* [PATCH net 0/2] mptcp: mptcp: fix deadlock in mptcp{,6}_release
@ 2021-04-01 16:57 Paolo Abeni
2021-04-01 16:57 ` [PATCH net 1/2] mptcp: forbit mcast-related sockopt on MPTCP sockets Paolo Abeni
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Paolo Abeni @ 2021-04-01 16:57 UTC (permalink / raw)
To: netdev; +Cc: mptcp, David S. Miller, Jakub Kicinski
syzkaller has reported a few deadlock triggered by
mptcp{,6}_release.
These patches address the issue in the easy way - blocking
the relevant, multicast related, sockopt options on MPTCP
sockets.
Note that later on net-next we are going to revert patch 1/2,
as a part of a larger MPTCP sockopt implementation refactor
Paolo Abeni (2):
mptcp: forbit mcast-related sockopt on MPTCP sockets
mptcp: revert "mptcp: provide subflow aware release function"
net/mptcp/protocol.c | 100 ++++++++++++++++++++-----------------------
1 file changed, 47 insertions(+), 53 deletions(-)
--
2.26.2
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH net 1/2] mptcp: forbit mcast-related sockopt on MPTCP sockets
2021-04-01 16:57 [PATCH net 0/2] mptcp: mptcp: fix deadlock in mptcp{,6}_release Paolo Abeni
@ 2021-04-01 16:57 ` Paolo Abeni
2021-04-01 19:40 ` Mat Martineau
2021-04-01 16:57 ` [PATCH net 2/2] mptcp: revert "mptcp: provide subflow aware release function" Paolo Abeni
2021-04-01 23:10 ` [PATCH net 0/2] mptcp: mptcp: fix deadlock in mptcp{,6}_release patchwork-bot+netdevbpf
2 siblings, 1 reply; 9+ messages in thread
From: Paolo Abeni @ 2021-04-01 16:57 UTC (permalink / raw)
To: netdev; +Cc: mptcp, David S. Miller, Jakub Kicinski
Unrolling mcast state at msk dismantel time is bug prone, as
syzkaller reported:
======================================================
WARNING: possible circular locking dependency detected
5.11.0-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor905/8822 is trying to acquire lock:
ffffffff8d678fe8 (rtnl_mutex){+.+.}-{3:3}, at: ipv6_sock_mc_close+0xd7/0x110 net/ipv6/mcast.c:323
but task is already holding lock:
ffff888024390120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1600 [inline]
ffff888024390120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: mptcp6_release+0x57/0x130 net/mptcp/protocol.c:3507
which lock already depends on the new lock.
Instead we can simply forbit any mcast-related setsockopt
Fixes: 717e79c867ca5 ("mptcp: Add setsockopt()/getsockopt() socket operations")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
net/mptcp/protocol.c | 45 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 1590b9d4cde2..e06cea0a3c54 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2878,6 +2878,48 @@ static int mptcp_setsockopt_v6(struct mptcp_sock *msk, int optname,
return ret;
}
+static bool mptcp_unsupported(int level, int optname)
+{
+ if (level == SOL_IP) {
+ switch (optname) {
+ case IP_ADD_MEMBERSHIP:
+ case IP_ADD_SOURCE_MEMBERSHIP:
+ case IP_DROP_MEMBERSHIP:
+ case IP_DROP_SOURCE_MEMBERSHIP:
+ case IP_BLOCK_SOURCE:
+ case IP_UNBLOCK_SOURCE:
+ case MCAST_JOIN_GROUP:
+ case MCAST_LEAVE_GROUP:
+ case MCAST_JOIN_SOURCE_GROUP:
+ case MCAST_LEAVE_SOURCE_GROUP:
+ case MCAST_BLOCK_SOURCE:
+ case MCAST_UNBLOCK_SOURCE:
+ case MCAST_MSFILTER:
+ return true;
+ }
+ return false;
+ }
+ if (level == SOL_IPV6) {
+ switch (optname) {
+ case IPV6_ADDRFORM:
+ case IPV6_ADD_MEMBERSHIP:
+ case IPV6_DROP_MEMBERSHIP:
+ case IPV6_JOIN_ANYCAST:
+ case IPV6_LEAVE_ANYCAST:
+ case MCAST_JOIN_GROUP:
+ case MCAST_LEAVE_GROUP:
+ case MCAST_JOIN_SOURCE_GROUP:
+ case MCAST_LEAVE_SOURCE_GROUP:
+ case MCAST_BLOCK_SOURCE:
+ case MCAST_UNBLOCK_SOURCE:
+ case MCAST_MSFILTER:
+ return true;
+ }
+ return false;
+ }
+ return false;
+}
+
static int mptcp_setsockopt(struct sock *sk, int level, int optname,
sockptr_t optval, unsigned int optlen)
{
@@ -2886,6 +2928,9 @@ static int mptcp_setsockopt(struct sock *sk, int level, int optname,
pr_debug("msk=%p", msk);
+ if (mptcp_unsupported(level, optname))
+ return -ENOPROTOOPT;
+
if (level == SOL_SOCKET)
