From: Jan Karcher <jaka@linux.ibm.com>
To: Paolo Abeni <pabeni@redhat.com>,
Jeongjun Park <aha310510@gmail.com>,
wenjia@linux.ibm.com, alibuda@linux.alibaba.com,
tonylu@linux.alibaba.com, guwen@linux.alibaba.com
Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
dust.li@linux.alibaba.com, ubraun@linux.vnet.ibm.com,
utz.bacher@de.ibm.com, linux-s390@vger.kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH net,v5,2/2] net/smc: modify smc_sock structure
Date: Wed, 21 Aug 2024 07:41:18 +0200 [thread overview]
Message-ID: <42f2d707-cf7e-4cb7-a10b-8bd2e851879e@linux.ibm.com> (raw)
In-Reply-To: <e0f35083-7604-4766-990a-f77554e0202f@redhat.com>
On 20/08/2024 12:45, Paolo Abeni wrote:
>
>
> On 8/15/24 06:39, Jeongjun Park wrote:
>> Since inet_sk(sk)->pinet6 and smc_sk(sk)->clcsock practically
>> point to the same address, when smc_create_clcsk() stores the newly
>> created clcsock in smc_sk(sk)->clcsock, inet_sk(sk)->pinet6 is corrupted
>> into clcsock. This causes NULL pointer dereference and various other
>> memory corruptions.
>>
>> To solve this, we need to modify the smc_sock structure.
>>
>> Fixes: ac7138746e14 ("smc: establish new socket family")
>> Signed-off-by: Jeongjun Park <aha310510@gmail.com>
>> ---
>> net/smc/smc.h | 5 ++++-
>> 1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/smc/smc.h b/net/smc/smc.h
>> index 34b781e463c4..0d67a02a6ab1 100644
>> --- a/net/smc/smc.h
>> +++ b/net/smc/smc.h
>> @@ -283,7 +283,10 @@ struct smc_connection {
>> };
>> struct smc_sock { /* smc sock container */
>> - struct sock sk;
>> + union {
>> + struct sock sk;
>> + struct inet_sock inet;
>> + };
>> struct socket *clcsock; /* internal tcp socket */
>> void (*clcsk_state_change)(struct sock *sk);
>> /* original stat_change fct. */
>
> As per the running discussion here:
>
> https://lore.kernel.org/all/5ad4de6f-48d4-4d1b-b062-e1cd2e8b3600@linux.ibm.com/#t
>
> you should include at least a add a comment to the union, describing
> which one is used in which case.
>
> My personal preference would be directly replacing 'struct sk' with
> 'struct inet_sock inet;' and adjust all the smc->sk access accordingly,
> likely via a new helper.
>
> I understand that would be much more invasive, but would align with
> other AF.
Hi all,
thanks for looking into this patch and providing your view on this topic.
My personal prefernce is clean. I want to have a clean SMC protocol, in
order to get it on a good path for future improvements.
The union, IMO, is not clean. It makes the problem less implicit but the
problem is still there.
Jeongjun, do i understand correct that you've tested the change proposed
by Alexandra with more changes required?
"""
Although this fix would require more code changes, we tested the bug and
confirmed that it was not triggered and the functionality was working
normally.
"""
https://lore.kernel.org/all/20240814150558.46178-1-aha310510@gmail.com/
If so would you mind adding a helper for this check as Paolo suggested
and send it?
This way we see which change is better for the future.
The statement that SMC would be more aligned with other AFs is already a
big win in my book.
Thanks
- Jan
>
> Thanks,
>
> Paolo
>
next prev parent reply other threads:[~2024-08-21 5:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-15 4:37 [PATCH net,v5,0/2] net/smc: prevent NULL pointer dereference in txopt_get Jeongjun Park
2024-08-15 4:38 ` [PATCH net,v5,1/2] net/smc: initialize ipv6_pinfo_offset in smc_inet6_prot and add smc6_sock structure Jeongjun Park
2024-08-20 10:31 ` Jeongjun Park
2024-08-15 4:39 ` [PATCH net,v5,2/2] net/smc: modify smc_sock structure Jeongjun Park
2024-08-20 10:34 ` Jeongjun Park
2024-08-20 10:45 ` Paolo Abeni
2024-08-20 11:02 ` Jeongjun Park
2024-08-21 5:41 ` Jan Karcher [this message]
2024-08-21 11:06 ` Jeongjun Park
2024-08-22 7:19 ` Jan Karcher
2024-08-26 2:56 ` D. Wythe
2024-08-26 19:24 ` Jan Karcher
2024-08-27 3:50 ` Jeongjun Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42f2d707-cf7e-4cb7-a10b-8bd2e851879e@linux.ibm.com \
--to=jaka@linux.ibm.com \
--cc=aha310510@gmail.com \
--cc=alibuda@linux.alibaba.com \
--cc=davem@davemloft.net \
--cc=dust.li@linux.alibaba.com \
--cc=edumazet@google.com \
--cc=guwen@linux.alibaba.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=tonylu@linux.alibaba.com \
--cc=ubraun@linux.vnet.ibm.com \
--cc=utz.bacher@de.ibm.com \
--cc=wenjia@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox