From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3078C49EB7 for ; Mon, 28 Jun 2021 16:24:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AC43261883 for ; Mon, 28 Jun 2021 16:24:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233775AbhF1Q1K (ORCPT ); Mon, 28 Jun 2021 12:27:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233189AbhF1Q1H (ORCPT ); Mon, 28 Jun 2021 12:27:07 -0400 Received: from mail-vk1-xa35.google.com (mail-vk1-xa35.google.com [IPv6:2607:f8b0:4864:20::a35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E1B2C061760 for ; Mon, 28 Jun 2021 09:24:41 -0700 (PDT) Received: by mail-vk1-xa35.google.com with SMTP id d7so4074735vkf.2 for ; Mon, 28 Jun 2021 09:24:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RpJ7w32iGqwOk/oM/d0ecaefQixseDwgEeakcU32Bpk=; b=J5VVzZnCPxO4E4iVGvXs0S0FNIqPMIYqCPljwFsfMFBLSG5Xf/XsoDBBgz7XgOAHmm vj7AoYTLWtcJtxnNJHMOS4ONGe4/xLbiLzUhOqtIS+2VZ8TjR/p4Jp/sjGyshvcYALQV jiVsg2puI6vff5H82ZCHshluIz/QfrLLq8Q1ODcK2NxRkPvQDq4NlK8sQLRWj/URdKEZ ZLO4SE0JpCoP3lPkkachFV5wjB0I/V2WtBgJTHN8spUvLb5bKq89e41L9bsmNvmMK9vp dTyECvKDxu/nb0CWQCyyvTe4MPcCoERzBGkhHsCI7FYD+dGi9i2beYvViJ6+e6YeCT47 NvBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RpJ7w32iGqwOk/oM/d0ecaefQixseDwgEeakcU32Bpk=; b=gd69woBSosbnR65OkOoXJt+MfANW4kmVc9HvmS4lxJZQ0WK2CgbABagGS0dhsyy5O5 0MmoCC/WFJshPeh/uRPOWMXRQVQO+wanbnHveD4Y7kbYwC/4l7zTEZH8F2E1Kr5OGWIH jc0jf0dvqXrxQNRAecva5Gxv+HOsTQezrQ0O/ljUHDJFD6CK9vZLxk2FJADf5U3JwSlE 6uDFPfq7szf5iww+5U82gD0vr86L8wuwwOlXhgq7KoyMQbhe9tHByd8un4ic+0QyrHiN 05v5Da/MGJKi2YBBrMhzZOtf7O/6nqM2YfsReg81ym0M3MPfeqIz1Mwl3kYF/dmSHreo VZeQ== X-Gm-Message-State: AOAM533Vj+XymO5wiR8yeOaHAyppqvw89uhDFccjqW6xvtO2rbsfTbRb wPu7oBvGxxX1ANjRburyp7+wvF65qitLTH2ddAv7Ew== X-Google-Smtp-Source: ABdhPJw91nOsdpuFZV/dLpAyCemkIwoeS+zWUP869PzyBrf5GyGV7tXMqGOVFz318/U7RCY6IgxhF5tRCxgIjbMCSos= X-Received: by 2002:a1f:280e:: with SMTP id o14mr17539002vko.19.1624897480401; Mon, 28 Jun 2021 09:24:40 -0700 (PDT) MIME-Version: 1.0 References: <20210628144908.881499-1-phind.uet@gmail.com> <79490158-e6d1-aabf-64aa-154b71205c74@gmail.com> In-Reply-To: <79490158-e6d1-aabf-64aa-154b71205c74@gmail.com> From: Neal Cardwell Date: Mon, 28 Jun 2021 12:24:19 -0400 Message-ID: Subject: Re: [PATCH] tcp: Do not reset the icsk_ca_initialized in tcp_init_transfer. To: Phi Nguyen Cc: Eric Dumazet , David Miller , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , John Fastabend , kpsingh@kernel.org, netdev , LKML , bpf , linux-kernel-mentees@lists.linuxfoundation.org, syzbot+f1e24a0594d4e3a895d3@syzkaller.appspotmail.com, Yuchung Cheng Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 28, 2021 at 12:18 PM Phi Nguyen wrote: > > On 6/28/2021 10:52 PM, Eric Dumazet wrote: > > > Unfortunately this patch might break things. > > > > We keep changing this CC switching, with eBPF being mixed in the equation. > > > > I would suggest you find a Fixes: tag first, so that we can continue > > the discussion. > > > > Thank you. > > Thank for your feedback. I will resubmit it with a Fixes tag. > > Regard. Thanks. Can you also please provide a summary of the event sequence that triggers the bug? Based on your Reported-by tag, I guess this is based on the syzbot reproducer: https://groups.google.com/g/syzkaller-bugs/c/VbHoSsBz0hk/m/cOxOoTgPCAAJ but perhaps you can give a summary of the event sequence that causes the bug? Is it that the call: setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4) initializes the CC and happens before the connection is established, and then when the connection is established, the line that sets: icsk->icsk_ca_initialized = 0; is incorrect, causing the CC to be initialized again without first calling the cleanup code that deallocates the CDG-allocated memory? thanks, neal From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.5 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 77416C2B9F4 for ; Mon, 28 Jun 2021 16:24:45 +0000 (UTC) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 017C561455 for ; Mon, 28 Jun 2021 16:24:44 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 017C561455 Authentication-Results: mail.kernel.org; dmarc=pass (p=none dis=none) header.from=lists.linuxfoundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-kernel-mentees-bounces@lists.linuxfoundation.org Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id BD71E40294; Mon, 28 Jun 2021 