From: Marcelo Ricardo Leitner <mleitner@redhat.com>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: netdev@vger.kernel.org, linux-sctp@vger.kernel.org,
Daniel Borkmann <daniel@iogearbox.net>,
Vlad Yasevich <vyasevich@gmail.com>,
Michio Honda <micchie@sfc.wide.ad.jp>
Subject: Re: [PATCH] sctp: fix ASCONF list handling
Date: Thu, 28 May 2015 14:46:29 +0000 [thread overview]
Message-ID: <20150528144629.GD3387@localhost.localdomain> (raw)
In-Reply-To: <20150528132732.GC3387@localhost.localdomain>
On Thu, May 28, 2015 at 10:27:32AM -0300, Marcelo Ricardo Leitner wrote:
> On Thu, May 28, 2015 at 08:17:27AM -0300, Marcelo Ricardo Leitner wrote:
> > On Thu, May 28, 2015 at 06:15:11AM -0400, Neil Horman wrote:
> > > On Wed, May 27, 2015 at 09:52:17PM -0300, mleitner@redhat.com wrote:
> > > > From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> > > >
> > > > ->auto_asconf_splist is per namespace and mangled by functions like
> > > > sctp_setsockopt_auto_asconf() which doesn't guarantee any serialization.
> > > >
> > > > Also, the call to inet_sk_copy_descendant() was backuping
> > > > ->auto_asconf_list through the copy but was not honoring
> > > > ->do_auto_asconf, which could lead to list corruption if it was
> > > > different between both sockets.
> > > >
> > > > This commit thus fixes the list handling by adding a spinlock to protect
> > > > against multiple writers and converts the list to be protected by RCU
> > > > too, so that we don't have a lock inverstion issue at
> > > > sctp_addr_wq_timeout_handler().
> > > >
> > > > And as this list now uses RCU, we cannot do such backup and restore
> > > > while copying descendant data anymore as readers may be traversing the
> > > > list meanwhile. We fix this by simply ignoring/not copying those fields,
> > > > placed at the end of struct sctp_sock, so we can just ignore it together
> > > > with struct ipv6_pinfo data. For that we create sctp_copy_descendant()
> > > > so we don't clutter inet_sk_copy_descendant() with SCTP info.
> > > >
> > > > Issue was found with a test application that kept flipping sysctl
> > > > default_auto_asconf on and off.
> > > >
> > > > Fixes: 9f7d653b67ae ("sctp: Add Auto-ASCONF support (core).")
> > > > Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> > > > ---
> > > > include/net/netns/sctp.h | 6 +++++-
> > > > include/net/sctp/structs.h | 2 ++
> > > > net/sctp/protocol.c | 6 +++++-
> > > > net/sctp/socket.c | 39 ++++++++++++++++++++++++++-------------
> > > > 4 files changed, 38 insertions(+), 15 deletions(-)
> > > >
> > > > diff --git a/include/net/netns/sctp.h b/include/net/netns/sctp.h
> > > > index 3573a81815ad9e0efb6ceb721eb066d3726419f0..e080bebb3147af39c8275261f57018eb01e917b0 100644
> > > > --- a/include/net/netns/sctp.h
> > > > +++ b/include/net/netns/sctp.h
> > > > @@ -30,12 +30,15 @@ struct netns_sctp {
> > > > struct list_head local_addr_list;
> > > > struct list_head addr_waitq;
> > > > struct timer_list addr_wq_timer;
> > > > - struct list_head auto_asconf_splist;
> > > > + struct list_head __rcu auto_asconf_splist;
> > > You should use the addr_wq_lock here instead of creating a new lock, as thats
> > > already used to protect most accesses to the list you are concerned about.
> >
> > Ok, that works too.
> >
> > > Though truthfully, that shouldn't be necessecary. The list in question is only
> > > read in one location and only written in one location. You can likely just
> > > rcu-ify, as the write side is in process context and protected by lock_sock.
> >
> > It should, it's not protected by lock_sock as this list resides in
> > netns_sctp structure, which lock_sock doesn't cover. Write side is in
> > process context yes, but this list is written in sctp_init_sock(),
> > sctp_destroy_sock() and sctp_setsockopt_auto_asconf(), so one could
> > trigger this by either creating/destroying sockets if
> > default_auto_asconf=1 or just by creating a bunch of sockets and
> > flipping asconf via setsockopt (or a combination of these operations).
> > (I'll point this out in the changelog)
>
> Hmm.. by reusing addr_wq_lock we don't need to rcu-ify the list, as the
> reader is inside that lock too, so I can just protect auto_asconf_splist
> writers with addr_wq_lock.
>
> Nice, thanks Neil.
Cannot really do that.. as that creates a lock inversion between
sctp_destroy_sock() (which already holds lock_sock) and
sctp_addr_wq_timeout_handler(), which first grabs addr_wq_lock and then
locks socket by socket.
