From nobody Fri Apr 19 09:26:06 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:ab0:590e:0:0:0:0:0 with SMTP id n14csp682871uad; Thu, 4 Aug 2022 17:21:38 -0700 (PDT) X-Google-Smtp-Source: AA6agR7N5AEgQ7BQaYDvrkgY5PX0T7v5tyATPS4ssW+BtHQPiEb8FPr1e1zKmIMZYMDzZuzJGcgZ X-Received: by 2002:a17:902:bb91:b0:16c:3f7f:6df0 with SMTP id m17-20020a170902bb9100b0016c3f7f6df0mr4221276pls.99.1659658898474; Thu, 04 Aug 2022 17:21:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659658898; cv=none; d=google.com; s=arc-20160816; b=iMkUMtnX6IdWG1tk0MoQP3VtmKYYDCLw4IjqHh6JrBN8siwX7b/6ZvpzUPO+KHtqwa U+4E1zPraOHsPmA1vbFbAnXeUbH6T5UFgw+6yzjwyGb2Jmxp7uB8xpuLIemOx4dxWm6k Wp8rlx6jeL4QNzacNDnTWxIS5diBlmYq4SaZS1TfEfbgwKc6fVLaGYgNI6VXk3jQf/tX Cwg+0aDYyFS2zVUQ02MWvShaPfaQ1DZwljJv0XLVlCw/gaRNJzHN5LkTRNxAAR20z+VM F17UOjQdn503E/f0OBOubQ+Js7TUT7xmoj5kJI4Y3w9WYWWyUUWijhCpbS/6JNxqb16U kIJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=Y+eAKwtDuBys9jGUz8WhlNdRPvGT/7BI+FuzXTnJoiE=; b=jG5DZZbqxz5z7uPgcoAJlTCIoX1SlNeR/swINRillq/kBkxtb+g0m56lwoDHR7sHhX z90rc0oTYl0b3A9FeePdF1hS1Z6CnzC2z0lmp9OHBtxZwC2d3Uyw+xgSNXNnrPThwOvx HrdpUtbjl9Q6DmFjbsKNWnOos48Lwyb+1PcJOWt6f8JYYABWx5SzVxhWsnVsp0zJWyWE XwPs4ndrrY0KeBNk60Tp7vUdebQ05qUgH7DjT0t73zlV/dqddLM0RYZC44HWJlDD8a4g l0wbIoJ1h9nvK+/+v59yvLd67jUENDwx+0ZNFTsaOrXzYOx30Tqt9TdOTlp5tNpHiuQI +cbg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=j1YHneIF; spf=pass (google.com: domain of mptcp+bounces-6122-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="mptcp+bounces-6122-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id oa18-20020a17090b1bd200b001ef851440f0si7200499pjb.11.2022.08.04.17.21.38 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Aug 2022 17:21:38 -0700 (PDT) Received-SPF: pass (google.com: domain of mptcp+bounces-6122-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=j1YHneIF; spf=pass (google.com: domain of mptcp+bounces-6122-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="mptcp+bounces-6122-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 3A288280C02 for ; Fri, 5 Aug 2022 00:21:38 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AF9677F5; Fri, 5 Aug 2022 00:21:37 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 449F07E9 for ; Fri, 5 Aug 2022 00:21:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1659658896; x=1691194896; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=SYwNjrUGNlXKJ+DznD96iZmHPRQB1EKPhXt4WC93cEE=; b=j1YHneIFoUDN+QY4YTsGDLdKiBeTPb0gDGBbRD9jDqRjmiaEDj70ytPp gKFHm6p64Ogl6OF0cTumTgxjdJHomT0qXOqsuFthg1i80CFPNi54LX6b+ 0tKCatwp3utq2UL5irAgaTK7s73dysnv8OlkcUnOWDcHyL6A65rA49CZp cp+RNX3QbSRo4NdX1k/bEEqMaNXEgPmYkLYW7cp0KZPlGUs6xy+WJ9CJV QTej55ckgFFrsw1Zng8UhQfQZ37ebRe88NUJsWvxD6dVfh3zWmQSs8Pqp Oi5fHKET2svTVXuEhDBnOHjY5svFtSGNh0WO25J7mAN+0JTTw3Zm5RPio A==; X-IronPort-AV: E=McAfee;i="6400,9594,10429"; a="354084845" X-IronPort-AV: E=Sophos;i="5.93,216,1654585200"; d="scan'208";a="354084845" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2022 17:21:34 -0700 X-IronPort-AV: E=Sophos;i="5.93,216,1654585200"; d="scan'208";a="729810990" Received: from ramankur-mobl.amr.corp.intel.com (HELO mjmartin-desk2.intel.com) ([10.212.169.219]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2022 17:21:34 -0700 From: Mat Martineau To: netdev@vger.kernel.org Cc: Paolo Abeni , davem@davemloft.net, kuba@kernel.org, edumazet@google.com, matthieu.baerts@tessares.net, fw@strlen.de, dcaratti@redhat.com, mptcp@lists.linux.dev, Nguyen Dinh Phi , Mat Martineau Subject: [PATCH net 1/3] mptcp: move subflow cleanup in mptcp_destroy_common() Date: Thu, 4 Aug 2022 17:21:25 -0700 Message-Id: <20220805002127.88430-2-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220805002127.88430-1-mathew.j.martineau@linux.intel.com> References: <20220805002127.88430-1-mathew.j.martineau@linux.intel.com> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Paolo Abeni If the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE eBPF program, the MPTCP protocol ends-up leaking all the subflows: the related cleanup happens in __mptcp_destroy_sock() that is not invoked in such code path. Address the issue moving the subflow sockets cleanup in the mptcp_destroy_common() helper, which is invoked in every msk cleanup path. Additionally get rid of the intermediate list_splice_init step, which is an unneeded relic from the past. The issue is present since before the reported root cause commit, but any attempt to backport the fix before that hash will require a complete rewrite. Fixes: e16163b6e2 ("mptcp: refactor shutdown and close") Reported-by: Nguyen Dinh Phi Reviewed-by: Mat Martineau Co-developed-by: Nguyen Dinh Phi Signed-off-by: Nguyen Dinh Phi Signed-off-by: Paolo Abeni Signed-off-by: Mat Martineau --- net/mptcp/protocol.c | 39 +++++++++++++++------------------------ net/mptcp/protocol.h | 2 +- net/mptcp/subflow.c | 3 ++- 3 files changed, 18 insertions(+), 26 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index a3f1c1461874..07fcc86e1fc9 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2769,30 +2769,16 @@ static void __mptcp_wr_shutdown(struct sock *sk) =20 static void __mptcp_destroy_sock(struct sock *sk) { - struct mptcp_subflow_context *subflow, *tmp; struct mptcp_sock *msk =3D mptcp_sk(sk); - LIST_HEAD(conn_list); =20 pr_debug("msk=3D%p", msk); =20 might_sleep(); =20 - /* join list will be eventually flushed (with rst) at sock lock release t= ime*/ - list_splice_init(&msk->conn_list, &conn_list); - mptcp_stop_timer(sk); sk_stop_timer(sk, &sk->sk_timer); msk->pm.status =3D 0; =20 - /* clears msk->subflow, allowing the following loop to close - * even the initial subflow - */ - mptcp_dispose_initial_subflow(msk); - list_for_each_entry_safe(subflow, tmp, &conn_list, node) { - struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); - __mptcp_close_ssk(sk, ssk, subflow, 0); - } - sk->sk_prot->destroy(sk); =20 WARN_ON_ONCE(msk->rmem_fwd_alloc); @@ -2884,24 +2870,20 @@ static void mptcp_copy_inaddrs(struct sock *msk, co= nst struct sock *ssk) =20 static int mptcp_disconnect(struct sock *sk, int flags) { - struct mptcp_subflow_context *subflow, *tmp; struct mptcp_sock *msk =3D mptcp_sk(sk); =20 inet_sk_state_store(sk, TCP_CLOSE); =20 - list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) { - struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); - - __mptcp_close_ssk(sk, ssk, subflow, MPTCP_CF_FASTCLOSE); - } - mptcp_stop_timer(sk); sk_stop_timer(sk, &sk->sk_timer); =20 if (mptcp_sk(sk)->token) mptcp_event(MPTCP_EVENT_CLOSED, mptcp_sk(sk), NULL, GFP_KERNEL); =20 - mptcp_destroy_common(msk); + /* msk->subflow is still intact, the following will not free the first + * subflow + */ + mptcp_destroy_common(msk, MPTCP_CF_FASTCLOSE); msk->last_snd =3D NULL; WRITE_ONCE(msk->flags, 0); msk->cb_flags =3D 0; @@ -3051,12 +3033,17 @@ static struct sock *mptcp_accept(struct sock *sk, i= nt flags, int *err, return newsk; } =20 -void mptcp_destroy_common(struct mptcp_sock *msk) +void mptcp_destroy_common(struct mptcp_sock *msk, unsigned int flags) { + struct mptcp_subflow_context *subflow, *tmp; struct sock *sk =3D (struct sock *)msk; =20 __mptcp_clear_xmit(sk); =20 + /* join list will be eventually flushed (with rst) at sock lock release t= ime */ + list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) + __mptcp_close_ssk(sk, mptcp_subflow_tcp_sock(subflow), subflow, flags); + /* move to sk_receive_queue, sk_stream_kill_queues will purge it */ mptcp_data_lock(sk); skb_queue_splice_tail_init(&msk->receive_queue, &sk->sk_receive_queue); @@ -3078,7 +3065,11 @@ static void mptcp_destroy(struct sock *sk) { struct mptcp_sock *msk =3D mptcp_sk(sk); =20 - mptcp_destroy_common(msk); + /* clears msk->subflow, allowing the following to close + * even the initial subflow + */ + mptcp_dispose_initial_subflow(msk); + mptcp_destroy_common(msk, 0); sk_sockets_allocated_dec(sk); } =20 diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 5d6043c16b09..40881a7df5d5 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -717,7 +717,7 @@ static inline void mptcp_write_space(struct sock *sk) } } =20 -void mptcp_destroy_common(struct mptcp_sock *msk); +void mptcp_destroy_common(struct mptcp_sock *msk, unsigned int flags); =20 #define MPTCP_TOKEN_MAX_RETRIES 4 =20 diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 901c763dcdbb..c7d49fb6e7bd 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -621,7 +621,8 @@ static void mptcp_sock_destruct(struct sock *sk) sock_orphan(sk); } =20 - mptcp_destroy_common(mptcp_sk(sk)); + /* We don't need to clear msk->subflow, as it's still NULL at this point = */ + mptcp_destroy_common(mptcp_sk(sk), 0); inet_sock_destruct(sk); } =20 --=20 2.37.1 From nobody Fri Apr 19 09:26:06 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:ab0:590e:0:0:0:0:0 with SMTP id n14csp682881uad; Thu, 4 Aug 2022 17:21:40 -0700 (PDT) X-Google-Smtp-Source: AA6agR4gWj18rKlQxXK2Z2s6iEhwQa+f7aqJ4urq10tJJauR92oFENfTopXhdiu5xVALsTqstO1a X-Received: by 2002:a63:6884:0:b0:415:b761:efa4 with SMTP id d126-20020a636884000000b00415b761efa4mr3653311pgc.274.1659658900146; Thu, 04 Aug 2022 17:21:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659658900; cv=none; d=google.com; s=arc-20160816; b=jEe3NrcMPxwzJFod8tUfIJTPOe3GZliQNBfNIwWws2DoRldAPxEZnzknecheMochAl nhGeDCGKHUMLByGiNb9zkECgUbOa+TBQpYP8vugnDY6HiAZC7Ylht3Ri5HGwvJGHv4bw sQDasUKuKHhL2EoA/Nlyk3FNonc0ufxn4Je10/CboAgZ0V3cV//kBF4diSRx3UEgcvfj qj6sFTkRHpYT2suH+nrvqDN+Z66gGl1Znrg+jeofUEgkxlwwMgOFGHS6dJCh3Cx0JCUe najgnZ6iSqGmgvUlzu0UE6Y7O90M3x6RN8Sh3L3mbmw3IU9Qyw4oruBgU0vyyZM4UoVj 63kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=zjfzIAQb6Cz6f/zSPsYfd2BluaG5wOf6MMnPdlKw7Xk=; b=kZ2ysgwaR7EMUGfyQ+7+J2y9+NVbvEwrASuRl4vJB9Ky+5/aOxRCcauZL6oqga745Y rtT2qWb+71wJhbg664HOpCQ8MVaJfpVrUiKgQrS0kerNSUemSNPyXVSv6Xo+ZJm2P+vD ucTsnJIt4/U1USoiXFwieCLDSH9LaJawBtcR0Je1ynIperiNrmHH0/JZhXoEpPiM0+RX e2VF7+EuHG+oGdy9llAccOiVYuUYOjcyZ17G30IHeYm0fKPlo8mApsjWL8Mrw19qmkWa lL3hJyF5wGsyrpqy+X/E52EN6hHtnYp+4/B/iMQN9AN9F2QAL1o9AY38zdx4B2ILluUa