16:24:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7vyVNsHJuj3J; Mon, 28 Jun 2021 16:24:43 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id AD12A4027F; Mon, 28 Jun 2021 16:24:43 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 801E2C001A; Mon, 28 Jun 2021 16:24:43 +0000 (UTC) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id BEC48C000E for ; Mon, 28 Jun 2021 16:24:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id AD14E827AA for ; Mon, 28 Jun 2021 16:24:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ftix7YNywCB1 for ; Mon, 28 Jun 2021 16:24:42 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-vk1-xa2a.google.com (mail-vk1-xa2a.google.com [IPv6:2607:f8b0:4864:20::a2a]) by smtp1.osuosl.org (Postfix) with ESMTPS id DD9D681B01 for ; Mon, 28 Jun 2021 16:24:41 +0000 (UTC) Received: by mail-vk1-xa2a.google.com with SMTP id ay19so4056626vkb.9 for ; Mon, 28 Jun 2021 09:24:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RpJ7w32iGqwOk/oM/d0ecaefQixseDwgEeakcU32Bpk=; b=J5VVzZnCPxO4E4iVGvXs0S0FNIqPMIYqCPljwFsfMFBLSG5Xf/XsoDBBgz7XgOAHmm vj7AoYTLWtcJtxnNJHMOS4ONGe4/xLbiLzUhOqtIS+2VZ8TjR/p4Jp/sjGyshvcYALQV jiVsg2puI6vff5H82ZCHshluIz/QfrLLq8Q1ODcK2NxRkPvQDq4NlK8sQLRWj/URdKEZ ZLO4SE0JpCoP3lPkkachFV5wjB0I/V2WtBgJTHN8spUvLb5bKq89e41L9bsmNvmMK9vp dTyECvKDxu/nb0CWQCyyvTe4MPcCoERzBGkhHsCI7FYD+dGi9i2beYvViJ6+e6YeCT47 NvBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RpJ7w32iGqwOk/oM/d0ecaefQixseDwgEeakcU32Bpk=; b=Ufx1LLwAfhDlcYpj8lvIo7IU3ytdScjcfMlfLMQR0MtCLABPNkzmn6P6UmRkpeYNh7 h8vDtKFse5pdbQ9eBkBzjtGTtW3nPALI+8EBxPfcCV0LX6In42mudLsTg5cOqpCt/XK0 UCy4Ke1yPnjWARAmrAV7W9d4Vs1H4bu2sazRor8r8t7MaaXSFE/HEcrEACuT/aCFcWvf cJ3QP81gNOi1cJXTfJ8khTTiZ6RG9DoJVP8GJVpXnV6ncAYFON0SKGPwVcfscorXkKV5 9fPotScepPu2g14O/ZzDdfeIoDJADpwVmMPlYgOB1hTJeGz1Cs6JVBuK4bhbFX+vr/8Z tesw== X-Gm-Message-State: AOAM531QvOsikh2dCGVZgMJacjxhntVeZlYDjN3038OSWMu1be1JUInE Pb/VPKooAh3ogcQksNXsguplbuiz7ri8fNFHgbVYug== X-Google-Smtp-Source: ABdhPJw91nOsdpuFZV/dLpAyCemkIwoeS+zWUP869PzyBrf5GyGV7tXMqGOVFz318/U7RCY6IgxhF5tRCxgIjbMCSos= X-Received: by 2002:a1f:280e:: with SMTP id o14mr17539002vko.19.1624897480401; Mon, 28 Jun 2021 09:24:40 -0700 (PDT) MIME-Version: 1.0 References: <20210628144908.881499-1-phind.uet@gmail.com> <79490158-e6d1-aabf-64aa-154b71205c74@gmail.com> In-Reply-To: <79490158-e6d1-aabf-64aa-154b71205c74@gmail.com> Date: Mon, 28 Jun 2021 12:24:19 -0400 Message-ID: Subject: Re: [PATCH] tcp: Do not reset the icsk_ca_initialized in tcp_init_transfer. To: Phi Nguyen Cc: Song Liu , Martin KaFai Lau , syzbot+f1e24a0594d4e3a895d3@syzkaller.appspotmail.com, Daniel Borkmann , Hideaki YOSHIFUJI , netdev , David Ahern , John Fastabend , Alexei Starovoitov , Andrii Nakryiko , Eric Dumazet , Yuchung Cheng , kpsingh@kernel.org, Jakub Kicinski , bpf , linux-kernel-mentees@lists.linuxfoundation.org, David Miller , LKML X-BeenThere: linux-kernel-mentees@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Neal Cardwell via Linux-kernel-mentees Reply-To: Neal Cardwell Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-kernel-mentees-bounces@lists.linuxfoundation.org Sender: "Linux-kernel-mentees" On Mon, Jun 28, 2021 at 12:18 PM Phi Nguyen wrote: > > On 6/28/2021 10:52 PM, Eric Dumazet wrote: > > > Unfortunately this patch might break things. > > > > We keep changing this CC switching, with eBPF being mixed in the equation. > > > > I would suggest you find a Fixes: tag first, so that we can continue > > the discussion. > > > > Thank you. > > Thank for your feedback. I will resubmit it with a Fixes tag. > > Regard. Thanks. Can you also please provide a summary of the event sequence that triggers the bug? Based on your Reported-by tag, I guess this is based on the syzbot reproducer: https://groups.google.com/g/syzkaller-bugs/c/VbHoSsBz0hk/m/cOxOoTgPCAAJ but perhaps you can give a summary of the event sequence that causes the bug? Is it that the call: setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4) initializes the CC and happens before the connection is established, and then when the connection is established, the line that sets: icsk->icsk_ca_initialized = 0; is incorrect, causing the CC to be initialized again without first calling the cleanup code that deallocates the CDG-allocated memory? thanks, neal _______________________________________________ Linux-kernel-mentees mailing list Linux-kernel-mentees@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees