From patchwork Thu May 27 01:11:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 449381 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 373C2C4708A for ; Thu, 27 May 2021 01:12:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1C1CE61073 for ; Thu, 27 May 2021 01:12:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233896AbhE0BNp (ORCPT ); Wed, 26 May 2021 21:13:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37442 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233542AbhE0BNn (ORCPT ); Wed, 26 May 2021 21:13:43 -0400 Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F5FAC061760; Wed, 26 May 2021 18:12:11 -0700 (PDT) Received: by mail-pf1-x42b.google.com with SMTP id q67so2362099pfb.4; Wed, 26 May 2021 18:12:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=utSDi74JoxgeFkn6+VzF9KRMzUGip+skVUxRXuPWjX0=; b=QrwWXN6leUN80am0BQp/TyvsoiCpCD1dknvxAGfy57EGG7aF9MgpmBUUm7ZtGEg04w 7bW1jJVe8gzu7ZNeC8PulZ3e+9io57OtbHtRiEfbqYI57HTRp01Ww2hPYUL+QtROOdVO Wy0F+/wImGMlyn5T4I73CWPkPwFzpFmkq0LZmoUYCvki1tvWIJl0p7ysiDDT3nAZFIds DNlIP1ausNVtCi/vXcUy1MMp8/CdBkggC6c96+LL9UlnHjtXCGPRUgv9FLQDheBPbVst yHBisdm0I3hWamByb34z2zFzlv1Q5DRmIr50tuWePPqvxe2oC7D7blw7PowcrcmCUz6T AqtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=utSDi74JoxgeFkn6+VzF9KRMzUGip+skVUxRXuPWjX0=; b=SiezibwN+819AalAEPjZ9k6y/xlglJRR1mhUG6JCBQPoJ8U5WAcY4SSrZ1/yz60bO2 nybe+zvjmpTGBuB9A3+t8H6GEiydAbbS7lLVH8CJwxtGBzsKFs928jJzHqxvYnHpkJSj BB6l4J/bKFwY2KHLPjMdqnbxPt3o1f0qhsnStpJhhZFDZBP87YELbKppB/m1rM2JMXsq wfHczXXtdkWClCgAvw59jT8r8rBUzU+ZalPc0Rjx+QGMT2LXxJiG6w0g7HrjEDw9tNjR T2j7cIwSltGXrsT7sLi6Ho2f+3aoJ9NJbbA8GK7UFa4bFJ+Yr/PB4neotG6vrJgN37vm VFbg== X-Gm-Message-State: AOAM533MZYw9BFIJGc/ml8tr6cCP1mJ8H7nM2N48M/w5uGAu1VZBHwfs P/xe5SMW1+L58TDIhUH6UTj3sqZQD8lozQ== X-Google-Smtp-Source: ABdhPJzIcYbcBYOgc/+v9nf3pXY1EeZg/rwCU7LjafKkfsJWQWpRvmNSzOLEVHJrz/axPHTYQsvunQ== X-Received: by 2002:a05:6a00:c86:b029:2e9:3041:162f with SMTP id a6-20020a056a000c86b02902e93041162fmr1220413pfv.78.1622077930251; Wed, 26 May 2021 18:12:10 -0700 (PDT) Received: from unknown.attlocal.net ([2600:1700:65a0:ab60:991:63cd:5e03:9e3a]) by smtp.gmail.com with ESMTPSA id n21sm360282pfu.99.2021.05.26.18.12.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 May 2021 18:12:09 -0700 (PDT) From: Cong Wang To: netdev@vger.kernel.org Cc: bpf@vger.kernel.org, Cong Wang , John Fastabend , Daniel Borkmann , Jakub Sitnicki , Lorenz Bauer Subject: [Patch bpf v3 1/8] skmsg: improve udp_bpf_recvmsg() accuracy Date: Wed, 26 May 2021 18:11:48 -0700 Message-Id: <20210527011155.10097-2-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210527011155.10097-1-xiyou.wangcong@gmail.com> References: <20210527011155.10097-1-xiyou.wangcong@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Cong Wang I tried to reuse sk_msg_wait_data() for different protocols, but it turns out it can not be simply reused. For example, UDP actually uses two queues to receive skb: udp_sk(sk)->reader_queue and sk->sk_receive_queue. So we have to check both of them to know whether we have received any packet. Also, UDP does not lock the sock during BH Rx path, it makes no sense for its ->recvmsg() to lock the sock. It is always possible for ->recvmsg() to be called before packets actually arrive in the receive queue, we just use best