITE_ONCE(msk->fully_established, true);
>>  
>>  	if (subflow->is_mptfo)
>> @@ -2062,7 +2062,7 @@ static void subflow_ulp_clone(const struct request_sock *req,
>>  	} else if (subflow_req->mp_join) {
>>  		new_ctx->ssn_offset = subflow_req->ssn_offset;
>>  		new_ctx->mp_join = 1;
>> -		new_ctx->fully_established = 1;
>> +		WRITE_ONCE(new_ctx->fully_established, true);
>>  		new_ctx->remote_key_valid = 1;
>>  		new_ctx->backup = subflow_req->backup;
>>  		new_ctx->request_bkup = subflow_req->request_bkup;
> 
> My understanding is that 1) fully_established is now a single byte and
> 2) WRITE_ONCE is not necessary for a single byte, as if I understand Eric's
> comment in [1] correctly, tearing is not possible in this case.

Good point, I appreciate this note, I didn't realise it was always not
necessary to use it for a single byte!

Just to be sure: is it an issue to keep them?

I mean: here, we are not in the fast path, and I think it "feels" better
to see WRITE_ONCE() being used when all the readers use READ_ONCE(). Do
you see what I mean? Not to have to think "strange, no WRITE_ONCE() here
; oh but that's fine here because it is a single byte when I look at its
definition".

Also, many other single byte variables in MPTCP structures are being
used with WRITE_ONCE(): "msk->fully_established" (used just above), but
also the other booleans declared above the new one in the subflow
context structure, and in other structures declared in protocol.h.

(Note that WRITE_ONCE() could also be a NOOP when used with a single
byte to keep the consistency, if it is always useless in this case.)

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