From nobody Fri May 3 08:05:39 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DC0DC4321E for ; Mon, 28 Nov 2022 15:43:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232027AbiK1Pnl (ORCPT ); Mon, 28 Nov 2022 10:43:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231816AbiK1Pne (ORCPT ); Mon, 28 Nov 2022 10:43:34 -0500 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3DDB21DA4F for ; Mon, 28 Nov 2022 07:43:33 -0800 (PST) Received: by mail-ej1-x636.google.com with SMTP id vv4so26881592ejc.2 for ; Mon, 28 Nov 2022 07:43:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares.net; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=I/8IHKCk+zYHnC/CiuG7M+HRlHow+nOmS5vrwm/o5FA=; b=L9WNJP5LJHYF18H4DLeWGK5GpKgB9HyjoFnJUOhvucW72h3rwGYO0PEFfdTN1YTj8k LGBrxNBv3hdE9Qa1WdyWSJqlaAnnCU1Pk99Lhde1Y3DIa+tgztWjdUxpiepP5sH8PJ+P iixwhnEIla9Fd4tir+FU4HIvMncXshBMn7XJ4AnYPeBlUVIOwW0j0ZbkOltM3VrL62Xq 0MXE+AYd9ZQbM23u9gA2G6Gtn+3MZzdL+mBqtSPn7uyeTuf+ze+71xoo2MfpBExBxtFF 4/Ip8KonrPpVqd6OLJvAolr1Dy+FyGka2hQHufxu2W47rlTzsirq1HHze6US+ljfOZN1 LBwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I/8IHKCk+zYHnC/CiuG7M+HRlHow+nOmS5vrwm/o5FA=; b=cfqBRpFpozLco5dkvDEn4LwNBDoiNKhEB5+L4AabIFNM5dj984jrTLTZ2/OxVTy6uj caqe/vzm/w4RpdJZ8ZpEz9hKso1NuYsd+QSpFwSgPZMCBYG6Jgf5IZomApgewvLXcOhl rwHPkXRDPrE47vcqMD9Pd7wIGQpsmQXBU0XRT5zm/hwWWYm+hRyq9XnvcvN+zHXUXhUH Vta/zPMTKHR20icXKq1ILSQtp+XwnjUQmhwGopkGSYvrP9w4W/3Wqh9K447g3BtLyLvI eBIkrdrPZeeJJY60AbxrTY6nzx1Q4+NFkTBngPJQv9ZduOhnrCKvYmbQyiLsPgirf58f cFAw== X-Gm-Message-State: ANoB5pldqfxH/1RoNupYj7/N8Egrq4IdbVlF30eNHkU4x8Gxrny8AgGZ rP4HkKS0F2FPmS2opMkydxxV7w== X-Google-Smtp-Source: AA0mqf4zdMxabC4z75IUBpSayldvbtp6dIPECPxzJje8Er4BmPUwQVk9nxah3pnDMDG2oiihl+U/3Q== X-Received: by 2002:a17:906:cd10:b0:7bc:571f:88be with SMTP id oz16-20020a170906cd1000b007bc571f88bemr3376230ejb.502.1669650211621; Mon, 28 Nov 2022 07:43:31 -0800 (PST) Received: from vdi08.nix.tessares.net (static.219.156.76.144.clients.your-server.de. [144.76.156.219]) by smtp.gmail.com with ESMTPSA id n6-20020aa7db46000000b0046aa2a36954sm4854179edt.97.2022.11.28.07.43.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Nov 2022 07:43:31 -0800 (PST) From: Matthieu Baerts To: Mat Martineau , Matthieu Baerts , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Davide Caratti Cc: Menglong Dong , Biao Jiang , Mengen Sun , netdev@vger.kernel.org, mptcp@lists.linux.dev, linux-kernel@vger.kernel.org Subject: [PATCH net 1/2] mptcp: don't orphan ssk in mptcp_close() Date: Mon, 28 Nov 2022 16:42:37 +0100 Message-Id: <20221128154239.1999234-2-matthieu.baerts@tessares.net> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20221128154239.1999234-1-matthieu.baerts@tessares.net> References: <20221128154239.1999234-1-matthieu.baerts@tessares.net> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2032; i=matthieu.baerts@tessares.net; h=from:subject; bh=JwFWq/JYJtFBTzm2gO+Ux4zYNsCZ00QrIWIAjG1IQbg=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBjhNboj5VtEkoyxoheiF6ow2EM+fzZRpG19HOXr1go owcnACaJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCY4TW6AAKCRD2t4JPQmmgcy/gEA