From: Mat Martineau <mathew.j.martineau@linux.intel.com>
To: Davide Caratti <dcaratti@redhat.com>
Cc: mptcp@lists.linux.dev, Geliang Tang <geliangtang@gmail.com>,
Matthieu Baerts <matthieu.baerts@tessares.net>
Subject: Re: [PATCH net] mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer
Date: Fri, 14 May 2021 11:41:21 -0700 (PDT) [thread overview]
Message-ID: <543af854-5578-b9d1-d3b4-1a9cc19da4a@linux.intel.com> (raw)
In-Reply-To: <YJ4/V56p8zc/gcoy@dcaratti.users.ipa.redhat.com>
[-- Attachment #1: Type: text/plain, Size: 3235 bytes --]
On Fri, 14 May 2021, Davide Caratti wrote:
> hello Mat, thanks for reviewing!
>
> On Tue, May 11, 2021 at 03:39:14PM -0700, Mat Martineau wrote:
>> On Tue, 11 May 2021, Davide Caratti wrote:
>>
>>> when Linux receives an echo-ed ADD_ADDR, it checks the IP address against
>>> the list of "announced" addresses. In case of a positive match, the timer
>>> that handles retransmissions is stopped regardless of the 'Address Id' in
>>> the received packet: this behaviour does not comply with RFC8684 §3.4.1.
>>>
>>> Fix it by validating the 'Address Id' in received echo-ed ADD_ADDRs.
>>> Tested using packetdrill, with the following captured output:
>>>
>>
>> Hi Davide -
>>
>> The code path for ADD_ADDR echo ignores the return value of
>> mptcp_pm_del_add_timer(), so there's no chance there of leaving
>> entry->add_timer running if the addr.id doesn't match.
>
> true, and that's the purpose of this patch. When addr.id doesn't match,
> it leaves the timer running to allow another attempt of ADD_ADDR + HMAC.
>
>> The function is also called by remove_anno_list_by_saddr(), which will free
>> 'entry' if a non-NULL value is returned by mptcp_pm_del_add_timer(). There's
>> more of a chance here that the sk_stop_timer_sync() would be skipped and
>> entry would be freed anyway. Looking at the various paths to this in the
>> path manager it seems like it *should* not happen, but I'm not convinced
>> it's impossible. Did you look at the effect of this change on these other
>> code paths?
>
> good point, I only tried packetdrill and the kselftests. I see
>
> mptcp_pm_remove_anno_addr()
> remove_anno_list_by_saddr()
>
> and its callers: in this case,either 'addr.id' is always read from the return
> value of
>
> __lookup_addr_by_id(pernet, addr.addr.id);
>
> or by iterating over
>
> &pernet->local_addr_list
>
> , so those should all be 'signal' endpoints previously added by netlink:
> the value of addr.id should always match and the timer should always
> be stopped.
>
> However, I also don't feel 100% safe - because 'entry' is freed by
> remove_anno_list_by_saddr() and the value of 'address.id' is never checked
> in addresses_equal(). Maybe it's safer to do soemething like:
>
> 347 struct mptcp_pm_add_entry *
> 348 mptcp_pm_del_add_timer(struct mptcp_sock *msk,
> 349 struct mptcp_addr_info *addr, bool strict)
> 350 {
> 351 struct mptcp_pm_add_entry *entry;
> 352 struct sock *sk = (struct sock *)msk;
> 353
> 354 spin_lock_bh(&msk->pm.lock);
> 355 entry = mptcp_lookup_anno_list_by_saddr(msk, addr);
> 356 if (entry && strict && entry->addr.id == addr->id)
> 357 entry->retrans_times = ADD_ADDR_RETRANS_MAX;
> 358 spin_unlock_bh(&msk->pm.lock);
> 359
> 360 if (entry && strict && entry->addr.id == addr->id)
> 361 sk_stop_timer_sync(sk, &entry->add_timer);
> 362
> 363 return entry;
> 364 }
>
>
> so that mptcp_pm_del_add_timer(..., true) is called only in the receive
> path of echo-ed ADD_ADDR. WDYT?
>
I think that's the right general direction, but (entry && (!strict ||
entry->addr.id == addr->id)) is the logic needed for the !strict callers
to work like before.
--
Mat Martineau
Intel
next prev parent reply other threads:[~2021-05-14 18:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-11 17:46 [PATCH net] mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer Davide Caratti
2021-05-11 22:39 ` Mat Martineau
2021-05-14 9:13 ` Davide Caratti
2021-05-14 18:41 ` Mat Martineau [this message]
2021-05-18 17:36 Davide Caratti
2021-05-18 23:06 ` Mat Martineau
2021-05-20 18:39 ` Matthieu Baerts
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=543af854-5578-b9d1-d3b4-1a9cc19da4a@linux.intel.com \
--to=mathew.j.martineau@linux.intel.com \
--cc=dcaratti@redhat.com \
--cc=geliangtang@gmail.com \
--cc=matthieu.baerts@tessares.net \
--cc=mptcp@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.