return mptcp_setsockopt_sol_socket(msk, optname, optval, optlen);
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH net 2/2] mptcp: revert "mptcp: provide subflow aware release function"
2021-04-01 16:57 [PATCH net 0/2] mptcp: mptcp: fix deadlock in mptcp{,6}_release Paolo Abeni
2021-04-01 16:57 ` [PATCH net 1/2] mptcp: forbit mcast-related sockopt on MPTCP sockets Paolo Abeni
@ 2021-04-01 16:57 ` Paolo Abeni
2021-04-01 17:20 ` Florian Westphal
2021-04-01 19:41 ` Mat Martineau
2021-04-01 23:10 ` [PATCH net 0/2] mptcp: mptcp: fix deadlock in mptcp{,6}_release patchwork-bot+netdevbpf
2 siblings, 2 replies; 9+ messages in thread
From: Paolo Abeni @ 2021-04-01 16:57 UTC (permalink / raw)
To: netdev; +Cc: mptcp, David S. Miller, Jakub Kicinski
This change reverts commit ad98dd37051e ("mptcp: provide subflow aware
release function"). The latter introduced a deadlock spotted by
syzkaller and is not needed anymore after the previous commit.
Fixes: ad98dd37051e ("mptcp: provide subflow aware release function")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
net/mptcp/protocol.c | 55 ++------------------------------------------
1 file changed, 2 insertions(+), 53 deletions(-)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index e06cea0a3c54..4bde960e19dc 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -11,7 +11,6 @@
#include <linux/netdevice.h>
#include <linux/sched/signal.h>
#include <linux/atomic.h>
-#include <linux/igmp.h>
#include <net/sock.h>
#include <net/inet_common.h>
#include <net/inet_hashtables.h>
@@ -20,7 +19,6 @@
#include <net/tcp_states.h>
#if IS_ENABLED(CONFIG_MPTCP_IPV6)
#include <net/transp_v6.h>
-#include <net/addrconf.h>
#endif
#include <net/mptcp.h>
#include <net/xfrm.h>
@@ -3464,34 +3462,10 @@ static __poll_t mptcp_poll(struct file *file, struct socket *sock,
return mask;
}
-static int mptcp_release(struct socket *sock)
-{
- struct mptcp_subflow_context *subflow;
- struct sock *sk = sock->sk;
- struct mptcp_sock *msk;
-
- if (!sk)
- return 0;
-
- lock_sock(sk);
-
- msk = mptcp_sk(sk);
-
- mptcp_for_each_subflow(msk, subflow) {
- struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
-
- ip_mc_drop_socket(ssk);
- }
-
- release_sock(sk);
-
- return inet_release(sock);
-}
-
static const struct proto_ops mptcp_stream_ops = {
.family = PF_INET,
.owner = THIS_MODULE,
- .release = mptcp_release,
+ .release = inet_release,
.bind = mptcp_bind,
.connect = mptcp_stream_connect,
.socketpair = sock_no_socketpair,
@@ -3583,35 +3557,10 @@ void __init mptcp_proto_init(void)
}
#if IS_ENABLED(CONFIG_MPTCP_IPV6)
-static int mptcp6_release(struct socket *sock)
-{
- struct mptcp_subflow_context *subflow;
- struct mptcp_sock *msk;
- struct sock *sk = sock->sk;
-
- if (!sk)
- return 0;
-
- lock_sock(sk);
-
- msk = mptcp_sk(sk);
-
- mptcp_for_each_subflow(msk, subflow) {
- struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
-
- ip_mc_drop_socket(ssk);
- ipv6_sock_mc_close(ssk);
- ipv6_sock_ac_close(ssk);
- }
-
- release_sock(sk);
- return inet6_release(sock);
-}
-
static const struct proto_ops mptcp_v6_stream_ops = {
.family = PF_INET6,
.owner = THIS_MODULE,
- .release = mptcp6_release,
+ .release = inet6_release,
.bind = mptcp_bind,
.connect = mptcp_stream_connect,
.socketpair = sock_no_socketpair,
--
2.26.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH net 2/2] mptcp: revert "mptcp: provide subflow aware release function"
2021-04-01 16:57 ` [PATCH net 2/2] mptcp: revert "mptcp: provide subflow aware release function" Paolo Abeni
@ 2021-04-01 17:20 ` Florian Westphal
2021-04-01 19:41 ` Mat Martineau
1 sibling, 0 replies; 9+ messages in thread
From: Florian Westphal @ 2021-04-01 17:20 UTC (permalink / raw)
To: Paolo Abeni; +Cc: netdev, mptcp, David S. Miller, Jakub Kicinski
Paolo Abeni <pabeni@redhat.com> wrote:
> This change reverts commit ad98dd37051e ("mptcp: provide subflow aware
> release function"). The latter introduced a deadlock spotted by
> syzkaller and is not needed anymore after the previous commit.