Due to that, I'm afraid reusing this lock is not possible, and we should
stick with the patch.. what do you think? (though I have to fix the nits
in there)
Marcelo
WARNING: multiple messages have this Message-ID (diff)
From: Marcelo Ricardo Leitner <mleitner@redhat.com>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: netdev@vger.kernel.org, linux-sctp@vger.kernel.org,
Daniel Borkmann <daniel@iogearbox.net>,
Vlad Yasevich <vyasevich@gmail.com>,
Michio Honda <micchie@sfc.wide.ad.jp>
Subject: Re: [PATCH] sctp: fix ASCONF list handling
Date: Thu, 28 May 2015 11:46:29 -0300 [thread overview]
Message-ID: <20150528144629.GD3387@localhost.localdomain> (raw)
In-Reply-To: <20150528132732.GC3387@localhost.localdomain>
On Thu, May 28, 2015 at 10:27:32AM -0300, Marcelo Ricardo Leitner wrote:
> On Thu, May 28, 2015 at 08:17:27AM -0300, Marcelo Ricardo Leitner wrote:
> > On Thu, May 28, 2015 at 06:15:11AM -0400, Neil Horman wrote:
> > > On Wed, May 27, 2015 at 09:52:17PM -0300, mleitner@redhat.com wrote:
> > > > From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> > > >
> > > > ->auto_asconf_splist is per namespace and mangled by functions like
> > > > sctp_setsockopt_auto_asconf() which doesn't guarantee any serialization.
> > > >
> > > > Also, the call to inet_sk_copy_descendant() was backuping
> > > > ->auto_asconf_list through the copy but was not honoring
> > > > ->do_auto_asconf, which could lead to list corruption if it was
> > > > different between both sockets.
> > > >
> > > > This commit thus fixes the list handling by adding a spinlock to protect
> > > > against multiple writers and converts the list to be protected by RCU
> > > > too, so that we don't have a lock inverstion issue at
> > > > sctp_addr_wq_timeout_handler().
> > > >
> > > > And as this list now uses RCU, we cannot do such backup and restore
> > > > while copying descendant data anymore as readers may be traversing the
> > > > list meanwhile. We fix this by simply ignoring/not copying those fields,
> > > > placed at the end of struct sctp_sock, so we can just ignore it together
> > > > with struct ipv6_pinfo data. For that we create sctp_copy_descendant()
> > > > so we don't clutter inet_sk_copy_descendant() with SCTP info.
> > > >
> > > > Issue was found with a test application that kept flipping sysctl
> > > > default_auto_asconf on and off.
> > > >
> > > > Fixes: 9f7d653b67ae ("sctp: Add Auto-ASCONF support (core).")
> > > > Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> > > > ---
> > > > include/net/netns/sctp.h | 6 +++++-
> > > > include/net/sctp/structs.h | 2 ++
> > > > net/sctp/protocol.c | 6 +++++-
> > > > net/sctp/socket.c | 39 ++++++++++++++++++++++++++-------------
> > > > 4 files changed, 38 insertions(+), 15 deletions(-)
> > > >
> > > > diff --git a/include/net/netns/sctp.h b/include/net/netns/sctp.h
> > > > index 3573a81815ad9e0efb6ceb721eb066d3726419f0..e080bebb3147af39c8275261f57018eb01e917b0 100644
> > > > --- a/include/net/netns/sctp.h
> > > > +++ b/include/net/netns/sctp.h
> > > > @@ -30,12 +30,15 @@ struct netns_sctp {
> > > > struct list_head local_addr_list;
> > > > struct list_head addr_waitq;
> > > > struct timer_list addr_wq_timer;
> > > > - struct list_head auto_asconf_splist;
> > > > + struct list_head __rcu auto_asconf_splist;
> > > You should use the addr_wq_lock here instead of creating a new lock, as thats
> > > already used to protect most accesses to the list you are concerned about.
> >
> > Ok, that works too.
> >
> > > Though truthfully, that shouldn't be necessecary. The list in question is only
> > > read in one location and only written in one location. You can likely just
> > > rcu-ify, as the write side is in process context and protected by lock_sock.
> >
> > It should, it's not protected by lock_sock as this list resides in
> > netns_sctp structure, which lock_sock doesn't cover. Write side is in
> > process context yes, but this list is written in sctp_init_sock(),
> > sctp_destroy_sock() and sctp_setsockopt_auto_asconf(), so one could
> > trigger this by either creating/destroying sockets if
> > default_auto_asconf=1 or just by creating a bunch of sockets and
> > flipping asconf via setsockopt (or a combination of these operations).
> > (I'll point this out in the changelog)
>
> Hmm.. by reusing addr_wq_lock we don't need to rcu-ify the list, as the
> reader is inside that lock too, so I can just protect auto_asconf_splist
> writers with addr_wq_lock.
>
> Nice, thanks Neil.
Cannot really do that.. as that creates a lock inversion between
sctp_destroy_sock() (which already holds lock_sock) and
sctp_addr_wq_timeout_handler(), which first grabs addr_wq_lock and then
locks socket by socket.
