* [PATCH net v2 0/2] amt: fix several bugs in gateway mode
@ 2022-05-17 7:05 Taehee Yoo
2022-05-17 7:05 ` [PATCH net v2 1/2] amt: fix gateway mode stuck Taehee Yoo
2022-05-17 7:05 ` [PATCH net v2 2/2] amt: do not skip remaining handling of advertisement message Taehee Yoo
0 siblings, 2 replies; 5+ messages in thread
From: Taehee Yoo @ 2022-05-17 7:05 UTC (permalink / raw)
To: davem, kuba, pabeni, edumazet, netdev; +Cc: ap420073
This patchset fixes bugs in amt module.
First patch fixes amt gateway mode's status stuck.
amt gateway and relay established so these two mode manage status.
But gateway stuck to change its own status if a relay doesn't send
responses.
Second patch fixes a memory leak.
an amt gateway skips some handling of advertisement message.
So, a memory leak would occur.
v2:
- Separate patch
- Add patch cover-letter
Taehee Yoo (2):
amt: fix gateway mode stuck
amt: do not skip remaining handling of advertisement message
drivers/net/amt.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--
2.17.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH net v2 1/2] amt: fix gateway mode stuck
2022-05-17 7:05 [PATCH net v2 0/2] amt: fix several bugs in gateway mode Taehee Yoo
@ 2022-05-17 7:05 ` Taehee Yoo
2022-05-17 7:05 ` [PATCH net v2 2/2] amt: do not skip remaining handling of advertisement message Taehee Yoo
1 sibling, 0 replies; 5+ messages in thread
From: Taehee Yoo @ 2022-05-17 7:05 UTC (permalink / raw)
To: davem, kuba, pabeni, edumazet, netdev; +Cc: ap420073
If a gateway can not receive any response to requests from a relay,
gateway resets status from SENT_REQUEST to INIT and variable about a
relay as well. And then it should start the full establish step
from sending a discovery message and receiving advertisement message.
But, after failure in amt_req_work() it continues sending a request
message step with flushed(invalid) relay information and sets SENT_REQUEST.
So, a gateway can't be established with a relay.
In order to avoid this situation, it stops sending the request message
step if it fails.
Fixes: cbc21dc1cfe9 ("amt: add data plane of amt interface")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
---
v2:
- Separate patch.
drivers/net/amt.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/amt.c b/drivers/net/amt.c
index 10455c9b9da0..2b4ce3869f08 100644
--- a/drivers/net/amt.c
+++ b/drivers/net/amt.c
@@ -943,7 +943,7 @@ static void amt_req_work(struct work_struct *work)
if (amt->status < AMT_STATUS_RECEIVED_ADVERTISEMENT)
goto out;
- if (amt->req_cnt++ > AMT_MAX_REQ_COUNT) {
+ if (amt->req_cnt > AMT_MAX_REQ_COUNT) {
netdev_dbg(amt->dev, "Gateway is not ready");
amt->qi = AMT_INIT_REQ_TIMEOUT;
amt->ready4 = false;
@@ -951,13 +951,15 @@ static void amt_req_work(struct work_struct *work)
amt->remote_ip = 0;
__amt_update_gw_status(amt, AMT_STATUS_INIT, false);
amt->req_cnt = 0;
+ goto out;
}
spin_unlock_bh(&amt->lock);
amt_send_request(amt, false);
amt_send_request(amt, true);
- amt_update_gw_status(amt, AMT_STATUS_SENT_REQUEST, true);
spin_lock_bh(&amt->lock);
+ __amt_update_gw_status(amt, AMT_STATUS_SENT_REQUEST, true);
+ amt->req_cnt++;
out:
exp = min_t(u32, (1 * (1 << amt->req_cnt)), AMT_MAX_REQ_TIMEOUT);
mod_delayed_work(amt_wq, &amt->req_wq, msecs_to_jiffies(exp * 1000));
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net v2 2/2] amt: do not skip remaining handling of advertisement message
2022-05-17 7:05 [PATCH net v2 0/2] amt: fix several bugs in gateway mode Taehee Yoo
2022-05-17 7:05 ` [PATCH net v2 1/2] amt: fix gateway mode stuck Taehee Yoo
@ 2022-05-17 7:05 ` Taehee Yoo
2022-05-17 22:24 ` Jakub Kicinski
1 sibling, 1 reply; 5+ messages in thread
From: Taehee Yoo @ 2022-05-17 7:05 UTC (permalink / raw)
To: davem, kuba, pabeni, edumazet, netdev; +Cc: ap420073
When a gateway receives an advertisement message, it extracts relay
information and then it should be deleted.
