lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241210073829.62520-11-kuniyu@amazon.com>
Date: Tue, 10 Dec 2024 16:38:24 +0900
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
	<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
	<pabeni@...hat.com>, Simon Horman <horms@...nel.org>
CC: Kuniyuki Iwashima <kuniyu@...zon.com>, Kuniyuki Iwashima
	<kuni1840@...il.com>, <netdev@...r.kernel.org>
Subject: [PATCH v2 net-next 10/15] socket: Don't count kernel sockets in /proc/net/sockstat.

The first line in /proc/net/sockstat shows the number of
sockets counted by sock_inuse_add().

  $ cat /proc/net/sockstat
  sockets: used 169

The count initially showed the number of userspace sockets,
but now it includes some kernel sockets, which is confusing.

This is because __sk_free() decrements the count based on
sk->sk_net_refcnt, which should be sk->sk_kern_sock.

Let's call sock_inuse_add() based on sk->sk_kern_sock.

Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
---
 fs/smb/client/connect.c |  1 -
 net/core/sock.c         | 17 ++++++++++-------
 net/mptcp/subflow.c     |  2 +-
 net/rds/tcp.c           |  1 -
 net/smc/af_smc.c        |  1 -
 net/sunrpc/svcsock.c    |  2 +-
 net/sunrpc/xprtsock.c   |  1 -
 7 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index 1efef860d20c..9f6daa32c083 100644
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -3146,7 +3146,6 @@ generic_ip_connect(struct TCP_Server_Info *server)
 		__netns_tracker_free(net, &sk->ns_tracker, false);
 		sk->sk_net_refcnt = 1;
 		get_net_track(net, &sk->ns_tracker, GFP_KERNEL);
-		sock_inuse_add(net, 1);
 
 		/* BB other socket options to set KEEPALIVE, NODELAY? */
 		cifs_dbg(FYI, "Socket created\n");
diff --git a/net/core/sock.c b/net/core/sock.c
index 11aa6d8c0cdd..4041152c7024 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2227,16 +2227,17 @@ struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
 
 		DEBUG_NET_WARN_ON_ONCE(!kern && !hold_net);
 		sk->sk_kern_sock = kern;
+		if (likely(!kern))
+			sock_inuse_add(net, 1);
+
 		sock_lock_init(sk);
 
 		sk->sk_net_refcnt = hold_net;
-		if (likely(sk->sk_net_refcnt)) {
+		if (likely(sk->sk_net_refcnt))
 			get_net_track(net, &sk->ns_tracker, priority);
-			sock_inuse_add(net, 1);
-		} else {
+		else
 			__netns_tracker_alloc(net, &sk->ns_tracker,
 					      false, priority);
-		}
 
 		sock_net_set(sk, net);
 		refcount_set(&sk->sk_wmem_alloc, 1);
@@ -2314,7 +2315,7 @@ void sk_destruct(struct sock *sk)
 
 static void __sk_free(struct sock *sk)
 {
-	if (likely(sk->sk_net_refcnt))
+	if (likely(!sk->sk_kern_sock))
 		sock_inuse_add(sock_net(sk), -1);
 
 	if (unlikely(sk->sk_net_refcnt && sock_diag_has_destroy_listeners(sk)))
@@ -2383,10 +2384,11 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
 
 	newsk->sk_prot_creator = prot;
 
-	/* SANITY */
+	if (likely(!sk->sk_kern_sock))
+		sock_inuse_add(sock_net(newsk), 1);
+
 	if (likely(newsk->sk_net_refcnt)) {
 		get_net_track(sock_net(newsk), &newsk->ns_tracker, priority);
-		sock_inuse_add(sock_net(newsk), 1);
 	} else {
 		/* Kernel sockets are not elevating the struct net refcount.
 		 * Instead, use a tracker to more easily detect if a layer
@@ -2396,6 +2398,7 @@ struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
 		__netns_tracker_alloc(sock_net(newsk), &newsk->ns_tracker,
 				      false, priority);
 	}
+
 	sk_node_init(&newsk->sk_node);
 	sock_lock_init(newsk);
 	bh_lock_sock(newsk);
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index fd021cf8286e..fc534290f119 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -1775,7 +1775,7 @@ int mptcp_subflow_create_socket(struct sock *sk, unsigned short family,
 	__netns_tracker_free(net, &sf->sk->ns_tracker, false);
 	sf->sk->sk_net_refcnt = 1;
 	get_net_track(net, &sf->sk->ns_tracker, GFP_KERNEL);
-	sock_inuse_add(net, 1);
+
 	err = tcp_set_ulp(sf->sk, "mptcp");
 	if (err)
 		goto err_free;
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index 351ac1747224..f7e8a309f678 100644
--- a/net/rds/tcp.c
+++ b/net/rds/tcp.c
@@ -507,7 +507,6 @@ bool rds_tcp_tune(struct socket *sock)
 
 		sk->sk_net_refcnt = 1;
 		netns_tracker_alloc(net, &sk->ns_tracker, GFP_KERNEL);
-		sock_inuse_add(net, 1);
 	}
 	rtn = net_generic(net, rds_tcp_netid);
 	if (rtn->sndbuf_size > 0) {
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 9b5738a55dde..10f9968f87b1 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -3324,7 +3324,6 @@ int smc_create_clcsk(struct net *net, struct sock *sk, int family)
 	__netns_tracker_free(net, &sk->ns_tracker, false);
 	sk->sk_net_refcnt = 1;
 	get_net_track(net, &sk->ns_tracker, GFP_KERNEL);
-	sock_inuse_add(net, 1);
 	return 0;
 }
 
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index 9583bad3d150..bdea406308a8 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -1554,7 +1554,7 @@ static struct svc_xprt *svc_create_socket(struct svc_serv *serv,
 		__netns_tracker_free(net, &sock->sk->ns_tracker, false);
 		sock->sk->sk_net_refcnt = 1;
 		get_net_track(net, &sock->sk->ns_tracker, GFP_KERNEL);
-		sock_inuse_add(net, 1);
+
 		if ((error = kernel_listen(sock, 64)) < 0)
 			goto bummer;
 	}
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index feb1768e8a57..1bc3a480d919 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -1945,7 +1945,6 @@ static struct socket *xs_create_sock(struct rpc_xprt *xprt,
 		__netns_tracker_free(xprt->xprt_net, &sock->sk->ns_tracker, false);
 		sock->sk->sk_net_refcnt = 1;
 		get_net_track(xprt->xprt_net, &sock->sk->ns_tracker, GFP_KERNEL);
-		sock_inuse_add(xprt->xprt_net, 1);
 	}
 
 	filp = sock_alloc_file(sock, O_NONBLOCK, NULL);
-- 
2.39.5 (Apple Git-154)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