Due to that, I'm afraid reusing this lock is not possible, and we should
stick with the patch.. what do you think? (though I have to fix the nits
in there)
Marcelo
next prev parent reply other threads:[~2015-05-28 14:46 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-28 0:52 [PATCH] sctp: fix ASCONF list handling mleitner
2015-05-28 0:52 ` mleitner
2015-05-28 10:15 ` Neil Horman
2015-05-28 10:15 ` Neil Horman
2015-05-28 11:17 ` Marcelo Ricardo Leitner
2015-05-28 11:17 ` Marcelo Ricardo Leitner
2015-05-28 13:27 ` Marcelo Ricardo Leitner
2015-05-28 13:27 ` Marcelo Ricardo Leitner
2015-05-28 14:31 ` Neil Horman
2015-05-28 14:31 ` Neil Horman
2015-05-28 14:46 ` Marcelo Ricardo Leitner [this message]
2015-05-28 14:46 ` Marcelo Ricardo Leitner
2015-05-29 13:17 ` Neil Horman
2015-05-29 13:17 ` Neil Horman
2015-05-29 16:50 ` Marcelo Ricardo Leitner
2015-05-29 16:50 ` Marcelo Ricardo Leitner
2015-06-01 14:00 ` Neil Horman
2015-06-01 14:00 ` Neil Horman
2015-06-01 22:28 ` Marcelo Ricardo Leitner
2015-06-01 22:28 ` Marcelo Ricardo Leitner
2015-06-02 13:48 ` Neil Horman
2015-06-02 13:48 ` Neil Horman
2015-06-03 16:54 ` [PATCH v2 1/2] sctp: rcu-ify addr_waitq mleitner
2015-06-03 16:54 ` mleitner
2015-06-03 17:19 ` Marcelo Ricardo Leitner
2015-06-03 17:19 ` Marcelo Ricardo Leitner
2015-06-04 14:27 ` Neil Horman
2015-06-04 14:27 ` Neil Horman
2015-06-05 14:18 ` Marcelo Ricardo Leitner
2015-06-05 14:18 ` Marcelo Ricardo Leitner
2015-06-05 17:08 ` [PATCH v3 " mleitner
2015-06-05 17:08 ` mleitner
2015-06-08 13:58 ` Neil Horman
2015-06-08 13:58 ` Neil Horman
2015-06-08 14:46 ` Hannes Frederic Sowa
2015-06-08 14:46 ` Hannes Frederic Sowa
2015-06-08 14:59 ` Hannes Frederic Sowa
2015-06-08 14:59 ` Hannes Frederic Sowa
2015-06-08 15:19 ` Neil Horman
2015-06-08 15:19 ` Neil Horman
2015-06-08 15:37 ` Hannes Frederic Sowa
2015-06-08 15:37 ` Hannes Frederic Sowa
2015-06-09 11:36 ` Neil Horman
2015-06-09 11:36 ` Neil Horman
2015-06-09 19:32 ` Marcelo Ricardo Leitner
2015-06-09 19:32 ` Marcelo Ricardo Leitner
2015-06-10 13:31 ` Marcelo Ricardo Leitner
2015-06-10 13:31 ` Marcelo Ricardo Leitner
2015-06-10 19:14 ` Neil Horman
2015-06-10 19:14 ` Neil Horman
2015-06-11 14:30 ` [PATCH v4] sctp: fix ASCONF list handling mleitner
2015-06-11 14:30 ` mleitner
2015-06-11 23:31 ` David Miller
2015-06-11 23:31 ` David Miller
2015-06-12 13:16 ` [PATCH v5] " marcelo.leitner
2015-06-12 13:16 ` marcelo.leitner
2015-06-14 19:56 ` David Miller
2015-06-14 19:56 ` David Miller
2015-06-05 17:08 ` [PATCH v3 2/2] " mleitner
2015-06-05 17:08 ` mleitner
2015-06-08 20:09 ` Hannes Frederic Sowa
2015-06-08 20:09 ` Hannes Frederic Sowa
2015-06-09 15:37 ` Marcelo Ricardo Leitner
2015-06-09 15:37 ` Marcelo Ricardo Leitner
2015-06-09 17:04 ` Neil Horman
2015-06-09 17:04 ` Neil Horman
2015-06-03 16:54 ` [PATCH v2 " mleitner
2015-06-03 16:54 ` mleitner
-- strict thread matches above, loose matches on Subject: below --
2015-09-07 3:35 [PATCH][request stable 3.10 inclusion] CVE-2015-3212 Wang Kai
2015-09-07 3:35 ` [PATCH] sctp: fix ASCONF list handling Wang Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150528144629.GD3387@localhost.localdomain \
--to=mleitner@redhat.com \
--cc=daniel@iogearbox.net \
--cc=linux-sctp@vger.kernel.org \
--cc=micchie@sfc.wide.ad.jp \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.