From nobody Fri Mar 29 15:11:35 2024 Delivered-To: wpasupplicant.patchew@gmail.com Received: by 2002:ab0:590e:0:0:0:0:0 with SMTP id n14csp213071uad; Fri, 15 Jul 2022 04:11:13 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uoZMiFgM8kmKGoDER1J5tCsLCwIwTDUjkmiC+ePI81nhBKqTfxb4QC3pQztuwFmXjRc2Ke X-Received: by 2002:a63:2bc4:0:b0:419:7b8c:210a with SMTP id r187-20020a632bc4000000b004197b8c210amr11865440pgr.439.1657883473607; Fri, 15 Jul 2022 04:11:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657883473; cv=none; d=google.com; s=arc-20160816; b=GdwfcPOvBIn8lvSrQo56xr2pr8pK2dHli5GubDt4BDPiGnqEO0w3kFiYwX4E9A57WJ 934TcxHoyr4fX7f6PD4AMetBvZNKUIaOUEK/HQC4M+qmRgxM04ESiHt5D1O2Gj9nAe5+ ftq+Rq4kyu17o4BA+jHShdKFnZvtjznEzc/x/jkKGJ0Ds7psIXfbgCWIr/8qxm72aYH3 xxCHoO0f4aPSNCUrAmQJVqUqC2VH24ZNWk8VRLql+XYG5cybiv2voNIAlaiyo3dIlNmm o2gB7QnTg+DmTAYcQgj+wqfPlIPukJWEHhgObU27/Vttocr6zuKDSL477oOsI8Vv6Fxx xsAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=HGems0LCutp5I0DpH5X2WCkyCBJQupMG00wPWcmhl58=; b=pltqI6I0K8ZhoS4JJ7G7hpriP1SpzFu5ur3T7KzT+EIC9j7nOlLAaqcRefDhNeTvbR N4Rqw+NVDkI5ONvael/0AP1H8IIBAsbJJxTR1zUrG7yGVyMgRADuT+63YhVf3BrKSM4K Mk9XJyPATkPt1sPj0MWZuvpNOeCKfQE6CPLIF6IVcoMoOHFIaR70NTJF6+ljoF3u1VBR IzecoSl0pG6t2KKH1gKzx3nvCLXV3feKlkQSvEfC3fciDTiAlFXCoTfOz3BzxJ5hcOux UXVgm6uNsv94SC2p/9y6sLka/kOh3sSTpiJ7UzT+r8wmaDfM/Q59DzqZ+PwrQ5/P6de+ SEZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HPCQ6TE7; spf=pass (google.com: domain of mptcp+bounces-6027-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 139.178.88.99 as permitted sender) smtp.mailfrom="mptcp+bounces-6027-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d8-20020a170903230800b0016c049ada3csi5968413plh.454.2022.07.15.04.11.13 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Jul 2022 04:11:13 -0700 (PDT) Received-SPF: pass (google.com: domain of mptcp+bounces-6027-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HPCQ6TE7; spf=pass (google.com: domain of mptcp+bounces-6027-wpasupplicant.patchew=gmail.com@lists.linux.dev designates 139.178.88.99 as permitted sender) smtp.mailfrom="mptcp+bounces-6027-wpasupplicant.patchew=gmail.com@lists.linux.dev"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7F742280CC9 for ; Fri, 15 Jul 2022 11:11:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 785E12F3A; Fri, 15 Jul 2022 11:11:11 +0000 (UTC) X-Original-To: mptcp@lists.linux.dev Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 065122F34 for ; Fri, 15 Jul 2022 11:11:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1657883468; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HGems0LCutp5I0DpH5X2WCkyCBJQupMG00wPWcmhl58=; b=HPCQ6TE7D992oZ+98auVw5TD9dt1BymlC2rY2j6gofgYDxAzAmp7RGJeUpudoFUVaXeRTd OTDDAiXC+IfOnbtPqnh8eYe9vN9JBTcpdVsL+K6kJaPgtF2V3Q+n0/915AZuw0OldAPDxb 5DzxtPxBgRrHD2F95xYR48bf2EasrLY= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-611-Gla4HKhUMgaOuHH_pApMWg-1; Fri, 15 Jul 2022 07:11:07 -0400 X-MC-Unique: Gla4HKhUMgaOuHH_pApMWg-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 76C153C0E21E; Fri, 15 Jul 2022 11:11:07 +0000 (UTC) Received: from gerbillo.redhat.com (unknown [10.39.193.99]) by smtp.corp.redhat.com (Postfix) with ESMTP id D10802166B26; Fri, 15 Jul 2022 11:11:06 +0000 (UTC) From: Paolo Abeni To: mptcp@lists.linux.dev Cc: phind.uet@gmail.com Subject: [PATCH mptcp-net] mptcp: move subflow cleanup in mptcp_destroy_common() Date: Fri, 15 Jul 2022 13:10:44 +0200 Message-Id: Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pabeni@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8"; x-default="true" If the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE eBPF program, the MPTCP protocol ends-up leaking all the subflows: the related cleanup happens in __mptcp_destroy_sock() that is not invoked in such code path. Address the issue moving the subflow sockets cleanup in the mptcp_destroy_common() helper, which is invoked in every msk cleanup path. Additionally get rid of the intermediate list_splice_init step, which is an unneeded relic from the past. The issue is present since before the reported root cause commit, but any attempt to backport the fix before that hash will require a complete rewrite. Fixes: e16163b6e2 ("mptcp: refactor shutdown and close") Reported-by: Nguyen Dinh Phi Co-developed-by: Nguyen Dinh Phi Signed-off-by: Nguyen Dinh Phi Signed-off-by: Paolo Abeni Reviewed-by: Mat Martineau --- The tags are provisional, waiting for Nguyen feedback/preferences. Sending out early to trigger the CI. This will need likely some staging period. "mptcp: add mptcp_for_each_subflow_safe helper" needs to be rebased on top of this (we can replace another list_for_each_safe instance) --- net/mptcp/protocol.c | 39 +++++++++++++++------------------------ net/mptcp/protocol.h | 2 +- net/mptcp/subflow.c | 3 ++- 3 files changed, 18 insertions(+), 26 deletions(-) diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 21a3ed64226e..6f3324955355 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -2804,30 +2804,16 @@ static void __mptcp_wr_shutdown(struct sock *sk) =20 static void __mptcp_destroy_sock(struct sock *sk) { - struct mptcp_subflow_context *subflow, *tmp; struct mptcp_sock *msk =3D mptcp_sk(sk); - LIST_HEAD(conn_list); =20 pr_debug("msk=3D%p", msk); =20 might_sleep(); =20 - /* join list will be eventually flushed (with rst) at sock lock release t= ime*/ - list_splice_init(&msk->conn_list, &conn_list); - mptcp_stop_timer(sk); sk_stop_timer(sk, &sk->sk_timer); msk->pm.status =3D 0; =20 - /* clears msk->subflow, allowing the following loop to close - * even the initial subflow - */ - mptcp_dispose_initial_subflow(msk); - list_for_each_entry_safe(subflow, tmp, &conn_list, node) { - struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); - __mptcp_close_ssk(sk, ssk, subflow, 0); - } - sk->sk_prot->destroy(sk); =20 WARN_ON_ONCE(msk->rmem_fwd_alloc); @@ -2919,24 +2905,20 @@ static void mptcp_copy_inaddrs(struct sock *msk, co= nst struct sock *ssk) =20 static int mptcp_disconnect(struct sock *sk, int flags) { - struct mptcp_subflow_context *subflow, *tmp; struct mptcp_sock *msk =3D mptcp_sk(sk); =20 inet_sk_state_store(sk, TCP_CLOSE); =20 - list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) { - struct sock *ssk =3D mptcp_subflow_tcp_sock(subflow); - - __mptcp_close_ssk(sk, ssk, subflow, MPTCP_CF_FASTCLOSE); - } - mptcp_stop_timer(sk); sk_stop_timer(sk, &sk->sk_timer); =20 if (mptcp_sk(sk)->token) mptcp_event(MPTCP_EVENT_CLOSED, mptcp_sk(sk), NULL, GFP_KERNEL); =20 - mptcp_destroy_common(msk); + /* msk->subflow is still intact, the following will not free the first + * subflow + */ + mptcp_destroy_common(msk, MPTCP_CF_FASTCLOSE); msk->last_snd =3D NULL; WRITE_ONCE(msk->flags, 0); msk->cb_flags =3D 0; @@ -3086,12 +3068,17 @@ static struct sock *mptcp_accept(struct sock *sk, i= nt flags, int *err, return newsk; } =20 -void mptcp_destroy_common(struct mptcp_sock *msk) +void mptcp_destroy_common(struct mptcp_sock *msk, unsigned int flags) { + struct mptcp_subflow_context *subflow, *tmp; struct sock *sk =3D (struct sock *)msk; =20 __mptcp_clear_xmit(sk); =20 + /* join list will be eventually flushed (with rst) at sock lock release t= ime */ + list_for_each_entry_safe(subflow, tmp, &msk->conn_list, node) + __mptcp_close_ssk(sk, mptcp_subflow_tcp_sock(subflow), subflow, flags); + /* move to sk_receive_queue, sk_stream_kill_queues will purge it */ mptcp_data_lock(sk); skb_queue_splice_tail_init(&msk->receive_queue, &sk->sk_receive_queue); @@ -3113,7 +3100,11 @@ static void mptcp_destroy(struct sock *sk) { struct mptcp_sock *msk =3D mptcp_sk(sk); =20 - mptcp_destroy_common(msk); + /* clears msk->subflow, allowing the following to close + * even the initial subflow + */ + mptcp_dispose_initial_subflow(msk); + mptcp_destroy_common(msk, 0); sk_sockets_allocated_dec(sk); } =20 diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 480c5320b86e..78c8c471b22e 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -718,7 +718,7 @@ static inline void mptcp_write_space(struct sock *sk) } } =20 -void mptcp_destroy_common(struct mptcp_sock *msk); +void mptcp_destroy_common(struct mptcp_sock *msk, unsigned int flags); =20 #define MPTCP_TOKEN_MAX_RETRIES 4 =20 diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 63e8892ec807..fc4ceb02328d 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -621,7 +621,8 @@ static void mptcp_sock_destruct(struct sock *sk) sock_orphan(sk); } =20 - mptcp_destroy_common(mptcp_sk(sk)); + /* We don't need to clear msk->subflow, as it's still NULL at this point = */ + mptcp_destroy_common(mptcp_sk(sk), 0); inet_sock_destruct(sk); } =20 --=20 2.35.3