From patchwork Fri Jun 22 15:21:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Fastabend X-Patchwork-Id: 933459 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41C2Pk0MR0z9s4V for ; Sat, 23 Jun 2018 01:22:50 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933858AbeFVPWc (ORCPT ); Fri, 22 Jun 2018 11:22:32 -0400 Received: from [184.63.162.180] ([184.63.162.180]:47912 "EHLO john-Precision-Tower-5810" rhost-flags-FAIL-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S933821AbeFVPW3 (ORCPT ); Fri, 22 Jun 2018 11:22:29 -0400 Received: from [127.0.1.1] (localhost [127.0.0.1]) by john-Precision-Tower-5810 (Postfix) with ESMTP id 2F23CD43225; Fri, 22 Jun 2018 08:21:29 -0700 (PDT) Subject: [bpf PATCH v3 0/4] BPF fixes for sockhash From: John Fastabend To: john.fastabend@gmail.com, ast@kernel.org, daniel@iogearbox.net, kafai@fb.com Cc: netdev@vger.kernel.org Date: Fri, 22 Jun 2018 08:21:29 -0700 Message-ID: <20180622151123.24502.56029.stgit@john-Precision-Tower-5810> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This addresses two syzbot issues that lead to identifying (by Eric and Wei) a class of bugs where we don't correctly check for IPv4/v6 sockets and their associated state. The second issue was a locking omission in sockhash. The first patch addresses IPv6 socks and fixing an error where sockhash would overwrite the prot pointer with IPv4 prot. To fix this build similar solution to TLS ULP. Although we continue to allow socks in all states not just ESTABLISH in this patch set because as Martin points out there should be no issue with this on the sockmap ULP because we don't use the ctx in this code. The other issue syzbot found that the tcp_close() handler missed locking the hash bucket lock which could result in corrupting the sockhash bucket list if delete and close ran at the same time. And also the smap_list_remove() routine was not working correctly at all. This was not caught in my testing because in general my tests (to date at least lets add some more robust selftest in bpf-next) do things in the "expected" order, create map, add socks, delete socks, then tear down maps. The tests we have that do the ops out of this order where only working on single maps not multi- maps so we never saw the issue. Thanks syzbot. The fix is to restructure the tcp_close() lock handling. And fix the obvious bug in smap_list_remove(). Finally, during review I noticed the release handler was omitted from the upstream code (patch 4) due to an incorrect merge conflict fix when I ported the code to latest bpf-next before submitting. v3: rework patches, dropping ESTABLISH check and adding rcu annotation along with the smap_list_remove fix Also big thanks to Martin for thorough review he caught at least one case where I missed a rcu_call(). --- John Fastabend (4): bpf: sockmap, fix crash when ipv6 sock is added bpf: sockmap, fix smap_list_map_remove when psock is in many maps bpf: sockhash fix omitted bucket lock in sock_close bpf: sockhash, add release routine kernel/bpf/sockmap.c | 210 ++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 153 insertions(+), 57 deletions(-) -- Signature