From nobody Tue Oct 7 00:21:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B9ACB2F4331 for ; Wed, 16 Jul 2025 11:53:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666806; cv=none; b=FcnlAmrXlyp22SRa8j/VGHj9KhsOtmBgfCEzWXv4GXvBtYzwC0X6h0caxMEGzBTX1E4cV4F16xq1KFjipYwlLCoYMBHSB6L9npIK9Ugief59txxqw0IGi587fKZsMPZ+F8QhZh9OIneP5qxB6YykEK0k7Bc1ur+JbwgE0g0V79E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666806; c=relaxed/simple; bh=TQIHlEcSKGtLiz2zsMO14h59IGGtrgkWgRByjfrGNm4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=X04mZSbqo5+NF3y7xY3Y4ioWY6V/9FVKCQECU4cUAokZWvoHrnSFg70OEHBEwJ9JLwBjOML1cke40zBCqbXXCrcP6qYRJvIwnpFxzp2J0fX0Oi98a1o/i5OjWEXQw51GW6hXy192BJTmwPoK7mzBGpmt7zTTVJFFvSja0GbYsxg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=LkBjbBOB; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="LkBjbBOB" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752666803; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e3FL5KeZTGvNky3nE8CMUmDsedmN1uj7FKzFsp/P6KI=; b=LkBjbBOBTuwtw28WngpmjnBu39w8AR1XMcJsHP99HSUD7IeeHTNQIISdzKppWiRN7QudZw Rq6OGBbw358YvPo+uG44tdUI+xWhKG2qWKPf6rL8KZzc83YbKuI8woVe73EzQnCeKMEqYg 5jar8ew5lorTR9vwluxqvR/Jz9HHzkg= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-678-l5NudYoINUqG2ocyzw9oVA-1; Wed, 16 Jul 2025 07:53:22 -0400 X-MC-Unique: l5NudYoINUqG2ocyzw9oVA-1 X-Mimecast-MFC-AGG-ID: l5NudYoINUqG2ocyzw9oVA_1752666800 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id EC58F19560AD; Wed, 16 Jul 2025 11:53:19 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.2]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 48850300019F; Wed, 16 Jul 2025 11:53:14 +0000 (UTC) From: David Howells To: netdev@vger.kernel.org Cc: David Howells , Marc Dionne , Jakub Kicinski , "David S. Miller" , Eric Dumazet , Paolo Abeni , linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org, Jeffrey Altman , "Junvyyang, Tencent Zhuque Lab" , LePremierHomme , Simon Horman , stable@vger.kernel.org Subject: [PATCH net 1/5] rxrpc: Fix irq-disabled in local_bh_enable() Date: Wed, 16 Jul 2025 12:53:00 +0100 Message-ID: <20250716115307.3572606-2-dhowells@redhat.com> In-Reply-To: <20250716115307.3572606-1-dhowells@redhat.com> References: <20250716115307.3572606-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 Content-Type: text/plain; charset="utf-8" The rxrpc_assess_MTU_size() function calls down into the IP layer to find out the MTU size for a route. When accepting an incoming call, this is called from rxrpc_new_incoming_call() which holds interrupts disabled across the code that calls down to it. Unfortunately, the IP layer uses local_bh_enable() which, config dependent, throws a warning if IRQs are enabled: WARNING: CPU: 1 PID: 5544 at kernel/softirq.c:387 __local_bh_enable_ip+0x43= /0xd0 ... RIP: 0010:__local_bh_enable_ip+0x43/0xd0 ... Call Trace: rt_cache_route+0x7e/0xa0 rt_set_nexthop.isra.0+0x3b3/0x3f0 __mkroute_output+0x43a/0x460 ip_route_output_key_hash+0xf7/0x140 ip_route_output_flow+0x1b/0x90 rxrpc_assess_MTU_size.isra.0+0x2a0/0x590 rxrpc_new_incoming_peer+0x46/0x120 rxrpc_alloc_incoming_call+0x1b1/0x400 rxrpc_new_incoming_call+0x1da/0x5e0 rxrpc_input_packet+0x827/0x900 rxrpc_io_thread+0x403/0xb60 kthread+0x2f7/0x310 ret_from_fork+0x2a/0x230 ret_from_fork_asm+0x1a/0x30 ... hardirqs last enabled at (23): _raw_spin_unlock_irq+0x24/0x50 hardirqs last disabled at (24): _raw_read_lock_irq+0x17/0x70 softirqs last enabled at (0): copy_process+0xc61/0x2730 softirqs last disabled at (25): rt_add_uncached_list+0x3c/0x90 Fix this by moving the call to rxrpc_assess_MTU_size() out of rxrpc_init_peer() and further up the stack where it can be done without interrupts disabled. It shouldn't be a problem for rxrpc_new_incoming_call() to do it after the locks are dropped as pmtud is going to be performed by the I/O thread - and we're in the I/O thread at this point. Fixes: a2ea9a907260 ("rxrpc: Use irq-disabling spinlocks between app and I/= O thread") Signed-off-by: David Howells Reviewed-by: Jeffrey Altman cc: Marc Dionne cc: Junvyyang, Tencent Zhuque Lab cc: LePremierHomme cc: Jakub Kicinski cc: Paolo Abeni cc: "David S. Miller" cc: Eric Dumazet cc: Simon Horman cc: linux-afs@lists.infradead.org cc: netdev@vger.kernel.org cc: stable@vger.kernel.org --- net/rxrpc/ar-internal.h | 1 + net/rxrpc/call_accept.c | 1 + net/rxrpc/peer_object.c | 6 ++---- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index 376e33dce8c1..df1a618dbf7d 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -1383,6 +1383,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc= _local *, const struct sockaddr_rxrpc *); struct rxrpc_peer *rxrpc_lookup_peer(struct rxrpc_local *local, struct sockaddr_rxrpc *srx, gfp_t gfp); +void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *p= eer); struct rxrpc_peer *rxrpc_alloc_peer(struct rxrpc_local *, gfp_t, enum rxrpc_peer_trace); void rxrpc_new_incoming_peer(struct rxrpc_local *local, struct rxrpc_peer = *peer); diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index 49fccee1a726..226b4bf82747 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -406,6 +406,7 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, =20 spin_unlock(&rx->incoming_lock); read_unlock_irq(&local->services_lock); + rxrpc_assess_MTU_size(local, call->peer); =20 if (hlist_unhashed(&call->error_link)) { spin_lock_irq(&call->peer->lock); diff --git a/net/rxrpc/peer_object.c b/net/rxrpc/peer_object.c index e2f35e6c04d6..366431b0736c 100644 --- a/net/rxrpc/peer_object.c +++ b/net/rxrpc/peer_object.c @@ -149,8 +149,7 @@ struct rxrpc_peer *rxrpc_lookup_peer_rcu(struct rxrpc_l= ocal *local, * assess the MTU size for the network interface through which this peer is * reached */ -static void rxrpc_assess_MTU_size(struct rxrpc_local *local, - struct rxrpc_peer *peer) +void rxrpc_assess_MTU_size(struct rxrpc_local *local, struct rxrpc_peer *p= eer) { struct net *net =3D local->net; struct dst_entry *dst; @@ -277,8 +276,6 @@ static void rxrpc_init_peer(struct rxrpc_local *local, = struct rxrpc_peer *peer, =20 peer->hdrsize +=3D sizeof(struct rxrpc_wire_header); peer->max_data =3D peer->if_mtu - peer->hdrsize; - - rxrpc_assess_MTU_size(local, peer); } =20 /* @@ -297,6 +294,7 @@ static struct rxrpc_peer *rxrpc_create_peer(struct rxrp= c_local *local, if (peer) { memcpy(&peer->srx, srx, sizeof(*srx)); rxrpc_init_peer(local, peer, hash_key); + rxrpc_assess_MTU_size(local, peer); } =20 _leave(" =3D %p", peer); From nobody Tue Oct 7 00:21:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A65102F4304 for ; Wed, 16 Jul 2025 11:53:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666816; cv=none; b=mgZjlwE1+PKLvPwBsh4nHbgfHwa/o+UY+EREMTHJIyADzlzv7mUOcTkTUb9qZ5RiQRby12FLzQI8b/HmbCIPd41D3Uq/CammyI0S7yIIvUzkO9tHDdH4nU5FMg16ywT+O3HMNb7SmhJS8l9cx2XnFuEV/s6BA+PNSUc+u2BMr48= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666816; c=relaxed/simple; bh=cZ8irNic4FTGtFo1LMyLVUp2/0Pa4N8ydx4JnEJfWi0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=N3AQGtIft+ipNwfnUlNIwDQVJ1nckUppPSNkmw5b/76n8w49tQq88OJC49cwc+kTnnB93ZnTg580BoWoOaPwUihNabSi+URD7RGTw5dVvEkANBRS5R0aAbpOHjCJ4bVSGiyA2MIcaoISAkx4v9Atmiu2YdV5nqnWbhIVD8dR3KE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dGREmr+A; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dGREmr+A" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752666813; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=acf6yBSPWIsxVjKSsMYGcadGErSbHyVH0MQzJet8aFE=; b=dGREmr+Ahnh9vAQ+wOkbnC8hwOSliikCEOskP1LCeCyZDg52nlk3VZnxTAWZ8GFITi/5Yp fNNdbIz8pJFGDGrNoKxxfBdil6bzNwWl24uff9EeEjz1l5tKYlSTo5ZDz6Dm8AkqBtH7UP FNGgKAkSpxrGGe0/C9v0wRNhmcdz9lc= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-374-XEeWW6mbMQSSrhwznOISFQ-1; Wed, 16 Jul 2025 07:53:27 -0400 X-MC-Unique: XEeWW6mbMQSSrhwznOISFQ-1 X-Mimecast-MFC-AGG-ID: XEeWW6mbMQSSrhwznOISFQ_1752666805 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 61B6B180028D; Wed, 16 Jul 2025 11:53:25 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.2]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 94768180049D; Wed, 16 Jul 2025 11:53:21 +0000 (UTC) From: David Howells To: netdev@vger.kernel.org