From: Guillaume Nault <gnault@redhat.com>
To: David Miller <davem@davemloft.net>,
Jakub Kicinski <jakub.kicinski@netronome.com>
Cc: netdev@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
Arnd Bergmann <arnd@arndb.de>,
John Stultz <john.stultz@linaro.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: [PATCH net v3 0/3] tcp: fix handling of stale syncookies timestamps
Date: Fri, 6 Dec 2019 02:49:41 +0100 [thread overview]
Message-ID: <cover.1575595670.git.gnault@redhat.com> (raw)
The synflood timestamps (->ts_recent_stamp and ->synq_overflow_ts) are
only refreshed when the syncookie protection triggers. Therefore, their
value can become very far apart from jiffies if no synflood happens for
a long time.
If jiffies grows too much and wraps while the synflood timestamp isn't
refreshed, then time_after32() might consider the later to be in the
future. This can trick tcp_synq_no_recent_overflow() into returning
erroneous values and rejecting valid ACKs.
Patch 1 handles the case of ACKs using legitimate syncookies.
Patch 2 handles the case of stray ACKs.
Patch 3 annotates lockless timestamp operations with READ_ONCE() and
WRITE_ONCE().
Changes from v2:
- Define and use time_between32() instead of a pair of
time_before32/time_after32 (suggested by Eric Dumazet).
- Use 'last_overflow - HZ' as lower bound in
tcp_synq_no_recent_overflow(), to accommodate for concurrent
timestamp updates (found by Eric Dumazet).
- Add a third patch to annotate lockless accesses to .ts_recent_stamp.
Changes from v1:
- Initialising timestamps at socket creation time is not enough
because jiffies wraps in 24 days with HZ=1000 (Eric Dumazet).
Handle stale timestamps in tcp_synq_overflow() and
tcp_synq_no_recent_overflow() instead.
- Rework commit description.
- Add a second patch to handle the case of stray ACKs.
Guillaume Nault (3):
tcp: fix rejected syncookies due to stale timestamps
tcp: tighten acceptance of ACKs not matching a child socket
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
include/linux/time.h | 13 +++++++++++++
include/net/tcp.h | 27 +++++++++++++++++++--------
2 files changed, 32 insertions(+), 8 deletions(-)
--
2.21.0
next reply other threads:[~2019-12-06 1:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-06 1:49 Guillaume Nault [this message]
2019-12-06 1:49 ` [PATCH net v3 1/3] tcp: fix rejected syncookies due to stale timestamps Guillaume Nault
2019-12-06 3:41 ` Eric Dumazet
2019-12-06 11:03 ` Guillaume Nault
2019-12-06 1:49 ` [PATCH net v3 2/3] tcp: tighten acceptance of ACKs not matching a child socket Guillaume Nault
2019-12-06 3:45 ` Eric Dumazet
2019-12-06 1:50 ` [PATCH net v3 3/3] tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE() Guillaume Nault
2019-12-06 3:50 ` Eric Dumazet
2019-12-06 11:08 ` Guillaume Nault
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1575595670.git.gnault@redhat.com \
--to=gnault@redhat.com \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jakub.kicinski@netronome.com \
--cc=john.stultz@linaro.org \
--cc=netdev@vger.kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.