>
> Fixes: ad98dd37051e ("mptcp: provide subflow aware release function")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Paolo, thanks for passing this to -net.
Acked-by: Florian Westphal <fw@strlen.de>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net 1/2] mptcp: forbit mcast-related sockopt on MPTCP sockets
2021-04-01 16:57 ` [PATCH net 1/2] mptcp: forbit mcast-related sockopt on MPTCP sockets Paolo Abeni
@ 2021-04-01 19:40 ` Mat Martineau
0 siblings, 0 replies; 9+ messages in thread
From: Mat Martineau @ 2021-04-01 19:40 UTC (permalink / raw)
To: Paolo Abeni; +Cc: netdev, mptcp, David S. Miller, Jakub Kicinski
On Thu, 1 Apr 2021, Paolo Abeni wrote:
> Unrolling mcast state at msk dismantel time is bug prone, as
> syzkaller reported:
>
> ======================================================
> WARNING: possible circular locking dependency detected
> 5.11.0-syzkaller #0 Not tainted
> ------------------------------------------------------
> syz-executor905/8822 is trying to acquire lock:
> ffffffff8d678fe8 (rtnl_mutex){+.+.}-{3:3}, at: ipv6_sock_mc_close+0xd7/0x110 net/ipv6/mcast.c:323
>
> but task is already holding lock:
> ffff888024390120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1600 [inline]
> ffff888024390120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: mptcp6_release+0x57/0x130 net/mptcp/protocol.c:3507
>
> which lock already depends on the new lock.
>
> Instead we can simply forbit any mcast-related setsockopt
>
> Fixes: 717e79c867ca5 ("mptcp: Add setsockopt()/getsockopt() socket operations")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
> net/mptcp/protocol.c | 45 ++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 45 insertions(+)
>
Thanks Paolo.
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
--
Mat Martineau
Intel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net 1/2] mptcp: forbit mcast-related sockopt on MPTCP sockets
@ 2021-04-01 19:40 ` Mat Martineau
0 siblings, 0 replies; 9+ messages in thread
From: Mat Martineau @ 2021-04-01 19:40 UTC (permalink / raw)
To: Paolo Abeni; +Cc: netdev, mptcp, David S. Miller, Jakub Kicinski
On Thu, 1 Apr 2021, Paolo Abeni wrote:
> Unrolling mcast state at msk dismantel time is bug prone, as
> syzkaller reported:
>
> ======================================================
> WARNING: possible circular locking dependency detected
> 5.11.0-syzkaller #0 Not tainted
> ------------------------------------------------------
> syz-executor905/8822 is trying to acquire lock:
> ffffffff8d678fe8 (rtnl_mutex){+.+.}-{3:3}, at: ipv6_sock_mc_close+0xd7/0x110 net/ipv6/mcast.c:323
>
> but task is already holding lock:
> ffff888024390120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1600 [inline]
> ffff888024390120 (sk_lock-AF_INET6){+.+.}-{0:0}, at: mptcp6_release+0x57/0x130 net/mptcp/protocol.c:3507
>
> which lock already depends on the new lock.
>
> Instead we can simply forbit any mcast-related setsockopt
>
> Fixes: 717e79c867ca5 ("mptcp: Add setsockopt()/getsockopt() socket operations")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
> net/mptcp/protocol.c | 45 ++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 45 insertions(+)
>
Thanks Paolo.
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
--
Mat Martineau
Intel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net 2/2] mptcp: revert "mptcp: provide subflow aware release function"
2021-04-01 16:57 ` [PATCH net 2/2] mptcp: revert "mptcp: provide subflow aware release function" Paolo Abeni
@ 2021-04-01 19:41 ` Mat Martineau
2021-04-01 19:41 ` Mat Martineau
1 sibling, 0 replies; 9+ messages in thread
From: Mat Martineau @ 2021-04-01 19:41 UTC (permalink / raw)
To: Paolo Abeni; +Cc: netdev, mptcp, David S. Miller, Jakub Kicinski
On Thu, 1 Apr 2021, Paolo Abeni wrote:
> This change reverts commit ad98dd37051e ("mptcp: provide subflow aware
> release function"). The latter introduced a deadlock spotted by
> syzkaller and is not needed anymore after the previous commit.
>
> Fixes: ad98dd37051e ("mptcp: provide subflow aware release function")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
> net/mptcp/protocol.c | 55 ++------------------------------------------
> 1 file changed, 2 insertions(+), 53 deletions(-)
>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
--
Mat Martineau
Intel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net 2/2] mptcp: revert "mptcp: provide subflow aware release function"
@ 2021-04-01 19:41 ` Mat Martineau
0 siblings, 0 replies; 9+ messages in thread
From: Mat Martineau @ 2021-04-01 19:41 UTC (permalink / raw)
To: Paolo Abeni; +Cc: netdev, mptcp, David S. Miller, Jakub Kicinski
On Thu, 1 Apr 2021, Paolo Abeni wrote:
> This change reverts commit ad98dd37051e ("mptcp: provide subflow aware
> release function"). The latter introduced a deadlock spotted by
> syzkaller and is not needed anymore after the previous commit.
>
> Fixes: ad98dd37051e ("mptcp: provide subflow aware release function")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
> net/mptcp/protocol.c | 55 ++------------------------------------------
> 1 file changed, 2 insertions(+), 53 deletions(-)
>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
--
Mat Martineau
Intel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net 0/2] mptcp: mptcp: fix deadlock in mptcp{,6}_release
2021-04-01 16:57 [PATCH net 0/2] mptcp: mptcp: fix deadlock in mptcp{,6}_release Paolo Abeni
2021-04-01 16:57 ` [PATCH net 1/2] mptcp: forbit mcast-related sockopt on MPTCP sockets Paolo Abeni
2021-04-01 16:57 ` [PATCH net 2/2] mptcp: revert "mptcp: provide subflow aware release function" Paolo Abeni
@ 2021-04-01 23:10 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 9+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-04-01 23:10 UTC (permalink / raw)
To: Paolo Abeni; +Cc: netdev, mptcp, davem, kuba
Hello:
This series was applied to netdev/net.git (refs/heads/master):
On Thu, 1 Apr 2021 18:57:43 +0200 you wrote:
> syzkaller has reported a few deadlock triggered by
> mptcp{,6}_release.
>
> These patches address the issue in the easy way - blocking
> the relevant, multicast related, sockopt options on MPTCP
> sockets.
>
> [...]
Here is the summary with links:
- [net,1/2] mptcp: forbit mcast-related sockopt on MPTCP sockets
https://git.kernel.org/netdev/net/c/86581852d771
- [net,2/2] mptcp: revert "mptcp: provide subflow aware release function"
https://git.kernel.org/netdev/net/c/0a3cc57978d1
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-04-01 23:10 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-01 16:57 [PATCH net 0/2] mptcp: mptcp: fix deadlock in mptcp{,6}_release Paolo Abeni
2021-04-01 16:57 ` [PATCH net 1/2] mptcp: forbit mcast-related sockopt on MPTCP sockets Paolo Abeni
2021-04-01 19:40 ` Mat Martineau
2021-04-01 19:40 ` Mat Martineau
2021-04-01 16:57 ` [PATCH net 2/2] mptcp: revert "mptcp: provide subflow aware release function" Paolo Abeni
2021-04-01 17:20 ` Florian Westphal
2021-04-01 19:41 ` Mat Martineau
2021-04-01 19:41 ` Mat Martineau
2021-04-01 23:10 ` [PATCH net 0/2] mptcp: mptcp: fix deadlock in mptcp{,6}_release patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.