Cpe+2PIrgV1hHxwtFNpQta9QT4g3jbV/udX1SeqxzmI/3RZefsITJ3BL8uw8lxc4XNwNdTGbZwfsBe h2V30S5/cKm9gXqt9GjITpUFDCizvhbiWFuHpXbFrcXWPDV1T3/8v323gM8/seYKlQmf21/GiZ9VFa Z7cIzZLY/Kc++8QKt8okqiOuB/Sco3DfbP/G68dQsIMzdncFbfZbhr9kuWnQyf9hdyTCF1g/Bo4k0T Kvi4d/xWeuDVvfbwDvWoqj/TuaFebhOVsRX4d/2FLpWlAVrJJ+e4h+eKSlH+QgZ8aI3VrSeha1j+tB cenmoMhckkBT5+ApTpzsL39NW7zl7nRJbbS4689ngEPbmUeVjPgxJ6QtcShPJzvdYHzkQaQmXy9oLY BXGi89xpI+p01YvSoF4JkgT7vL/4Dy7WR+3qLMhc4uXdhawRbugU9lhZuEr6afMnPFi0gZ2rFJuIPB GW0Pz6EssT/nodfR/Fr0hNtgqVAmQopn0EdW0CTydHkcLAkc3iC879hMEljeArtyMy2je3Kn+/q0u5 9Lc8uHafbNEPmgnkN36zsjGzVkwH+Z6kKKvdldn0qWLSnUupCFFwDQrIFrm++yiYUF9YQ+pA8pMsQP peZuQz3Yz4mWNozOAuh1qRE4si1PQYMOSHHIcnZ6ZqfjUNcCXfYunlTapXaQ== X-Developer-Key: i=matthieu.baerts@tessares.net; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Menglong Dong All of the subflows of a msk will be orphaned in mptcp_close(), which means the subflows are in DEAD state. After then, DATA_FIN will be sent, and the other side will response with a DATA_ACK for this DATA_FIN. However, if the other side still has pending data, the data that received on these subflows will not be passed to the msk, as they are DEAD and subflow_data_ready() will not be called in tcp_data_ready(). Therefore, these data can't be acked, and they will be retransmitted again and again, until timeout. Fix this by setting ssk->sk_socket and ssk->sk_wq to 'NULL', instead of orphaning the subflows in __mptcp_close(), as Paolo suggested. Fixes: e16163b6e2b7 ("mptcp: refactor shutdown and close") Reviewed-by: Biao Jiang Reviewed-by: Mengen Sun Signed-off-by: Menglong Dong Reviewed-by: Paolo Abeni Signed-off-by: Matthieu Baerts --- net/mptcp/protocol.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index b6dc6e260334..1dbc62537259 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2354,12 +2354,7 @@ static void __mptcp_close_ssk(struct sock *sk, struc= t sock *ssk, goto out; } =20 - /* if we are invoked by the msk cleanup code, the subflow is - * already orphaned - */ - if (ssk->sk_socket) - sock_orphan(ssk); - + sock_orphan(ssk); subflow->disposable =3D 1; =20 /* if ssk hit tcp_done(), tcp_cleanup_ulp() cleared the related ops @@ -2940,7 +2935,11 @@ bool __mptcp_close(struct sock *sk, long timeout) if (ssk =3D=3D msk->first) subflow->fail_tout =3D 0; =20 - sock_orphan(ssk); + /* detach from the parent socket, but allow data_ready to + * push incoming data into the mptcp stack, to properly ack it + */ + ssk->sk_socket =3D NULL; + ssk->sk_wq =3D NULL; unlock_sock_fast(ssk, slow); } sock_orphan(sk); --=20 2.37.2 From nobody Fri May 3 08:05:39 2024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 20558C43217 for ; Mon, 28 Nov 2022 15:43:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231928AbiK1Pno (ORCPT ); Mon, 28 Nov 2022 10:43:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231853AbiK1Png (ORCPT ); Mon, 28 Nov 2022 10:43:36 -0500 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C288C1DA7A for ; Mon, 28 Nov 2022 07:43:34 -0800 (PST) Received: by mail-ed1-x52d.google.com with SMTP id z18so15950606edb.9 for ; Mon, 28 Nov 2022 