| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d46151818b694dc79b488061817d3d73@huawei.com>
Date: Tue, 19 Nov 2024 08:38:26 +0000
From: mengkanglai <mengkanglai2@...wei.com>
To: Kuniyuki Iwashima <kuniyu@...zon.com>
CC: "davem@...emloft.net" <davem@...emloft.net>, "dsahern@...nel.org"
<dsahern@...nel.org>, "edumazet@...gle.com" <edumazet@...gle.com>, "Fengtao
(fengtao, Euler)" <fengtao40@...wei.com>, "kuba@...nel.org"
<kuba@...nel.org>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "netdev@...r.kernel.org"
<netdev@...r.kernel.org>, "pabeni@...hat.com" <pabeni@...hat.com>, "Yanan
(Euler)" <yanan@...wei.com>
Subject: RE:答复: kernel tcp sockets stuck in FIN_WAIT1 after call tcp_close
> -----邮件原件-----
> 发件人: Kuniyuki Iwashima <kuniyu@...zon.com>
> 发送时间: 2024年11月14日 2:56
> 收件人: mengkanglai <mengkanglai2@...wei.com>
> 抄送: davem@...emloft.net; dsahern@...nel.org; edumazet@...gle.com; Fengtao (fengtao, Euler) <fengtao40@...wei.com>; kuba@...nel.org; linux-kernel@...r.kernel.org; netdev@...r.kernel.org; pabeni@...hat.com; Yanan (Euler) <yanan@...wei.com>; kuniyu@...zon.com
> 主题: Re: kernel tcp sockets stuck in FIN_WAIT1 after call tcp_close
>
> From: mengkanglai <mengkanglai2@...wei.com>
> Date: Wed, 13 Nov 2024 12:40:34 +0000
> > Hello, Eric:
> > Commit 151c9c724d05 (tcp: properly terminate timers for kernel
> > sockets) introduce inet_csk_clear_xmit_timers_sync in tcp_close.
> > For kernel sockets it does not hold sk->sk_net_refcnt, if this is
> > kernel tcp socket it will call tcp_send_fin in __tcp_close to send FIN
> > packet to remotes server,
>
> Just curious which subsystem the kernel socket is created by.
>
> Recently, CIFS and sunrpc are (being) converted to hold net refcnt.
>
> CIFS: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7134c7fc48e1441b398e55a862232868a6f0a7
> sunrpc: https://lore.kernel.org/netdev/20241112135434.803890-1-liujian56@huawei.com/
>
> I remember RDS's listener does not hold refcnt but other client sockets (SMC, RDS, MPTCP, CIFS, sunrpc) do.
>
> I think all TCP kernel sockets should hold netns refcnt except for one created at pernet_operations.init() hook like RDS.
>
> > if this fin packet lost due to network faults, tcp should retransmit
> > this fin packet, but tcp_timer stopped by inet_csk_clear_xmit_timers_sync.
> > tcp sockets state will stuck in FIN_WAIT1 and never go away. I think
> > it's not right.
I found this problem when testing nfs. sunrpc: https://lore.kernel.org/netdev/20241112135434.803890-1-liujian56@huawei.com/ will solve this problem.
I agree with that all TCP kernel sockets should hold netns refcnt.
However, for kernel tcp sockets created by other kernel modules through sock_create_kern or sk_alloc(kern=0), it means that they must now hold sk_net_refcnf, otherwise fin will only be sent once and will not be retransmitted when the socket is released.But other use tcp modules may not be aware of hold sk_net_refcnt. should we add a check in tcp_close?
---
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index fb920369c..6b92026a4 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2804,7 +2804,7 @@ void tcp_close(struct sock *sk, long timeout)
lock_sock(sk);
__tcp_close(sk, timeout);
release_sock(sk);
- if (!sk->sk_net_refcnt)
+ if (sk->net != &init_net && !sk->sk_net_refcnt)
inet_csk_clear_xmit_timers_sync(sk);
sock_put(sk);
}
Powered by blists - more mailing lists