From: "Levin, Alexander (Sasha Levin)" <alexander.levin@verizon.com>
To: Dave Watson <davejwatson@fb.com>
Cc: Ilya Lesokhin <ilyal@mellanox.com>,
Aviad Yehezkel <aviadye@mellanox.com>,
Boris Pismenny <borisp@mellanox.com>,
Liran Liss <liranl@mellanox.com>,
"Matan Barak" <matanb@mellanox.com>,
David Miller <davem@davemloft.net>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
Tom Herbert <tom@herbertland.com>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
Hannes Frederic Sowa <hannes@stressinduktion.org>,
Eric Dumazet <eric.dumazet@gmail.com>,
"Alexei Starovoitov" <alexei.starovoitov@gmail.com>,
"nmav@gnutls.org" <nmav@gnutls.org>,
"fridolin.pokorny@gmail.com" <fridolin.pokorny@gmail.com>
Subject: Re: [PATCH v3 net-next 1/4] tcp: ULP infrastructure
Date: Sun, 25 Jun 2017 02:42:53 +0000 [thread overview]
Message-ID: <20170625024258.qoynefxset3cmdla@sasha-lappy> (raw)
In-Reply-To: <20170614183714.GA80310@davejwatson-mba.dhcp.thefacebook.com>
On Wed, Jun 14, 2017 at 11:37:14AM -0700, Dave Watson wrote:
>Add the infrustructure for attaching Upper Layer Protocols (ULPs) over TCP
>sockets. Based on a similar infrastructure in tcp_cong. The idea is that any
>ULP can add its own logic by changing the TCP proto_ops structure to its own
>methods.
>
>Example usage:
>
>setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));
>
>modules will call:
>tcp_register_ulp(&tcp_tls_ulp_ops);
>
>to register/unregister their ulp, with an init function and name.
>
>A list of registered ulps will be returned by tcp_get_available_ulp, which is
>hooked up to /proc. Example:
>
>$ cat /proc/sys/net/ipv4/tcp_available_ulp
>tls
>
>There is currently no functionality to remove or chain ULPs, but
>it should be possible to add these in the future if needed.
>
>Signed-off-by: Boris Pismenny <borisp@mellanox.com>
>Signed-off-by: Dave Watson <davejwatson@fb.com>
Hey Dave,
I'm seeing the following while fuzzing, which was bisected to this commit:
==================================================================
BUG: KASAN: null-ptr-deref in copy_to_user include/linux/uaccess.h:168 [inline]
BUG: KASAN: null-ptr-deref in do_tcp_getsockopt.isra.33+0x24f/0x1e30 net/ipv4/tcp.c:3057
Read of size 4 at addr 0000000000000020 by task syz-executor1/15452
CPU: 0 PID: 15452 Comm: syz-executor1 Not tainted 4.12.0-rc6-next-20170623+ #173
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x11d/0x1e5 lib/dump_stack.c:52
kasan_report_error mm/kasan/report.c:349 [inline]
kasan_report+0x15e/0x370 mm/kasan/report.c:408
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x14b/0x1a0 mm/kasan/kasan.c:267
kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272
copy_to_user include/linux/uaccess.h:168 [inline]
do_tcp_getsockopt.isra.33+0x24f/0x1e30 net/ipv4/tcp.c:3057
tcp_getsockopt+0xb0/0xd0 net/ipv4/tcp.c:3194
sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2863
SYSC_getsockopt net/socket.c:1869 [inline]
SyS_getsockopt+0x180/0x360 net/socket.c:1851
do_syscall_64+0x267/0x740 arch/x86/entry/common.c:284
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x451759
RSP: 002b:00007f5dc2b1fc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451759
RDX: 000000000000001f RSI: 0000000000000006 RDI: 0000000000000005
RBP: 0000000000000c30 R08: 00000000207bf000 R09: 0000000000000000
R10: 0000000020000ffc R11: 0000000000000216 R12: 00000000004b824b