But the advertisement handler doesn't do that.
So, after amt_advertisement_handler(), that message should not be skipped
remaining handling.
Fixes: cbc21dc1cfe9 ("amt: add data plane of amt interface")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
---
v2:
- Separate patch
drivers/net/amt.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/amt.c b/drivers/net/amt.c
index 2b4ce3869f08..6ce2ecd07640 100644
--- a/drivers/net/amt.c
+++ b/drivers/net/amt.c
@@ -2698,9 +2698,10 @@ static int amt_rcv(struct sock *sk, struct sk_buff *skb)
err = true;
goto drop;
}
- if (amt_advertisement_handler(amt, skb))
+ err = amt_advertisement_handler(amt, skb);
+ if (err)
amt->dev->stats.rx_dropped++;
- goto out;
+ break;
case AMT_MSG_MULTICAST_DATA:
if (iph->saddr != amt->remote_ip) {
netdev_dbg(amt->dev, "Invalid Relay IP\n");
--
2.17.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net v2 2/2] amt: do not skip remaining handling of advertisement message
2022-05-17 7:05 ` [PATCH net v2 2/2] amt: do not skip remaining handling of advertisement message Taehee Yoo
@ 2022-05-17 22:24 ` Jakub Kicinski
2022-05-18 0:21 ` Taehee Yoo
0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2022-05-17 22:24 UTC (permalink / raw)
To: Taehee Yoo; +Cc: davem, pabeni, edumazet, netdev
On Tue, 17 May 2022 07:05:27 +0000 Taehee Yoo wrote:
> When a gateway receives an advertisement message, it extracts relay
> information and then it should be deleted.
> But the advertisement handler doesn't do that.
> So, after amt_advertisement_handler(), that message should not be skipped
> remaining handling.
>
> Fixes: cbc21dc1cfe9 ("amt: add data plane of amt interface")
> Signed-off-by: Taehee Yoo <ap420073@gmail.com>
> diff --git a/drivers/net/amt.c b/drivers/net/amt.c
> index 2b4ce3869f08..6ce2ecd07640 100644
> --- a/drivers/net/amt.c
> +++ b/drivers/net/amt.c
> @@ -2698,9 +2698,10 @@ static int amt_rcv(struct sock *sk, struct sk_buff *skb)
> err = true;
> goto drop;
> }
> - if (amt_advertisement_handler(amt, skb))
> + err = amt_advertisement_handler(amt, skb);
> + if (err)
> amt->dev->stats.rx_dropped++;
> - goto out;
> + break;
> case AMT_MSG_MULTICAST_DATA:
> if (iph->saddr != amt->remote_ip) {
> netdev_dbg(amt->dev, "Invalid Relay IP\n");
I guess I'll have to spell it out for you more cause either you didn't
understand me or I don't understand your reply on v1. Here's the full
function:
2669 static int amt_rcv(struct sock *sk, struct sk_buff *skb)
2670 {
2671 struct amt_dev *amt;
2672 struct iphdr *iph;
2673 int type;
2674 bool err;
2675
2676 rcu_read_lock_bh();
2677 amt = rcu_dereference_sk_user_data(sk);
2678 if (!amt) {
2679 err = true;
2680 goto out;
2681 }
2682
2683 skb->dev = amt->dev;
2684 iph = ip_hdr(skb);
2685 type = amt_parse_type(skb);
2686 if (type == -1) {
2687 err = true;
2688 goto drop;
2689 }
2690
2691 if (amt->mode == AMT_MODE_GATEWAY) {
2692 switch (type) {
2693 case AMT_MSG_ADVERTISEMENT:
2694 if (iph->saddr != amt->discovery_ip) {
2695 netdev_dbg(amt->dev, "Invalid Relay IP\n");
2696 err = true;
2697 goto drop;
2698 }
2699 if (amt_advertisement_handler(amt, skb))
2700 amt->dev->stats.rx_dropped++;
2701 goto out;
2702 case AMT_MSG_MULTICAST_DATA:
2703 if (iph->saddr != amt->remote_ip) {
2704 netdev_dbg(amt->dev, "Invalid Relay IP\n");
2705 err = true;
2706 goto drop;
2707 }
2708 err = amt_multicast_data_handler(amt, skb);
2709 if (err)