Cc: David Howells , Marc Dionne , Jakub Kicinski , "David S. Miller" , Eric Dumazet , Paolo Abeni , linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org, "Junvyyang, Tencent Zhuque Lab" , Jeffrey Altman , LePremierHomme , Simon Horman , stable@vger.kernel.org Subject: [PATCH net 2/5] rxrpc: Fix recv-recv race of completed call Date: Wed, 16 Jul 2025 12:53:01 +0100 Message-ID: <20250716115307.3572606-3-dhowells@redhat.com> In-Reply-To: <20250716115307.3572606-1-dhowells@redhat.com> References: <20250716115307.3572606-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Content-Type: text/plain; charset="utf-8" If a call receives an event (such as incoming data), the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up the call off of the queue, further events will cause it to be requeued, and once the socket lock is dropped (recvmsg uses call->user_mutex to allow the socket to be used in parallel), a second thread can come in and its recvmsg can pop the call off the socket queue again. In such a case, the first thread will be receiving stuff from the call and the second thread will be blocked on call->user_mutex. The first thread can, at this point, process both the event that it picked call for and the event that the second thread picked the call for and may see the call terminate - in which case the call will be "released", decoupling the call from the user call ID assigned to it (RXRPC_USER_CALL_ID in the control message). The first thread will return okay, but then the second thread will wake up holding the user_mutex and, if it sees that the call has been released by the first thread, it will BUG thusly: kernel BUG at net/rxrpc/recvmsg.c:474! Fix this by just dequeuing the call and ignoring it if it is seen to be already released. We can't tell userspace about it anyway as the user call ID has become stale. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Reported-by: Junvyyang, Tencent Zhuque Lab Signed-off-by: David Howells Reviewed-by: Jeffrey Altman cc: LePremierHomme cc: Marc Dionne cc: Jakub Kicinski cc: Paolo Abeni cc: "David S. Miller" cc: Eric Dumazet cc: Simon Horman cc: linux-afs@lists.infradead.org cc: netdev@vger.kernel.org cc: stable@vger.kernel.org --- include/trace/events/rxrpc.h | 3 +++ net/rxrpc/call_accept.c | 1 + net/rxrpc/recvmsg.c | 19 +++++++++++++++++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index 378d2dfc7392..e7dcfb1369b6 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -330,12 +330,15 @@ EM(rxrpc_call_put_userid, "PUT user-id ") \ EM(rxrpc_call_see_accept, "SEE accept ") \ EM(rxrpc_call_see_activate_client, "SEE act-clnt") \ + EM(rxrpc_call_see_already_released, "SEE alrdy-rl") \ EM(rxrpc_call_see_connect_failed, "SEE con-fail") \ EM(rxrpc_call_see_connected, "SEE connect ") \ EM(rxrpc_call_see_conn_abort, "SEE conn-abt") \ + EM(rxrpc_call_see_discard, "SEE discard ") \ EM(rxrpc_call_see_disconnected, "SEE disconn ") \ EM(rxrpc_call_see_distribute_error, "SEE dist-err") \ EM(rxrpc_call_see_input, "SEE input ") \ + EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \ EM(rxrpc_call_see_release, "SEE release ") \ EM(rxrpc_call_see_userid_exists, "SEE u-exists") \ EM(rxrpc_call_see_waiting_call, "SEE q-conn ") \ diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index 226b4bf82747..a4d76f2da684 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -219,6 +219,7 @@ void rxrpc_discard_prealloc(struct rxrpc_sock *rx) tail =3D b->call_backlog_tail; while (CIRC_CNT(head, tail, size) > 0) { struct rxrpc_call *call =3D b->call_backlog[tail]; + rxrpc_see_call(call, rxrpc_call_see_discard); rcu_assign_pointer(call->socket, rx); if (rx->app_ops && rx->app_ops->discard_new_call) { diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c index 86a27fb55a1c..6990e37697de 100644 --- a/net/rxrpc/recvmsg.c +++ b/net/rxrpc/recvmsg.c @@ -447,6 +447,16 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *= msg, size_t len, goto try_again; } =20 + rxrpc_see_call(call, rxrpc_call_see_recvmsg); + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_already_released); + list_del_init(&call->recvmsg_link); + spin_unlock_irq(&rx->recvmsg_lock); + release_sock(&rx->sk); + trace_rxrpc_recvmsg(call->debug_id, rxrpc_recvmsg_unqueue, 0); + rxrpc_put_call(call, rxrpc_call_put_recvmsg); + goto try_again; + } if (!