Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

> Keep reference on socket file while wait send memory #3488

Closed
wants to merge 3 commits into from
Closed

> Keep reference on socket file while wait send memory #3488

wants to merge 3 commits into from

Conversation

kernel-patches-bot
Copy link

Pull request for series with
subject: > Keep reference on socket file while wait send memory
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487

@kernel-patches-bot
Copy link
Author

Master branch: 10b62d6
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 54c9397
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 4961d07
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: cea5588
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 8308bf2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 8308bf2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 1f23577
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 1f23577
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 807662c
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 807662c
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 738a2f2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 738a2f2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: df78da2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: df78da2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: df78da2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: e34cfee
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: e34cfee
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: fb8d784
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: fb8d784
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 75179e2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: 75179e2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: e918cd2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: b979f00
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@kernel-patches-bot
Copy link
Author

Master branch: b979f00
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=667487
version: 1

@liujian56
sk_msg: Keep reference on socket file while wait_memory
948bacd 
Fix the below NULL pointer dereference:

[   14.471200] Call Trace:
[   14.471562]  <TASK>
[   14.471882]  lock_acquire+0x245/0x2e0
[   14.472416]  ? remove_wait_queue+0x12/0x50
[   14.473014]  ? _raw_spin_lock_irqsave+0x17/0x50
[   14.473681]  _raw_spin_lock_irqsave+0x3d/0x50
[   14.474318]  ? remove_wait_queue+0x12/0x50
[   14.474907]  remove_wait_queue+0x12/0x50
[   14.475480]  sk_stream_wait_memory+0x20d/0x340
[   14.476127]  ? do_wait_intr_irq+0x80/0x80
[   14.476704]  do_tcp_sendpages+0x287/0x600
[   14.477283]  tcp_bpf_push+0xab/0x260
[   14.477817]  tcp_bpf_sendmsg_redir+0x297/0x500
[   14.478461]  ? __local_bh_enable_ip+0x77/0xe0
[   14.479096]  tcp_bpf_send_verdict+0x105/0x470
[   14.479729]  tcp_bpf_sendmsg+0x318/0x4f0
[   14.480311]  sock_sendmsg+0x2d/0x40
[   14.480822]  ____sys_sendmsg+0x1b4/0x1c0
[   14.481390]  ? copy_msghdr_from_user+0x62/0x80
[   14.482048]  ___sys_sendmsg+0x78/0xb0
[   14.482580]  ? vmf_insert_pfn_prot+0x91/0x150
[   14.483215]  ? __do_fault+0x2a/0x1a0
[   14.483738]  ? do_fault+0x15e/0x5d0
[   14.484246]  ? __handle_mm_fault+0x56b/0x1040
[   14.484874]  ? lock_is_held_type+0xdf/0x130
[   14.485474]  ? find_held_lock+0x2d/0x90
[   14.486046]  ? __sys_sendmsg+0x41/0x70
[   14.486587]  __sys_sendmsg+0x41/0x70
[   14.487105]  ? intel_pmu_drain_pebs_core+0x350/0x350
[   14.487822]  do_syscall_64+0x34/0x80
[   14.488345]  entry_SYSCALL_64_after_hwframe+0x63/0xcd

The test scene as following flow:
thread1                               thread2
-----------                           ---------------
 tcp_bpf_sendmsg
  tcp_bpf_send_verdict
   tcp_bpf_sendmsg_redir              sock_close
    tcp_bpf_push_locked                 __sock_release
     tcp_bpf_push                         //inet_release
      do_tcp_sendpages                    sock->ops->release
       sk_stream_wait_memory          	   // tcp_close
          sk_wait_event                      sk->sk_prot->close
           release_sock(__sk);
            ***

                                                lock_sock(sk);
                                                  __tcp_close
                                                    sock_orphan(sk)
                                                      sk->sk_wq  = NULL
                                                release_sock
            ****
           lock_sock(__sk);
          remove_wait_queue(sk_sleep(sk), &wait);
             sk_sleep(sk)
             //NULL pointer dereference
             &rcu_dereference_raw(sk->sk_wq)->wait

While waiting for memory in thread1, the socket is released with its wait
queue because thread2 has closed it. This caused by tcp_bpf_send_verdict
didn't increase the f_count of psock->sk_redir->sk_socket->file in thread1.

Avoid it by keeping a reference to the socket file while redirect sock wait
send memory. Refer to [1].

[1] https://lore.kernel.org/netdev/20190211090949.18560-1-jakub@cloudflare.com/

Signed-off-by: Liu Jian <liujian56@huawei.com>
Tested-by: Liu Jian <liujian56@huawei.com>
@liujian56
selftests/bpf: Add wait send memory test for sockmap redirect
83362a9 
Add one test for wait redirect sock's send memory test for sockmap.

Signed-off-by: Liu Jian <liujian56@huawei.com>
@kernel-patches-bot
Copy link
Author

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=667487 expired. Closing PR.

@kernel-patches-bot kernel-patches-bot deleted the series/667487=>bpf-next branch August 26, 2022 02:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bpf-next changes-requested V1
Projects
None yet
Milestone
No milestone
2 participants
@kernel-patches-bot @liujian56