2710 goto drop;
2711 else
2712 goto out;
2713 case AMT_MSG_MEMBERSHIP_QUERY:
2714 if (iph->saddr != amt->remote_ip) {
2715 netdev_dbg(amt->dev, "Invalid Relay IP\n");
2716 err = true;
2717 goto drop;
2718 }
2719 err = amt_membership_query_handler(amt, skb);
2720 if (err)
2721 goto drop;
2722 else
2723 goto out;
2724 default:
2725 err = true;
2726 netdev_dbg(amt->dev, "Invalid type of Gateway\n");
2727 break;
2728 }
2729 } else {
2730 switch (type) {
2731 case AMT_MSG_DISCOVERY:
2732 err = amt_discovery_handler(amt, skb);
2733 break;
2734 case AMT_MSG_REQUEST:
2735 err = amt_request_handler(amt, skb);
2736 break;
2737 case AMT_MSG_MEMBERSHIP_UPDATE:
2738 err = amt_update_handler(amt, skb);
2739 if (err)
2740 goto drop;
2741 else
2742 goto out;
2743 default:
2744 err = true;
2745 netdev_dbg(amt->dev, "Invalid type of relay\n");
2746 break;
2747 }
2748 }
2749 drop:
2750 if (err) {
2751 amt->dev->stats.rx_dropped++;
2752 kfree_skb(skb);
2753 } else {
2754 consume_skb(skb);
2755 }
2756 out:
2757 rcu_read_unlock_bh();
2758 return 0;
2759 }
You're changing line 2699, we used to bump the rx_dropped on line 2700
and then the goto on line 2701 takes us to line 2756 - unlock, return.
Now since you have replaced the goto on line 2701 with a "break" the
code will go from line 2701 to line 2749/2750. If err is set we'll
increase rx_dropped again on line 2751.
In other words rx_dropped will be increased both on line 2700 and
line 2751.
What am I missing?
Also I don't quite understand your commit message. The only thing we
used to skip is the freeing of the skb. Or do you mean we need to
return an error from amt_rcv() ?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net v2 2/2] amt: do not skip remaining handling of advertisement message
2022-05-17 22:24 ` Jakub Kicinski
@ 2022-05-18 0:21 ` Taehee Yoo
0 siblings, 0 replies; 5+ messages in thread
From: Taehee Yoo @ 2022-05-18 0:21 UTC (permalink / raw)
To: Jakub Kicinski; +Cc: davem, pabeni, edumazet, netdev
On 5/18/22 07:24, Jakub Kicinski wrote:
Hi Jakub,
Thank s a lot for your review!
> On Tue, 17 May 2022 07:05:27 +0000 Taehee Yoo wrote:
>> When a gateway receives an advertisement message, it extracts relay
>> information and then it should be deleted.
>> But the advertisement handler doesn't do that.
>> So, after amt_advertisement_handler(), that message should not be
skipped
>> remaining handling.
>>
>> Fixes: cbc21dc1cfe9 ("amt: add data plane of amt interface")
>> Signed-off-by: Taehee Yoo <ap420073@gmail.com>
>
>> diff --git a/drivers/net/amt.c b/drivers/net/amt.c
>> index 2b4ce3869f08..6ce2ecd07640 100644
>> --- a/drivers/net/amt.c
>> +++ b/drivers/net/amt.c
>> @@ -2698,9 +2698,10 @@ static int amt_rcv(struct sock *sk, struct
sk_buff *skb)
>> err = true;
>> goto drop;
>> }
>> - if (amt_advertisement_handler(amt, skb))
>> + err = amt_advertisement_handler(amt, skb);
>> + if (err)
>> amt->dev->stats.rx_dropped++;
>> - goto out;
>> + break;
>> case AMT_MSG_MULTICAST_DATA:
>> if (iph->saddr != amt->remote_ip) {
>> netdev_dbg(amt->dev, "Invalid Relay IP\n");
>
> I guess I'll have to spell it out for you more cause either you didn't
> understand me or I don't understand your reply on v1. Here's the full
> function:
>
> 2669 static int amt_rcv(struct sock *sk, struct sk_buff *skb)
> 2670 {
> 2671 struct amt_dev *amt;
> 2672 struct iphdr *iph;
> 2673 int type;
> 2674 bool err;
> 2675
> 2676 rcu_read_lock_bh();