(flags & MSG_PEEK)) list_del_init(&call->recvmsg_link); else @@ -470,8 +480,13 @@ int rxrpc_recvmsg(struct socket *sock, struct msghdr *= msg, size_t len, =20 release_sock(&rx->sk); =20 - if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) - BUG(); + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_already_released); + mutex_unlock(&call->user_mutex); + if (!(flags & MSG_PEEK)) + rxrpc_put_call(call, rxrpc_call_put_recvmsg); + goto try_again; + } =20 ret =3D rxrpc_recvmsg_user_id(call, msg, flags); if (ret < 0) From nobody Tue Oct 7 00:21:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE9432F530E for ; Wed, 16 Jul 2025 11:53:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666821; cv=none; b=X0/l8XnSOUkhiCCru1Z4rDXHvkfHysQE/yK7NAWOfGBg/js+8qugA6/P5O6bRCgK9cCeePIGCL2JkrPuR4MsW8Da6cmW/awbTJ+7QN4Guwny5LUN/oWFBW9+dHohLOaM4cXN49QN/SQgwUnlmWLBYrPCeCnUtSdu4Db19OMPqFs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666821; c=relaxed/simple; bh=kxPDExPr8WzFtwp2CAYZUkI+J0/aSZQo8Yo3fn/tlAE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HETyVMjr7Cwr+TvVJhCo3ltijmnoO3/bjAxvsFwnmkqJ9W5yWNxRRPhAKP1H4bq2iUBbF8UBXNa8vs1Ud0VZy+1WXEdRK38lCV+dddfR/u+ihbizo/wq/leymhIS8T1ZkJGPt7wRyXeD/s0UCV1bd3/ydRKxECBuLCun/0kTenM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=AKCL7h7E; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="AKCL7h7E" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752666818; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=alqagcA8qm7tV7k+VaWyE3zDGEEqieSJG2qiqM3mGVU=; b=AKCL7h7EuYRk1avgaA6Dx3xaZRkCgbnFFk9nhi3i/Prkm4g5CjSCDYjEGPHK4gyiV3j+ue 8vqaxW6AIdhhoNJQ20RDmzN9WVnW1Wnv3rSZihRoz4WzWnM/B3nT/k3dVP2k5MZFQgAFUo jOFRyAr40lo55XTbM3nF+tV0XJKRkoA= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-339-edIDqAw5MEK5Wan6GXWJ8A-1; Wed, 16 Jul 2025 07:53:34 -0400 X-MC-Unique: edIDqAw5MEK5Wan6GXWJ8A-1 X-Mimecast-MFC-AGG-ID: edIDqAw5MEK5Wan6GXWJ8A_1752666811 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id BEAB4180048E; Wed, 16 Jul 2025 11:53:30 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.2]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D433A1800D82; Wed, 16 Jul 2025 11:53:26 +0000 (UTC) From: David Howells To: netdev@vger.kernel.org Cc: David Howells , Marc Dionne , Jakub Kicinski , "David S. Miller" , Eric Dumazet , Paolo Abeni , linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org, Jeffrey Altman , "Junvyyang, Tencent Zhuque Lab" , LePremierHomme , Simon Horman , stable@vger.kernel.org Subject: [PATCH net 3/5] rxrpc: Fix notification vs call-release vs recvmsg Date: Wed, 16 Jul 2025 12:53:02 +0100 Message-ID: <20250716115307.3572606-4-dhowells@redhat.com> In-Reply-To: <20250716115307.3572606-1-dhowells@redhat.com> References: <20250716115307.3572606-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" When a call is released, rxrpc takes the spinlock and removes it from ->recvmsg_q in an effort to prevent racing recvmsg() invocations from seeing the same call. Now, rxrpc_recvmsg() only takes the spinlock when actually removing a call from the queue; it doesn't, however, take it in the lead up to that when it checks to see if the queue is empty. It *does* hold the socket lock, which prevents a recvmsg/recvmsg race - but this doesn't prevent sendmsg from ending the call because sendmsg() drops the socket lock and relies on the call->user_mutex. Fix this by firstly removing the bit in rxrpc_release_call() that dequeues the released call and, instead, rely on recvmsg() to simply discard released calls (done in a preceding fix). Secondly, rxrpc_notify_socket() is abandoned if the call is already marked as released rather than trying to be clever by setting both pointers in call->recvmsg_link to NULL to trick list_empty(). This isn't perfect and can still race, resulting in a released call on the queue, but recvmsg() will now clean that up. Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by u= serspace and kernel both") Signed-off-by: David Howells Reviewed-by: Jeffrey Altman cc: Marc Dionne cc: Junvyyang, Tencent Zhuque Lab cc: LePremierHomme cc: Jakub Kicinski cc: Paolo Abeni cc: "David S. Miller" cc: Eric Dumazet cc: Simon Horman cc: linux-afs@lists.infradead.org cc: netdev@vger.kernel.org cc: stable@vger.kernel.org --- include/trace/events/rxrpc.h | 2 +- net/rxrpc/call_object.c | 28 ++++++++++++---------------- net/rxrpc/recvmsg.c | 4 ++++ 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index e7dcfb1369b6..8e5a73eb5268 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -325,7 +325,6 @@ EM(rxrpc_call_put_release_sock, "PUT rls-sock") \ EM(rxrpc_call_put_release_sock_tba, "PUT rls-sk-a") \ EM(rxrpc_call_put_sendmsg, "PUT sendmsg ") \ - EM(rxrpc_call_put_unnotify, "PUT unnotify") \ EM(rxrpc_call_put_userid_exists, "PUT u-exists") \ EM(rxrpc_call_put_userid, "PUT user-id ") \ EM(rxrpc_call_see_accept, "SEE accept ") \ @@ -338,6 +337,7 @@ EM(rxrpc_call_see_disconnected, "SEE disconn ") \ EM(rxrpc_call_see_distribute_error, "SEE dist-err") \ EM(rxrpc_call_see_input, "SEE input ") \ + EM(rxrpc_call_see_notify_released, "SEE nfy-rlsd") \ EM(rxrpc_call_see_recvmsg, "SEE recvmsg ") \ EM(rxrpc_call_see_release, "SEE release ") \ EM(rxrpc_call_see_userid_exists, "SEE u-exists") \ diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c index 15067ff7b1f2..918f41d97a2f 100644 --- a/net/rxrpc/call_object.c +++ b/net/rxrpc/call_object.c @@ -561,7 +561,7 @@ static void rxrpc_cleanup_rx_buffers(struct rxrpc_call = *call) void rxrpc_release_call(struct rxrpc_sock *rx, struct rxrpc_call *call) { struct rxrpc_connection *conn =3D call->conn; - bool put =3D false, putu =3D false; + bool putu =3D false; =20 _enter("{%d,%d}", call->debug_id, refcount_read(&call->ref)); =20 @@ -573,23 +573,13 @@ void rxrpc_release_call(struct rxrpc_sock *rx, struct= rxrpc_call *call) =20 rxrpc_put_call_slot(call); =20 - /* Make sure we don't get any more notifications */ + /* Note that at this point, the call may still be on or may have been + * added back on to the socket receive queue. recvmsg() must discard + * released calls. The CALL_RELEASED flag should prevent further + * notifications. + */ spin_lock_irq(&rx->recvmsg_lock); - - if (!list_empty(&call->recvmsg_link)) { - _debug("unlinking once-pending call %p { e=3D%lx f=3D%lx }", - call, call->events, call->flags); - list_del(&call->recvmsg_link); - put =3D true; - } - - /* list_empty() must return false in rxrpc_notify_socket() */ - call->recvmsg_link.next =3D NULL; - call->recvmsg_link.prev =3D NULL; - spin_unlock_irq(&rx->recvmsg_lock); - if (put) - rxrpc_put_call(call, rxrpc_call_put_unnotify); =20 write_lock(&rx->call_lock); =20 @@ -638,6 +628,12 @@ void rxrpc_release_calls_on_socket(struct rxrpc_sock *= rx) rxrpc_put_call(call, rxrpc_call_put_release_sock); } =20 + while ((call =3D list_first_entry_or_null(&rx->recvmsg_q, + struct rxrpc_call, recvmsg_link))) { + list_del_init(&call->recvmsg_link); + rxrpc_put_call(call, rxrpc_call_put_release_recvmsg_q); + } + _leave(""); } =20 diff --git a/net/rxrpc/recvmsg.c b/net/rxrpc/recvmsg.c index 6990e37697de..7fa7e77f6bb9 100644 --- a/net/rxrpc/recvmsg.c +++ b/net/rxrpc/recvmsg.c @@ -29,6 +29,10 @@ void rxrpc_notify_socket(struct rxrpc_call *call) =20 if (!list_empty(&call->recvmsg_link)) return; + if (test_bit(RXRPC_CALL_RELEASED, &call->flags)) { + rxrpc_see_call(call, rxrpc_call_see_notify_released); + return; + } =20 rcu_read_lock(); From nobody Tue Oct 7 00:21:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D7032F49EF for ; Wed, 16 Jul 2025 11:53:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666828; cv=none; b=TlzOqo5Oriw6kI2CWHTEySbaoTlqMLqmTokP5Rx+ubNMDE29OgYYbLAM1raNfdqk/4Zlyq321BdJ34mkCtQDm8E/0afq4vDuUIn4s0BxZ74mnKWXnRbES1ABJ3DMM9csPRjP/qKuf5T9NwtOkZzJ2+PdlTx3jmRSmpzN/UsPDHs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666828; c=relaxed/simple; bh=VqkAKQ06zuDBxT1InigwkYWey8fIft48GLNxeyinELw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ARnbjTkUUtBCPVMiZhKbg9asT9ri4rk5h/UhPaHPKBsSwUGyPxbq+pVJB1s13meVuukB0OqQ8l6fDRHgd1uKphrEKY8ZVO7Zl3ImXGiXnjt9TeXMMHDB7ERUPYwweWYFr5ngTSMvUMXmeg8SEHDJg2JwBheYATEMyx/aSoboyK4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=QTf3AhTW; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="QTf3AhTW" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752666825; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SAficW741eLddPXCBV20kWATJLxNZFQgJW7lDxysDlw=; b=QTf3AhTWqBeDLdVjgChcyhqGC7Ofw/pHn+mKstEmitL8ZlO55/pmLj1+AZp9AVCIOzeS+G c0RMvsHdz1naK+Z70e+rs5/AXYvSpb6oDaSewA0HEs6Kq+wqMz4IC/BrFg2QHnELbYJWJA 9KUp2Xb0u9z8NjHKljzE3MJ2HxCX1oY= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-400-9ovwdBxtMwCuI_sE_bpvEg-1; Wed, 16 Jul 2025 07:53:39 -0400 X-MC-Unique: 9ovwdBxtMwCuI_sE_bpvEg-1 X-Mimecast-MFC-AGG-ID: 9ovwdBxtMwCuI_sE_bpvEg_1752666817 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 7EFE81800291; Wed, 16 Jul 2025 11:53:36 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.2]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 395D11800D82; Wed, 16 Jul 2025 11:53:32 +0000 (UTC) From: David Howells To: netdev@vger.kernel.org Cc: David Howells , Marc Dionne , Jakub Kicinski , "David S. Miller" , Eric Dumazet , Paolo Abeni , linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org, Jeffrey Altman , "Junvyyang, Tencent Zhuque Lab" , LePremierHomme , Linus Torvalds , Simon Horman , stable@vger.kernel.org Subject: [PATCH net 4/5] rxrpc: Fix transmission of an abort in response to an abort Date: Wed, 16 Jul 2025 12:53:03 +0100 Message-ID: <20250716115307.3572606-5-dhowells@redhat.com> In-Reply-To: <20250716115307.3572606-1-dhowells@redhat.com> References: <20250716115307.3572606-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Under some circumstances, such as when a server socket is closing, ABORT packets will be generated in response to incoming packets. Unfortunately, this also may include generating aborts in response to incoming aborts - which may cause a cycle. It appears this may be made possible by giving the client a multicast address. Fix this such that rxrpc_reject_packet() will refuse to generate aborts in response to aborts. Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code") Signed-off-by: David Howells Reviewed-by: Jeffrey Altman cc: Marc Dionne cc: Junvyyang, Tencent Zhuque Lab cc: LePremierHomme cc: Linus Torvalds cc: Jakub Kicinski cc: Paolo Abeni cc: "David S. Miller" cc: Eric Dumazet cc: Simon Horman cc: linux-afs@lists.infradead.org cc: netdev@vger.kernel.org cc: stable@vger.kernel.org --- net/rxrpc/output.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c index ef7b3096c95e..17c33b5cf7dd 100644 --- a/net/rxrpc/output.c +++ b/net/rxrpc/output.c @@ -814,6 +814,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, str= uct sk_buff *skb) __be32 code; int ret, ioc; =20 + if (sp->hdr.type =3D=3D RXRPC_PACKET_TYPE_ABORT) + return; /* Never abort an abort. */ + rxrpc_see_skb(skb, rxrpc_skb_see_reject); =20 iov[0].iov_base =3D &whdr; From nobody Tue Oct 7 00:21:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F0E22F5321 for ; Wed, 16 Jul 2025 11:53:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666828; cv=none; b=Q9QjPNpin4dNT8cBybvvzBn+qBQxyX+YBUrtt/sjGmhmqrld7iGqtET+8XFQkfbwdZS0J7tyXcfLn1PLB+Zc3pdkU9MwLF0fpisknxCObY1CDEWu4WzQGyCH+3WHAMQfn6/hBH48L3/5YmlV1fGiBGwDGyoz58OyyvfH8ZgCUzQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1752666828; c=relaxed/simple; bh=2KW2U/A4gk5SgRyGyeIXAj3+QH8TPX34JpTVHS++XsU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=R9PzYD+RAJc3D4fhkfUH0rtv0fooRqodUmc4nl2/urntbROUW1xonu2ZrIYsQ61hB4R7fP79jegUvaptpGNHWJzmumYr+10k/g+O+s9dQpdfvuKetFlAIKnjKPPMNfmDLeS0lXKmtE0zFwXTLBTRRWv4Ori/t6Omwsy/UGdmRtA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=BPnV4TPO; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="BPnV4TPO" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752666826; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gTjUnh8vzEtgGLxjFhakJRJqQjzQoh5z0pfGHbTFfL8=; b=BPnV4TPOfPPrUVN21yQcCFEgZMLursy8/xL8zcmR9BCLjdGiYBVxVc+PWaIVnEBFjHHAu/ ufIw6hbKWeYTfb3BlBmgdrIvaIazF7g/6Y/hDASc7iTNqCoCV2Bw3PICTdjfLdsU/LTD2c WPAeC4pHGDssgtnVu12bL+AKPWn67ck= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-228-Av5-SLWRMbG6gvHGAc7-Ig-1; Wed, 16 Jul 2025 07:53:42 -0400 X-MC-Unique: Av5-SLWRMbG6gvHGAc7-Ig-1 X-Mimecast-MFC-AGG-ID: Av5-SLWRMbG6gvHGAc7-Ig_1752666821 Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5B32419560AA; Wed, 16 Jul 2025 11:53:41 +0000 (UTC) Received: from warthog.procyon.org.com (unknown [10.42.28.2]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 1E5DD195E772; Wed, 16 Jul 2025 11:53:37 +0000 (UTC) From: David Howells To: netdev@vger.kernel.org Cc: David Howells , Marc Dionne , Jakub Kicinski , "David S. Miller" , Eric Dumazet , Paolo Abeni , linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org, Jeffrey Altman , Simon Horman , stable@vger.kernel.org Subject: [PATCH net 5/5] rxrpc: Fix to use conn aborts for conn-wide failures Date: Wed, 16 Jul 2025 12:53:04 +0100 Message-ID: <20250716115307.3572606-6-dhowells@redhat.com> In-Reply-To: <20250716115307.3572606-1-dhowells@redhat.com> References: <20250716115307.3572606-1-dhowells@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 Content-Type: text/plain; charset="utf-8" Fix rxrpc to use connection-level aborts for things that affect the whole connection, such as the service ID not matching a local service. Fixes: 57af281e5389 ("rxrpc: Tidy up abort generation infrastructure") Reported-by: Jeffrey Altman Signed-off-by: David Howells Reviewed-by: Jeffrey Altman cc: Marc Dionne cc: Jakub Kicinski cc: Paolo Abeni cc: "David S. Miller" cc: Eric Dumazet cc: Simon Horman cc: linux-afs@lists.infradead.org cc: netdev@vger.kernel.org cc: stable@vger.kernel.org --- include/trace/events/rxrpc.h | 1 + net/rxrpc/ar-internal.h | 3 +++ net/rxrpc/call_accept.c | 12 ++++++------ net/rxrpc/io_thread.c | 14 ++++++++++++++ net/rxrpc/output.c | 19 ++++++++++--------- net/rxrpc/security.c | 8 ++++---- 6 files changed, 38 insertions(+), 19 deletions(-) diff --git a/include/trace/events/rxrpc.h b/include/trace/events/rxrpc.h index 8e5a73eb5268..de6f6d25767c 100644 --- a/include/trace/events/rxrpc.h +++ b/include/trace/events/rxrpc.h @@ -322,6 +322,7 @@ EM(rxrpc_call_put_kernel, "PUT kernel ") \ EM(rxrpc_call_put_poke, "PUT poke ") \ EM(rxrpc_call_put_recvmsg, "PUT recvmsg ") \ + EM(rxrpc_call_put_release_recvmsg_q, "PUT rls-rcmq") \ EM(rxrpc_call_put_release_sock, "PUT rls-sock") \ EM(rxrpc_call_put_release_sock_tba, "PUT rls-sk-a") \ EM(rxrpc_call_put_sendmsg, "PUT sendmsg ") \ diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index df1a618dbf7d..5b7342d43486 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -44,6 +44,7 @@ enum rxrpc_skb_mark { RXRPC_SKB_MARK_SERVICE_CONN_SECURED, /* Service connection response has b= een verified */ RXRPC_SKB_MARK_REJECT_BUSY, /* Reject with BUSY */ RXRPC_SKB_MARK_REJECT_ABORT, /* Reject with ABORT (code in skb->priority)= */ + RXRPC_SKB_MARK_REJECT_CONN_ABORT, /* Reject with connection ABORT (code i= n skb->priority) */ }; =20 /* @@ -1253,6 +1254,8 @@ int rxrpc_encap_rcv(struct sock *, struct sk_buff *); void rxrpc_error_report(struct sock *); bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_abort_reason why, s32 abort_code, int err); +bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason = why, + s32 abort_code, int err); int rxrpc_io_thread(void *data); void rxrpc_post_response(struct rxrpc_connection *conn, struct sk_buff *sk= b); static inline void rxrpc_wake_up_io_thread(struct rxrpc_local *local) diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index a4d76f2da684..00982a030744 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c @@ -374,8 +374,8 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *local, spin_lock(&rx->incoming_lock); if (rx->sk.sk_state =3D=3D RXRPC_SERVER_LISTEN_DISABLED || rx->sk.sk_state =3D=3D RXRPC_CLOSE) { - rxrpc_direct_abort(skb, rxrpc_abort_shut_down, - RX_INVALID_OPERATION, -ESHUTDOWN); + rxrpc_direct_conn_abort(skb, rxrpc_abort_shut_down, + RX_INVALID_OPERATION, -ESHUTDOWN); goto no_call; } =20 @@ -422,12 +422,12 @@ bool rxrpc_new_incoming_call(struct rxrpc_local *loca= l, =20 unsupported_service: read_unlock_irq(&local->services_lock); - return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered, - RX_INVALID_OPERATION, -EOPNOTSUPP); + return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered, + RX_INVALID_OPERATION, -EOPNOTSUPP); unsupported_security: read_unlock_irq(&local->services_lock); - return rxrpc_direct_abort(skb, rxrpc_abort_service_not_offered, - RX_INVALID_OPERATION, -EKEYREJECTED); + return rxrpc_direct_conn_abort(skb, rxrpc_abort_service_not_offered, + RX_INVALID_OPERATION, -EKEYREJECTED); no_call: spin_unlock(&rx->incoming_lock); read_unlock_irq(&local->services_lock); diff --git a/net/rxrpc/io_thread.c b/net/rxrpc/io_thread.c index 27b650d30f4d..e939ecf417c4 100644 --- a/net/rxrpc/io_thread.c +++ b/net/rxrpc/io_thread.c @@ -97,6 +97,20 @@ bool rxrpc_direct_abort(struct sk_buff *skb, enum rxrpc_= abort_reason why, return false; } =20 +/* + * Directly produce a connection abort from a packet. + */ +bool rxrpc_direct_conn_abort(struct sk_buff *skb, enum rxrpc_abort_reason = why, + s32 abort_code, int err) +{ + struct rxrpc_skb_priv *sp =3D rxrpc_skb(skb); + + trace_rxrpc_abort(0, why, sp->hdr.cid, 0, sp->hdr.seq, abort_code, err); + skb->mark =3D RXRPC_SKB_MARK_REJECT_CONN_ABORT; + skb->priority =3D abort_code; + return false; +} + static bool rxrpc_bad_message(struct sk_buff *skb, enum rxrpc_abort_reason= why) { return rxrpc_direct_abort(skb, why, RX_PROTOCOL_ERROR, -EBADMSG); diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c index 17c33b5cf7dd..8b5903b6e481 100644 --- a/net/rxrpc/output.c +++ b/net/rxrpc/output.c @@ -829,7 +829,13 @@ void rxrpc_reject_packet(struct rxrpc_local *local, st= ruct sk_buff *skb) msg.msg_controllen =3D 0; msg.msg_flags =3D 0; =20 - memset(&whdr, 0, sizeof(whdr)); + whdr =3D (struct rxrpc_wire_header) { + .epoch =3D htonl(sp->hdr.epoch), + .cid =3D htonl(sp->hdr.cid), + .callNumber =3D htonl(sp->hdr.callNumber), + .serviceId =3D htons(sp->hdr.serviceId), + .flags =3D ~sp->hdr.flags & RXRPC_CLIENT_INITIATED, + }; =20 switch (skb->mark) { case RXRPC_SKB_MARK_REJECT_BUSY: @@ -837,6 +843,9 @@ void rxrpc_reject_packet(struct rxrpc_local *local, str= uct sk_buff *skb) size =3D sizeof(whdr); ioc =3D 1; break; + case RXRPC_SKB_MARK_REJECT_CONN_ABORT: + whdr.callNumber =3D 0; + fallthrough; case RXRPC_SKB_MARK_REJECT_ABORT: whdr.type =3D RXRPC_PACKET_TYPE_ABORT; code =3D htonl(skb->priority); @@ -850,14 +859,6 @@ void rxrpc_reject_packet(struct rxrpc_local *local, st= ruct sk_buff *skb) if (rxrpc_extract_addr_from_skb(&srx, skb) =3D=3D 0) { msg.msg_namelen =3D srx.transport_len; =20 - whdr.epoch =3D htonl(sp->hdr.epoch); - whdr.cid =3D htonl(sp->hdr.cid); - whdr.callNumber =3D htonl(sp->hdr.callNumber); - whdr.serviceId =3D htons(sp->hdr.serviceId); - whdr.flags =3D sp->hdr.flags; - whdr.flags ^=3D RXRPC_CLIENT_INITIATED; - whdr.flags &=3D RXRPC_CLIENT_INITIATED; - iov_iter_kvec(&msg.msg_iter, WRITE, iov, ioc, size); ret =3D do_udp_sendmsg(local->socket, &msg, size); if (ret < 0) diff --git a/net/rxrpc/security.c b/net/rxrpc/security.c index 078d91a6b77f..2bfbf2b2bb37 100644 --- a/net/rxrpc/security.c +++ b/net/rxrpc/security.c @@ -140,15 +140,15 @@ const struct rxrpc_security *rxrpc_get_incoming_secur= ity(struct rxrpc_sock *rx, =20 sec =3D rxrpc_security_lookup(sp->hdr.securityIndex); if (!sec) { - rxrpc_direct_abort(skb, rxrpc_abort_unsupported_security, - RX_INVALID_OPERATION, -EKEYREJECTED); + rxrpc_direct_conn_abort(skb, rxrpc_abort_unsupported_security, + RX_INVALID_OPERATION, -EKEYREJECTED); return NULL; } =20 if (sp->hdr.securityIndex !=3D RXRPC_SECURITY_NONE && !rx->securities) { - rxrpc_direct_abort(skb, rxrpc_abort_no_service_key, - sec->no_key_abort, -EKEYREJECTED); + rxrpc_direct_conn_abort(skb, rxrpc_abort_no_service_key, + sec->no_key_abort, -EKEYREJECTED); return NULL; }