07:43:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares.net; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YGVijVIXjZ7j9/h6FCoDsleW1+RkPFK8TRFdOx8adZ0=; b=a8CvrWl70Ox/yXGODs+P47pEihWOCr5QSnRi/lPgXiee5SAIL9324apba9sEWWCynu c5OPpYO/t1Ntij8TjoPWU9g1BSzyx3yvxU8vhSeY+LcUGTDDWJmMyemSG31zQm82iUpU 61svGeq2qS+YgrQENxwnSSfuJHLGheGB7JAxY89fvQ+prIyv2v+4g8hwAHikOiHMv9d9 BqBuIisHI3xuM0TTj89nhD2DOtt7hBakfGiIx5Hfdnw1gVqr4BtR7x7SdK3KtBf/sXGO OZMA8WaRDhAopee6s/XvnDzzRlRNcDhrGsHQyYAQT6oIeiTPdX/HPuU8wGY7LG+eI2zc BtPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YGVijVIXjZ7j9/h6FCoDsleW1+RkPFK8TRFdOx8adZ0=; b=f7FOLjGHmLSIV9QGgIbCC8vyobeZ35fIBfA8ZzJjx/2IyQIKI1opZREuoQnkw52WL7 1WbLuFBPS2pj6X08RiTwRI0+/LONrMp++gXi7FIEUi5pqQuaq7XbuOiyNIUQetVDs8ec FQS64Y4sNTnyJ279NuSJNzJFh5qZuWxrHE+d+NbVjITrpsnhPxQXId4p8USi4K1io5Ui fvYDP9z9+TelBidg/d7y1Htg+vO1G34XJZjh6qLMoeRENFM7EiCvvvjjPlu1cH5YXLvT zVpezTocuboy4re4IOhkocan+eRwhUXrR2nkuslCgZU2fqGTI5B6XVC6Rf/kghQQ//CA XK/Q== X-Gm-Message-State: ANoB5pnkoQuKnyhOMLEbCuL85zLNf9VPpW8TfdxSehzBsjluL3ysKrbF mWPUb7KgzXD+zAlOZnmoW7kl6w== X-Google-Smtp-Source: AA0mqf5+WyrmaBUVgrSnAJNrWw1Z8DrCjnR1v+nRHUqndrLXLj3jed+Epe3fHaesOUvIijzgNXmbFQ== X-Received: by 2002:aa7:cc99:0:b0:44e:cd80:843b with SMTP id p25-20020aa7cc99000000b0044ecd80843bmr34106200edt.126.1669650213189; Mon, 28 Nov 2022 07:43:33 -0800 (PST) Received: from vdi08.nix.tessares.net (static.219.156.76.144.clients.your-server.de. [144.76.156.219]) by smtp.gmail.com with ESMTPSA id n6-20020aa7db46000000b0046aa2a36954sm4854179edt.97.2022.11.28.07.43.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Nov 2022 07:43:32 -0800 (PST) From: Matthieu Baerts To: Mat Martineau , Matthieu Baerts , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Menglong Dong , Mengen Sun , Jiang Biao Cc: netdev@vger.kernel.org, mptcp@lists.linux.dev, linux-kernel@vger.kernel.org Subject: [PATCH net 2/2] mptcp: fix sleep in atomic at close time Date: Mon, 28 Nov 2022 16:42:38 +0100 Message-Id: <20221128154239.1999234-3-matthieu.baerts@tessares.net> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20221128154239.1999234-1-matthieu.baerts@tessares.net> References: <20221128154239.1999234-1-matthieu.baerts@tessares.net> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3373; i=matthieu.baerts@tessares.net; h=from:subject; bh=tMvi4+vIcCAwZo0qGbkn3WtN/NKmtz/uPknBepj8oWE=; b=owEBbQKS/ZANAwAIAfa3gk9CaaBzAcsmYgBjhNboS4KbRjjnqAXEMN49GaJI8GuN435taSgbFz5G IH9TYFGJAjMEAAEIAB0WIQToy4X3aHcFem4n93r2t4JPQmmgcwUCY4TW6AAKCRD2t4JPQmmgc7TvD/ 9RFK+WHIzkHceQfrpvewNDQiumCx4bx4DQo0tbQH1jLm8Mt2mn+4nULjhQNVCldAJlLBDijt3YMI70 B8LAk6iYycO7qmCc0pzztbvX9fGi/cyrsPJGwFpNotKitEO3GAapaE9JMn06X4RI6K2yAbZ1KwLZxQ z0/ujyNnZPOh5El0IQd6/IiTZGXpZsPDwKv+f0aJTx9MVdMG+oiOUHCueWZT7VHdyhJ+d0LEfanqdd KvnBvOLjmwZeny/kFVGdLLWOeetAx6OfFxM0aJUpKYYaz0OAd6MGsdcg/sdJuxEREVir4M1+tgKiXB UkYFXAT28Dn+mUZf8w/4IHE3cHtOtKYQDb9Zbgk2OOc2qvW6zVaDTSUELFZm+uaM/Yzz8BFuQMIqhc jxO1iBHeSiSdtUILSK1pCFhcDM31En7dJTTGX6DKzojLgSyvzhkVMESuE7+5o/eMqWaBA+6sCncMHC F9OSGGBGkXSrEOOefV6fu+L+7mWHxrXG3pZJ987mHrr56L8lQfdBxCQErfOZVCfCvrEtNaT52Gktzc xRLaqLVsePlhbmXSjiIU6ad9Nm019XwMYxDJGNbYr0JNR8uy3dT+5FUcKcxSlH8PuL/uupqru2fv1+ fP1+1o3IrCat7DbZBlRB3xaQI4wx4Ks5woy1PfdBII/6dsOG4bGQ53MBtCvA== X-Developer-Key: i=matthieu.baerts@tessares.net; a=openpgp; fpr=E8CB85F76877057A6E27F77AF6B7824F4269A073 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Paolo Abeni Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protoco= l.c:2877 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 155, name: packe= tdrill preempt_count: 201, expected: 0 RCU nest depth: 0, expected: 0 4 locks held by packetdrill/155: #0: ffff888001536990 (&sb->s_type->i_mutex_key#6){+.+.}-{3:3}, at: __so= ck_release (net/socket.c:650) #1: ffff88800b498130 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_close (ne= t/mptcp/protocol.c:2973) #2: ffff88800b49a130 (sk_lock-AF_INET/1){+.+.}-{0:0}, at: __mptcp_close= _ssk (net/mptcp/protocol.c:2363) #3: ffff88800b49a0b0 (slock-AF_INET){+...}-{2:2}, at: __lock_sock_fast = (include/net/sock.h:1820) Preemption disabled at: 0x0 CPU: 1 PID: 155 Comm: packetdrill Not tainted 6.1.0-rc5 #365 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04= /01/2014 Call Trace: dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) __might_resched.cold (kernel/sched/core.c:9891) __mptcp_destroy_sock (include/linux/kernel.h:110) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_subflow_queue_clean (include/net/sock.h:1777) __mptcp_close_ssk (net/mptcp/protocol.c:2363) mptcp_destroy_common (net/mptcp/protocol.c:3170) mptcp_destroy (include/net/sock.h:1495) __mptcp_destroy_sock (net/mptcp/protocol.c:2886) __mptcp_close (net/mptcp/protocol.c:2959) mptcp_close (net/mptcp/protocol.c:2974) inet_release (net/ipv4/af_inet.c:432) __sock_release (net/socket.c:651) sock_close (net/socket.c:1367) __fput (fs/file_table.c:320) task_work_run (kernel/task_work.c:181 (discriminator 1)) exit_to_user_mode_prepare (include/linux/resume_user_mode.h:49) syscall_exit_to_user_mode (kernel/entry/common.c:130) do_syscall_64 (arch/x86/entry/common.c:87) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) We can't call mptcp_close under the 'fast' socket lock variant, replace it with a sock_lock_nested() as the relevant code is already under the listening msk socket lock protection. Reported-by: Matthieu Baerts Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/316 Fixes: 30e51b923e43 ("mptcp: fix unreleased socket in accept queue") Signed-off-by: Paolo Abeni Reviewed-by: Matthieu Baerts Signed-off-by: Matthieu Baerts --- net/mptcp/subflow.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 02a54d59697b..2159b5f9988f 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1745,16 +1745,16 @@ void mptcp_subflow_queue_clean(struct sock *listene= r_ssk) =20 for (msk =3D head; msk; msk =3D next) { struct sock *sk =3D (struct sock *)msk; - bool slow, do_cancel_work; + bool do_cancel_work; =20 sock_hold(sk); - slow =3D lock_sock_fast_nested(sk); + lock_sock_nested(sk, SINGLE_DEPTH_NESTING); next =3D msk->dl_next; msk->first =3D NULL; msk->dl_next =3D NULL; =20 do_cancel_work =3D __mptcp_close(sk, 0); - unlock_sock_fast(sk, slow); + release_sock(sk); if (do_cancel_work) mptcp_cancel_work(sk); sock_put(sk); --=20 2.37.2