> 2677 amt = rcu_dereference_sk_user_data(sk);
> 2678 if (!amt) {
> 2679 err = true;
> 2680 goto out;
> 2681 }
> 2682
> 2683 skb->dev = amt->dev;
> 2684 iph = ip_hdr(skb);
> 2685 type = amt_parse_type(skb);
> 2686 if (type == -1) {
> 2687 err = true;
> 2688 goto drop;
> 2689 }
> 2690
> 2691 if (amt->mode == AMT_MODE_GATEWAY) {
> 2692 switch (type) {
> 2693 case AMT_MSG_ADVERTISEMENT:
> 2694 if (iph->saddr != amt->discovery_ip) {
> 2695 netdev_dbg(amt->dev, "Invalid Relay IP\n");
> 2696 err = true;
> 2697 goto drop;
> 2698 }
> 2699 if (amt_advertisement_handler(amt, skb))
> 2700 amt->dev->stats.rx_dropped++;
> 2701 goto out;
> 2702 case AMT_MSG_MULTICAST_DATA:
> 2703 if (iph->saddr != amt->remote_ip) {
> 2704 netdev_dbg(amt->dev, "Invalid Relay IP\n");
> 2705 err = true;
> 2706 goto drop;
> 2707 }
> 2708 err = amt_multicast_data_handler(amt, skb);
> 2709 if (err)
> 2710 goto drop;
> 2711 else
> 2712 goto out;
> 2713 case AMT_MSG_MEMBERSHIP_QUERY:
> 2714 if (iph->saddr != amt->remote_ip) {
> 2715 netdev_dbg(amt->dev, "Invalid Relay IP\n");
> 2716 err = true;
> 2717 goto drop;
> 2718 }
> 2719 err = amt_membership_query_handler(amt, skb);
> 2720 if (err)
> 2721 goto drop;
> 2722 else
> 2723 goto out;
> 2724 default:
> 2725 err = true;
> 2726 netdev_dbg(amt->dev, "Invalid type of Gateway\n");
> 2727 break;
> 2728 }
> 2729 } else {
> 2730 switch (type) {
> 2731 case AMT_MSG_DISCOVERY:
> 2732 err = amt_discovery_handler(amt, skb);
> 2733 break;
> 2734 case AMT_MSG_REQUEST:
> 2735 err = amt_request_handler(amt, skb);
> 2736 break;
> 2737 case AMT_MSG_MEMBERSHIP_UPDATE:
> 2738 err = amt_update_handler(amt, skb);
> 2739 if (err)
> 2740 goto drop;
> 2741 else
> 2742 goto out;
> 2743 default:
> 2744 err = true;
> 2745 netdev_dbg(amt->dev, "Invalid type of relay\n");
> 2746 break;
> 2747 }
> 2748 }
> 2749 drop:
> 2750 if (err) {
> 2751 amt->dev->stats.rx_dropped++;
> 2752 kfree_skb(skb);
> 2753 } else {
> 2754 consume_skb(skb);
> 2755 }
> 2756 out:
> 2757 rcu_read_unlock_bh();
> 2758 return 0;
> 2759 }
>
> You're changing line 2699, we used to bump the rx_dropped on line 2700
> and then the goto on line 2701 takes us to line 2756 - unlock, return.
>
> Now since you have replaced the goto on line 2701 with a "break" the
> code will go from line 2701 to line 2749/2750. If err is set we'll
> increase rx_dropped again on line 2751.
>
> In other words rx_dropped will be increased both on line 2700 and
> line 2751.
>
> What am I missing?
>
> Also I don't quite understand your commit message. The only thing we
> used to skip is the freeing of the skb. Or do you mean we need to
> return an error from amt_rcv() ?
I'm so sorry that I fully misunderstood your review and I found my
mistakes...
The rx_dropped was disappeared in my sight even though you pointed.
I think I tried to check only skb, not rx_dropped.
Now I fully understand your review and my mistake.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-05-18 0:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-17 7:05 [PATCH net v2 0/2] amt: fix several bugs in gateway mode Taehee Yoo
2022-05-17 7:05 ` [PATCH net v2 1/2] amt: fix gateway mode stuck Taehee Yoo
2022-05-17 7:05 ` [PATCH net v2 2/2] amt: do not skip remaining handling of advertisement message Taehee Yoo
2022-05-17 22:24 ` Jakub Kicinski
2022-05-18 0:21 ` Taehee Yoo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.