f6tA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=T9I0sn96; spf=pass (google.com: domain of mptcp+bounces-6123-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 139.178.88.99 as permitted sender) smtp.mailfrom="mptcp+bounces-6123-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id q13-20020a170902b10d00b0016ccf06c2aesi2275026plr.512.2022.08.04.17.21.39 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Aug 2022 17:21:40 -0700 (PDT) Received-SPF: pass (google.com: domain of mptcp+bounces-6123-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=T9I0sn96; spf=pass (google.com: domain of mptcp+bounces-6123-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 139.178.88.99 as permitted sender) smtp.mailfrom="mptcp+bounces-6123-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8E9B3280C21 for ; Fri, 5 Aug 2022 00:21:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D6A7F7FC; Fri, 5 Aug 2022 00:21:37 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 676967EE for ; Fri, 5 Aug 2022 00:21:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1659658896; x=1691194896; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=As8F2NZFMzIE3CqfkdUNC3uOYKMCXanxAzq2aOrswzE=; b=T9I0sn96Jca6LT8z/QB9H++Xp4YA8SPqkQtcf8ud2QzHV9kcYYzI4Ktr E/F6s26sxdcqQSa1mtXY9IvwGrRF+rcnJt1Y4Ydn4i9UwsrhbzbQfubFF 4YtZ+l0Ue6tvMyoWDEvCl+NpgILYy779BtFJOJ1g9LD3Kyek8NajAIvvO xiabMAtc0daNiuxUuSDxzYt7pjBPftP6s45Tfx86C0Glvu1LkogOJ1/7K 0oDbPiwDlkuW75VQvCbwpudGD2KFWa2IW44Pv20bdEn8YXr9cdyypbSsV aLcvOTWm8pl1oZC5sK0l3pvxEMOlxwQYon1dg/+M+wwI3YsIC6IKtgGby w==; X-IronPort-AV: E=McAfee;i="6400,9594,10429"; a="354084846" X-IronPort-AV: E=Sophos;i="5.93,216,1654585200"; d="scan'208";a="354084846" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2022 17:21:34 -0700 X-IronPort-AV: E=Sophos;i="5.93,216,1654585200"; d="scan'208";a="729810991" Received: from ramankur-mobl.amr.corp.intel.com (HELO mjmartin-desk2.intel.com) ([10.212.169.219]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2022 17:21:34 -0700 From: Mat Martineau To: netdev@vger.kernel.org Cc: Paolo Abeni , davem@davemloft.net, kuba@kernel.org, edumazet@google.com, matthieu.baerts@tessares.net, fw@strlen.de, dcaratti@redhat.com, mptcp@lists.linux.dev, Dipanjan Das , Mat Martineau Subject: [PATCH net 2/3] mptcp: do not queue data on closed subflows Date: Thu, 4 Aug 2022 17:21:26 -0700 Message-Id: <20220805002127.88430-3-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220805002127.88430-1-mathew.j.martineau@linux.intel.com> References: <20220805002127.88430-1-mathew.j.martineau@linux.intel.com> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Paolo Abeni Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/af_inet.c:153 inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153 Modules linked in: uio_ivshmem(OE) uio(E) CPU: 1 PID: 10818 Comm: kworker/1:16 Tainted: G OE 5.19.0-rc6-g2eae0556bb9d #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: events mptcp_worker RIP: 0010:inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153 Code: 21 02 00 00 41 8b 9c 24 28 02 00 00 e9 07 ff ff ff e8 34 4d 91 f9 89 ee 4c 89 e7 e8 4a 47 60 ff e9 a6 fc ff ff e8 20 4d 91 f9 <0f> 0b e9 84 fe ff ff e8 14 4d 91 f9 0f 0b e9 d4 fd ff ff e8 08 4d RSP: 0018:ffffc9001b35fa78 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000002879d0 RCX: ffff8881326f3b00 RDX: 0000000000000000 RSI: ffff8881326f3b00 RDI: 0000000000000002 RBP: ffff888179662674 R08: ffffffff87e983a0 R09: 0000000000000000 R10: 0000000000000005 R11: 00000000000004ea R12: ffff888179662400 R13: ffff888179662428 R14: 0000000000000001 R15: ffff88817e38e258 FS: 0000000000000000(0000) GS:ffff8881f5f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020007bc0 CR3: 0000000179592000 CR4: 0000000000150ee0 Call Trace: __sk_destruct+0x4f/0x8e0 net/core/sock.c:2067 sk_destruct+0xbd/0xe0 net/core/sock.c:2112 __sk_free+0xef/0x3d0 net/core/sock.c:2123 sk_free+0x78/0xa0 net/core/sock.c:2134 sock_put include/net/sock.h:1927 [inline] __mptcp_close_ssk+0x50f/0x780 net/mptcp/protocol.c:2351 __mptcp_destroy_sock+0x332/0x760 net/mptcp/protocol.c:2828 mptcp_worker+0x5d2/0xc90 net/mptcp/protocol.c:2586 process_one_work+0x9cc/0x1650 kernel/workqueue.c:2289 worker_thread+0x623/0x1070 kernel/workqueue.c:2436 kthread+0x2e9/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 The root cause of the problem is that an mptcp-level (re)transmit can race with mptcp_close() and the packet scheduler checks the subflow state before acquiring the socket lock: we can try to (re)transmit on an already closed ssk. Fix the issue checking again the subflow socket status under the subflow socket lock protection. Additionally add the missing check for the fallback-to-tcp case. Fixes: d5f49190def6 ("mptcp: allow picking different xmit subflows") Reported-by: Dipanjan Das Reviewed-by: Mat Martineau Signed-off-by: Paolo Abeni Signed-off-by: Mat Martineau --- net/mptcp/protocol.c | 8 +++++++- net/mptcp/protocol.h | 11 +++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 07fcc86e1fc9..da4257504fad 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1240,6 +1240,9 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct= sock *ssk, info->limit > dfrag->data_len)) return 0; =20 + if (unlikely(!__tcp_can_send(ssk))) + return -EAGAIN; + /* compute send limit */ info->mss_now =3D tcp_send_mss(ssk, &info->size_goal, info->flags); copy =3D info->size_goal; @@ -1413,7 +1416,8 @@ static struct sock *mptcp_subflow_get_send(struct mpt= cp_sock *msk) if (__mptcp_check_fallback(msk)) { if (!msk->first) return NULL; - return sk_stream_memory_free(msk->first) ? msk->first : NULL; + return __tcp_can_send(msk->first) && + sk_stream_memory_free(msk->first) ? msk->first : NULL; } =20 /* re-use last subflow, if the burst allow that */ @@ -1564,6 +1568,8 @@ void __mptcp_push_pending(struct sock *sk, unsigned i= nt flags) =20 ret =3D mptcp_sendmsg_frag(sk, ssk, dfrag, &info); if (ret <=3D 0) { + if (ret =3D=3D -EAGAIN) + continue; mptcp_push_release(ssk, &info); goto out; } diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 40881a7df5d5..132d50833df1 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -624,16 +624,19 @@ void mptcp_info2sockaddr(const struct mptcp_addr_info= *info, struct sockaddr_storage *addr, unsigned short family); =20 -static inline bool __mptcp_subflow_active(struct mptcp_subflow_context *su= bflow) +static inline bool __tcp_can_send(const struct sock *ssk) { - struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); + /* only send if our side has not closed yet */ + return ((1 << inet_sk_state_load(ssk)) & (TCPF_ESTABLISHED | TCPF_CLOSE_W= AIT)); +} =20 +static inline bool __mptcp_subflow_active(struct mptcp_subflow_context *su= bflow) +{ /* can't send if JOIN hasn't completed yet (i.e. is usable for mptcp) */ if (subflow->request_join && !subflow->fully_established) return false; =20 - /* only send if our side has not closed yet */ - return ((1 << ssk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT)); + return __tcp_can_send(mptcp_subflow_tcp_sock(subflow)); } =20 void mptcp_subflow_set_active(struct mptcp_subflow_context *subflow); --=20 2.37.1 From nobody Fri Apr 19 09:26:06 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:ab0:590e:0:0:0:0:0 with SMTP id n14csp682885uad; Thu, 4 Aug 2022 17:21:41 -0700 (PDT) X-Google-Smtp-Source: AA6agR7CSdhsZ//UoI+4h6GYwxggm3+h0QNlAaFgUBzuAiX2SeH6fFMxAJtaVAJj40XQAQQhMT8j X-Received: by 2002:a05:620a:2a0a:b0:6b5:e1f5:d92e with SMTP id o10-20020a05620a2a0a00b006b5e1f5d92emr3542284qkp.719.1659658901275; Thu, 04 Aug 2022 17:21:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659658901; cv=none; d=google.com; s=arc-20160816; b=Ruje4ECKanAb8FNQpk4eYScIsSBDKXlP75bPHQk7bb4IacAUYN/B8I7hc8O8x3wFzf Y2cm0BVtxqu81oKkjVMTbEOiy19oqq0GPgsFRRKzKhkkgg4C2Mu9IRYHaWAOloqIEdMz RmTmpBj5JfnP3iGjKjjmAPa3kpIG9Tk19vCBTFjgUH5t0mKtMq3fR/AXTl8Y6+gACkoa yv7QvZzjrAMui3vJK/GJdT3BGzAImOvuQtgqF9tnBFua0mMgyvcR2JgtJs5AevAAc/Mt +WHkDBUy7hgzhf0F6+DZaQxuK0RM0UnKostZUfZgaFFXAbU/MG3P30YOmjTful55J/72 pnXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=MEZdXGn/Org9a9B636qvhjFveBMMCH6nHSq72x7c/rA=; b=aAiFQV9ufY9uoF1zgZ606x2sma6pAUy7rRl9WCrHFPwMTf88QI3D6BmP4zay1Z0qCW 0E/kQKRK/pPDjf8+xC9RXPeT2QghIt12GEIP24W6u6JoAwDYJEW13K2mHcovas235/Iw jclCY9tpXK4ncIc1pZw7diJt9Mq6oOG4y1e2WKeevBjVnOsiFXpkYVz+unKxBk3IvBdd KBT2BnH8U9RoBVfh5eBfSYo34jjRFSpC7036ZHiV6i7DKNFR6PtRIQAxSoUD+fdjWWz8 f2yEceaA7TY2hm6fjk/m1pm4UXcdF6O9L8ksJFunCcfvxESaA9OQiE70iGI1cw+VqgZO h5uQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=IbsXSi4P; spf=pass (google.com: domain of mptcp+bounces-6124-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.199.223 as permitted sender) smtp.mailfrom="mptcp+bounces-6124-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id c5-20020a05620a268500b006b8dff8f7ddsi1826107qkp.397.2022.08.04.17.21.41 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Aug 2022 17:21:41 -0700 (PDT) Received-SPF: pass (google.com: domain of mptcp+bounces-6124-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=IbsXSi4P; spf=pass (google.com: domain of mptcp+bounces-6124-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 147.75.199.223 as permitted sender) smtp.mailfrom="mptcp+bounces-6124-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id E67441C209A1 for ; Fri, 5 Aug 2022 00:21:40 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 324017E8; Fri, 5 Aug 2022 00:21:39 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B40C87E9 for ; Fri, 5 Aug 2022 00:21:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1659658897; x=1691194897; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=lfrTHdhyC6ywAdzyLkgsZFix3MXo+dFu0OSQV5qmghE=; b=IbsXSi4P+bE9fmeZlZi+TYKcrcFCfK30skCb0OeBI5H4Le75657+C3/w 6GL/vv+vZfs4xOLgv37a9J6ffhQP5gGMvXsmjqUorQkRiUKlHDCP/Hk7i P31cl0jM3W6NKciTiiSo9YmMOtjA8pvKNoUIr9EdU5g47Rbyl/y9jcWxC 2TGleb94F5AybstPwsKj5grpLooWn+pYgoCrQYZMY2ITJJ9yS6UvVig1u Zj1exdcsBO+dg0Ct2ppYeB2V+S0YnfxU6yQHueilClVDW/f98Btq7Y7AL zmpck3g+01DHfvdT2XVO+sgb8nK5MMVBfUe9B0/luq2TR95WeqfYTLpQy w==; X-IronPort-AV: E=McAfee;i="6400,9594,10429"; a="354084847" X-IronPort-AV: E=Sophos;i="5.93,216,1654585200"; d="scan'208";a="354084847" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2022 17:21:34 -0700 X-IronPort-AV: E=Sophos;i="5.93,216,1654585200"; d="scan'208";a="729810992" Received: from ramankur-mobl.amr.corp.intel.com (HELO mjmartin-desk2.intel.com) ([10.212.169.219]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2022 17:21:34 -0700 From: Mat Martineau To: netdev@vger.kernel.org Cc: Florian Westphal , davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, edumazet@google.com, matthieu.baerts@tessares.net, dcaratti@redhat.com, mptcp@lists.linux.dev, Xiumei Mu , Mat Martineau Subject: [PATCH net 3/3] selftests: mptcp: make sendfile selftest work Date: Thu, 4 Aug 2022 17:21:27 -0700 Message-Id: <20220805002127.88430-4-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220805002127.88430-1-mathew.j.martineau@linux.intel.com> References: <20220805002127.88430-1-mathew.j.martineau@linux.intel.com> Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Florian Westphal When the selftest got added, sendfile() on mptcp sockets returned -EOPNOTSUPP, so running 'mptcp_connect.sh -m sendfile' failed immediately. This is no longer the case, but the script fails anyway due to timeout. Let the receiver know once the sender has sent all data, just like with '-m mmap' mode. v2: need to respect cfg_wait too, as pm_userspace.sh relied on -m sendfile to keep the connection open (Mat Martineau) Fixes: 048d19d444be ("mptcp: add basic kselftest for mptcp") Reported-by: Xiumei Mu Reviewed-by: Mat Martineau Signed-off-by: Florian Westphal Signed-off-by: Mat Martineau --- .../selftests/net/mptcp/mptcp_connect.c | 26 ++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.c b/tools/test= ing/selftests/net/mptcp/mptcp_connect.c index e2ea6c126c99..24d4e9cb617e 100644 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.c +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c @@ -553,6 +553,18 @@ static void set_nonblock(int fd, bool nonblock) fcntl(fd, F_SETFL, flags & ~O_NONBLOCK); } =20 +static void shut_wr(int fd) +{ + /* Close our write side, ev. give some time + * for address notification and/or checking + * the current status + */ + if (cfg_wait) + usleep(cfg_wait); + + shutdown(fd, SHUT_WR); +} + static int copyfd_io_poll(int infd, int peerfd, int outfd, bool *in_closed= _after_out) { struct pollfd fds =3D { @@ -630,14 +642,7 @@ static int copyfd_io_poll(int infd, int peerfd, int ou= tfd, bool *in_closed_after /* ... and peer also closed already */ break; =20 - /* ... but we still receive. - * Close our write side, ev. give some time - * for address notification and/or checking - * the current status - */ - if (cfg_wait) - usleep(cfg_wait); - shutdown(peerfd, SHUT_WR); + shut_wr(peerfd); } else { if (errno =3D=3D EINTR) continue; @@ -767,7 +772,7 @@ static int copyfd_io_mmap(int infd, int peerfd, int out= fd, if (err) return err; =20 - shutdown(peerfd, SHUT_WR); + shut_wr(peerfd); =20 err =3D do_recvfile(peerfd, outfd); *in_closed_after_out =3D true; @@ -791,6 +796,9 @@ static int copyfd_io_sendfile(int infd, int peerfd, int= outfd, err =3D do_sendfile(infd, peerfd, size); if (err) return err; + + shut_wr(peerfd); + err =3D do_recvfile(peerfd, outfd); *in_closed_after_out =3D true; } --=20 2.37.1