R13: 00000000ffffffff R14: 0000000000000005 R15: 0000000000000006
==================================================================
Disabling lock debugging due to kernel taint
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 15452 Comm: syz-executor1 Tainted: G B 4.12.0-rc6-next-20170623+ #173
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x11d/0x1e5 lib/dump_stack.c:52
panic+0x1bc/0x3ad kernel/panic.c:180
kasan_end_report+0x47/0x4f mm/kasan/report.c:176
kasan_report_error mm/kasan/report.c:356 [inline]
kasan_report+0x167/0x370 mm/kasan/report.c:408
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x14b/0x1a0 mm/kasan/kasan.c:267
kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272
copy_to_user include/linux/uaccess.h:168 [inline]
do_tcp_getsockopt.isra.33+0x24f/0x1e30 net/ipv4/tcp.c:3057
tcp_getsockopt+0xb0/0xd0 net/ipv4/tcp.c:3194
sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2863
SYSC_getsockopt net/socket.c:1869 [inline]
SyS_getsockopt+0x180/0x360 net/socket.c:1851
do_syscall_64+0x267/0x740 arch/x86/entry/common.c:284
entry_SYSCALL64_slow_path+0x25/0x25
RIP: 0033:0x451759
RSP: 002b:00007f5dc2b1fc08 EFLAGS: 00000216 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 0000000000451759
RDX: 000000000000001f RSI: 0000000000000006 RDI: 0000000000000005
RBP: 0000000000000c30 R08: 00000000207bf000 R09: 0000000000000000
R10: 0000000020000ffc R11: 0000000000000216 R12: 00000000004b824b
R13: 00000000ffffffff R14: 0000000000000005 R15: 0000000000000006
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x24800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Rebooting in 86400 seconds..
--
Thanks,
Sasha
next prev parent reply other threads:[~2017-06-25 2:43 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1497465295.git.davejwatson@fb.com>
2017-06-14 18:37 ` [PATCH v3 net-next 1/4] tcp: ULP infrastructure Dave Watson
2017-06-17 0:14 ` Christoph Paasch
2017-07-29 20:19 ` Tom Herbert
2017-06-25 2:42 ` Levin, Alexander (Sasha Levin) [this message]
2017-06-26 14:30 ` Dave Watson
2017-06-26 15:07 ` Levin, Alexander (Sasha Levin)
2017-07-29 20:12 ` Tom Herbert
2017-07-31 22:16 ` Dave Watson
2017-08-01 18:27 ` Tom Herbert
2017-06-14 18:37 ` [PATCH v3 net-next 2/4] tcp: export do_tcp_sendpages and tcp_rate_check_app_limited functions Dave Watson
2017-06-14 18:37 ` [PATCH v3 net-next 3/4] tls: kernel TLS support Dave Watson
2017-06-16 20:56 ` Stephen Hemminger
2017-06-16 20:58 ` Stephen Hemminger
2017-06-17 0:35 ` Dave Watson
2017-07-11 6:29 ` Steffen Klassert
2017-07-11 18:53 ` Dave Watson
2017-07-11 20:24 ` Eric Biggers
2017-07-12 7:20 ` Steffen Klassert
2017-07-12 18:34 ` Dave Watson
2017-06-14 18:37 ` [PATCH v3 net-next 4/4] tls: Documentation Dave Watson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170625024258.qoynefxset3cmdla@sasha-lappy \
--to=alexander.levin@verizon.com \
--cc=alexei.starovoitov@gmail.com \
--cc=aviadye@mellanox.com \
--cc=borisp@mellanox.com \
--cc=davejwatson@fb.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=fridolin.pokorny@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=herbert@gondor.apana.org.au \
--cc=ilyal@mellanox.com \
--cc=linux-crypto@vger.kernel.org \
--cc=liranl@mellanox.com \
--cc=matanb@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=nmav@gnutls.org \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox