iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Wang Yufen 168ff181f5 bpf, sockmap: Fix more uncharged while msg has more_data 
[ Upstream commit 84472b436e760ba439e1969a9e3c5ae7c86de39d ]

In tcp_bpf_send_verdict(), if msg has more data after
tcp_bpf_sendmsg_redir():

tcp_bpf_send_verdict()
 tosend = msg->sg.size  //msg->sg.size = 22220
 case __SK_REDIRECT:
  sk_msg_return()  //uncharged msg->sg.size(22220) sk->sk_forward_alloc
  tcp_bpf_sendmsg_redir() //after tcp_bpf_sendmsg_redir, msg->sg.size=11000
 goto more_data;
 tosend = msg->sg.size  //msg->sg.size = 11000
 case __SK_REDIRECT:
  sk_msg_return()  //uncharged msg->sg.size(11000) to sk->sk_forward_alloc

The msg->sg.size(11000) has been uncharged twice, to fix we can charge the
remaining msg->sg.size before goto more data.

This issue can cause the following info:
WARNING: CPU: 0 PID: 9860 at net/core/stream.c:208 sk_stream_kill_queues+0xd4/0x1a0
Call Trace:
 <TASK>
 inet_csk_destroy_sock+0x55/0x110
 __tcp_close+0x279/0x470
 tcp_close+0x1f/0x60
 inet_release+0x3f/0x80
 __sock_release+0x3d/0xb0
 sock_close+0x11/0x20
 __fput+0x92/0x250
 task_work_run+0x6a/0xa0
 do_exit+0x33b/0xb60
 do_group_exit+0x2f/0xa0
 get_signal+0xb6/0x950
 arch_do_signal_or_restart+0xac/0x2a0
 ? vfs_write+0x237/0x290
 exit_to_user_mode_prepare+0xa9/0x200
 syscall_exit_to_user_mode+0x12/0x30
 do_syscall_64+0x46/0x80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
 </TASK>

WARNING: CPU: 0 PID: 2136 at net/ipv4/af_inet.c:155 inet_sock_destruct+0x13c/0x260
Call Trace:
 <TASK>
 __sk_destruct+0x24/0x1f0
 sk_psock_destroy+0x19b/0x1c0
 process_one_work+0x1b3/0x3c0
 worker_thread+0x30/0x350
 ? process_one_work+0x3c0/0x3c0
 kthread+0xe6/0x110
 ? kthread_complete_and_exit+0x20/0x20
 ret_from_fork+0x22/0x30
 </TASK>

Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20220304081145.2037182-4-wangyufen@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-04-08 14:23:40 +02:00
..
6lowpan
6lowpan: iphc: Fix an off-by-one check of array index
2021-07-22 16:19:03 +02:00
9p
xen/9p: use alloc/free_pages_exact()
2022-03-11 12:22:36 +01:00
802
net: 802: remove dead leftover after ipx driver removal
2021-08-13 16:30:35 -07:00
8021q
net: vlan: fix underflow for the real_dev refcnt
2021-12-01 09:04:53 +01:00
appletalk
net: socket: rework compat_ifreq_ioctl()
2021-07-23 14:20:25 +01:00
atm
atm: Use list_for_each_entry() to simplify code in resources.c
2021-06-10 14:08:09 -07:00
ax25
ax25: Fix NULL pointer dereference in ax25_kill_by_device
2022-03-16 14:23:38 +01:00
batman-adv
batman-adv: Don't expect inter-netns unique iflink indices
2022-03-08 19:12:45 +01:00
bluetooth
Bluetooth: hci_core: Fix leaking sent_cmd skb
2022-03-19 13:47:48 +01:00
bpf
bpf, test, cgroup: Use sk_{alloc,free} for test cases
2021-09-28 09:29:28 +02:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-06-25 13:13:50 +02:00
bridge
net: bridge: multicast: notify switchdev driver whenever MC processing gets disabled
2022-02-23 12:03:13 +01:00
caif
net-caif: avoid user-triggerable WARN_ON(1)
2021-09-14 12:51:15 +01:00
can
net-timestamp: convert sk->sk_tskey to atomic_t
2022-03-02 11:48:01 +01:00
ceph
Networking changes for 5.14.
2021-06-30 15:51:09 -07:00
core
bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
2022-04-08 14:23:40 +02:00
dcb
net: dcb: disable softirqs in dcbnl_flush_dev()
2022-03-08 19:12:52 +01:00
dccp
tcp: switch orphan_count to bare per-cpu counters
2021-11-18 19:16:33 +01:00
decnet
net: Remove redundant if statements
2021-08-05 13:27:50 +01:00
dns_resolver
dsa
net: dsa: Add missing of_node_put() in dsa_port_parse_of
2022-03-23 09:16:42 +01:00
ethernet
move netdev_boot_setup into Space.c
2021-08-03 13:05:26 +01:00
ethtool
ethtool: do not perform operations on net devices being unregistered
2021-12-14 10:57:09 +01:00
hsr
net: hsr: don't check sequence number if tag removal is offloaded
2021-06-16 12:13:01 -07:00
ieee802154
net: ieee802154: Return meaningful error codes from the netlink helpers
2022-02-08 18:34:09 +01:00
ife
ipv4
bpf, sockmap: Fix more uncharged while msg has more_data
2022-04-08 14:23:40 +02:00
ipv6
xfrm: fix tunnel model fragmentation behavior
2022-04-08 14:22:46 +02:00
iucv
net/iucv: Replace deprecated CPU-hotplug functions.
2021-08-09 10:13:32 +01:00
kcm
net: sock: introduce sk_error_report
2021-06-29 11:28:21 -07:00
key
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
2022-04-08 14:22:47 +02:00
l2tp
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
2021-09-09 11:00:20 +01:00
l3mdev
lapb
net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c
2021-06-08 16:31:25 -07:00
llc
llc: only change llc->dev when bind() succeeds
2022-03-28 09:58:46 +02:00
mac80211
mac80211: limit bandwidth in HE capabilities
2022-04-08 14:23:28 +02:00
mac802154
ieee802154: Remove redundant initialization of variable ret
2021-09-07 14:06:08 +01:00
mctp
mctp: Don't let RTM_DELROUTE delete local routes
2021-12-08 09:04:53 +01:00
mpls
net: mpls: Fix notifications when deleting a device
2021-12-08 09:04:47 +01:00
mptcp
mptcp: Correctly set DATA_FIN timeout when number of retransmits is large
2022-03-08 19:12:48 +01:00
ncsi
net/ncsi: check for error return from call to nla_put_u32
2022-01-05 12:42:37 +01:00
netfilter
netfilter: nf_tables: validate registers coming from userspace.
2022-03-28 09:58:44 +02:00
netlabel
net: fix NULL pointer reference in cipso_v4_doi_free
2021-08-30 12:23:18 +01:00
netlink
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
2021-12-17 10:30:15 +01:00
netrom
netrom: fix api breakage in nr_setsockopt()
2022-01-27 11:04:00 +01:00
nfc
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
2022-01-27 11:02:48 +01:00
nsh
openvswitch
openvswitch: Fix setting ipv6 fields causing hw csum failure
2022-03-02 11:47:57 +01:00
packet
net/packet: fix slab-out-of-bounds access in packet_recvmsg()
2022-03-23 09:16:41 +01:00
phonet
phonet: refcount leak in pep_sock_accep
2022-01-11 15:35:16 +01:00
psample
qrtr
net: qrtr: revert check in qrtr_endpoint_post()
2021-09-02 11:37:02 +01:00
rds
rds: memory leak in __rds_conn_create()
2021-12-22 09:32:42 +01:00
rfkill
rfkill: make new event layout opt-in
2022-04-08 14:23:00 +02:00
rose
rxrpc
rxrpc: Adjust retransmission backoff
2022-02-01 17:27:11 +01:00
sched
net/sched: act_ct: Fix flow table lookup after ct clear or switching zones
2022-03-02 11:47:57 +01:00
sctp
sctp: fix kernel-infoleak for SCTP sockets
2022-03-16 14:23:39 +01:00
smc
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
2022-03-08 19:12:45 +01:00
strparser
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
2021-11-18 19:17:11 +01:00
sunrpc
SUNRPC: avoid race between mod_timer() and del_timer_sync()
2022-04-08 14:22:52 +02:00
switchdev
net: make switchdev_bridge_port_{,unoffload} loosely coupled with the bridge
2021-08-04 12:35:07 +01:00
tipc
tipc: fix incorrect order of state message data sanity check
2022-03-16 14:23:38 +01:00
tls
net/tls: Fix authentication failure in CCM mode
2021-12-08 09:04:41 +01:00
unix
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
2022-01-27 11:05:30 +01:00
vmw_vsock
vsock: each transport cycles only on its own sockets
2022-03-23 09:16:41 +01:00
wireless
nl80211: Update bss channel on channel switch for P2P_CLIENT
2022-03-19 13:47:49 +01:00
x25
net: x25: Use list_for_each_entry() to simplify code in x25_route.c
2021-06-10 14:08:09 -07:00
xdp
xsk: Fix race at socket teardown
2022-04-08 14:23:36 +02:00
xfrm
xfrm: fix tunnel model fragmentation behavior
2022-04-08 14:22:46 +02:00
compat.c
net: Return the correct errno code
2021-06-03 15:13:56 -07:00
devres.c
net: devres: Correct a grammatical error
2021-06-11 12:55:28 -07:00
Kconfig
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
Makefile
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
socket.c
net: fix SOF_TIMESTAMPING_BIND_PHC to work with multiple sockets
2022-01-27 11:03:52 +01:00
sysctl_net.c