effort to make it accurate here. Fixes: 1f5be6b3b063 ("udp: Implement udp_bpf_recvmsg() for sockmap") Cc: John Fastabend Cc: Daniel Borkmann Cc: Jakub Sitnicki Cc: Lorenz Bauer Signed-off-by: Cong Wang --- include/linux/skmsg.h | 2 -- net/core/skmsg.c | 23 --------------------- net/ipv4/tcp_bpf.c | 24 +++++++++++++++++++++- net/ipv4/udp_bpf.c | 47 ++++++++++++++++++++++++++++++++++++++----- 4 files changed, 65 insertions(+), 31 deletions(-) diff --git a/include/linux/skmsg.h b/include/linux/skmsg.h index aba0f0f429be..e3d080c299f6 100644 --- a/include/linux/skmsg.h +++ b/include/linux/skmsg.h @@ -126,8 +126,6 @@ int sk_msg_zerocopy_from_iter(struct sock *sk, struct iov_iter *from, struct sk_msg *msg, u32 bytes); int sk_msg_memcopy_from_iter(struct sock *sk, struct iov_iter *from, struct sk_msg *msg, u32 bytes); -int sk_msg_wait_data(struct sock *sk, struct sk_psock *psock, int flags, - long timeo, int *err); int sk_msg_recvmsg(struct sock *sk, struct sk_psock *psock, struct msghdr *msg, int len, int flags); diff --git a/net/core/skmsg.c b/net/core/skmsg.c index 43ce17a6a585..f9a81b314e4c 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -399,29 +399,6 @@ int sk_msg_memcopy_from_iter(struct sock *sk, struct iov_iter *from, } EXPORT_SYMBOL_GPL(sk_msg_memcopy_from_iter); -int sk_msg_wait_data(struct sock *sk, struct sk_psock *psock, int flags, - long timeo, int *err) -{ - DEFINE_WAIT_FUNC(wait, woken_wake_function); - int ret = 0; - - if (sk->sk_shutdown & RCV_SHUTDOWN) - return 1; - - if (!timeo) - return ret; - - add_wait_queue(sk_sleep(sk), &wait); - sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); - ret = sk_wait_event(sk, &timeo, - !list_empty(&psock->ingress_msg) || - !skb_queue_empty(&sk->sk_receive_queue), &wait); - sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); - remove_wait_queue(sk_sleep(sk), &wait); - return ret; -} -EXPORT_SYMBOL_GPL(sk_msg_wait_data); - /* Receive sk_msg from psock->ingress_msg to @msg. */ int sk_msg_recvmsg(struct sock *sk, struct sk_psock *psock, struct msghdr *msg, int len, int flags) diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index ad9d17923fc5..bb49b52d7be8 100644 --- a/net/ipv4/tcp_bpf.c +++ b/net/ipv4/tcp_bpf.c @@ -163,6 +163,28 @@ static bool tcp_bpf_stream_read(const struct sock *sk) return !empty; } +static int tcp_msg_wait_data(struct sock *sk, struct sk_psock *psock, int flags, + long timeo, int *err) +{ + DEFINE_WAIT_FUNC(wait, woken_wake_function); + int ret = 0; + + if (sk->sk_shutdown & RCV_SHUTDOWN) + return 1; + + if (!timeo) + return ret; + + add_wait_queue(sk_sleep(sk), &wait); + sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); + ret = sk_wait_event(sk, &timeo, + !list_empty(&psock->ingress_msg) || + !skb_queue_empty(&sk->sk_receive_queue), &wait); + sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); + remove_wait_queue(sk_sleep(sk), &wait); + return ret; +} + static int tcp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int nonblock, int flags, int *addr_len) { @@ -188,7 +210,7 @@ static int tcp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, long timeo; timeo = sock_rcvtimeo(sk, nonblock); - data = sk_msg_wait_data(sk, psock, flags, timeo, &err); + data = tcp_msg_wait_data(sk, psock, flags, timeo, &err); if (data) { if (!sk_psock_queue_empty(psock)) goto msg_bytes_ready; diff --git a/net/ipv4/udp_bpf.c b/net/ipv4/udp_bpf.c index 954c4591a6fd..565a70040c57 100644 --- a/net/ipv4/udp_bpf.c +++ b/net/ipv4/udp_bpf.c @@ -21,6 +21,45 @@ static int sk_udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, return udp_prot.recvmsg(sk, msg, len, noblock, flags, addr_len); } +static bool udp_sk_has_data(struct sock *sk) +{ + return !skb_queue_empty(&udp_sk(sk)->reader_queue) || + !skb_queue_empty(&sk->sk_receive_queue); +} + +static bool psock_has_data(struct sk_psock *psock) +{ + return !skb_queue_empty(&psock->ingress_skb) || + !sk_psock_queue_empty(psock); +} + +#define udp_msg_has_data(__sk, __psock) \ + ({ udp_sk_has_data(__sk) || psock_has_data(__psock); }) + +static int udp_msg_wait_data(struct sock *sk, struct sk_psock *psock, int flags, + long timeo, int *err) +{ + DEFINE_WAIT_FUNC(wait, woken_wake_function); + int ret = 0; + + if (sk->sk_shutdown & RCV_SHUTDOWN) + return 1; + + if (!timeo) + return ret; + + add_wait_queue(sk_sleep(sk), &wait); + sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); + ret = udp_msg_has_data(sk, psock); + if (!ret) { + wait_woken(&wait, TASK_INTERRUPTIBLE, timeo); + ret = udp_msg_has_data(sk, psock); + } + sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); + remove_wait_queue(sk_sleep(sk), &wait); + return ret; +} + static int udp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int nonblock, int flags, int *addr_len) { @@ -34,8 +73,7 @@ static int udp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, if (unlikely(!psock)) return sk_udp_recvmsg(sk, msg, len, nonblock, flags, addr_len); - lock_sock(sk); - if (sk_psock_queue_empty(psock)) { + if (!psock_has_data(psock)) { ret = sk_udp_recvmsg(sk, msg, len, nonblock, flags, addr_len); goto out; } @@ -47,9 +85,9 @@ static int udp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, long timeo; timeo = sock_rcvtimeo(sk, nonblock); - data = sk_msg_wait_data(sk, psock, flags, timeo, &err); + data = udp_msg_wait_data(sk, psock, flags, timeo, &err); if (data) { - if (!sk_psock_queue_empty(psock)) + if (psock_has_data(psock)) goto msg_bytes_ready; ret = sk_udp_recvmsg(sk, msg, len, nonblock, flags, addr_len); goto out; @@ -62,7 +100,6 @@ static int udp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, } ret = copied; out: - release_sock(sk); sk_psock_put(sk, psock); return ret; } From patchwork Thu May 27 01:11:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 449380 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70C63C47082 for ; Thu, 27 May 2021 01:12:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4FF4C61073 for ; Thu, 27 May 2021 01:12:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234288AbhE0BNu (ORCPT ); Wed, 26 May 2021 21:13:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233296AbhE0BNp (ORCPT ); Wed, 26 May 2021 21:13:45 -0400 Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF347C061760; Wed, 26 May 2021 18:12:12 -0700 (PDT) Received: by mail-pl1-x62d.google.com with SMTP id e15so1518284plh.1; Wed, 26 May 2021 18:12:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DV0T/Qr/nJx8jfvW3ukFjANC4TKgQt+cqMliLspYgy0=; b=k3X0lHH497gYWDV0e+6sSKNrtoS5++p6XlWfcpr+6fF0+CAwrgDKc3TPWyQQjW2AQB vjwsmheyOjYTxE5rHz0sw+moMJnIK2nAhGpeSdNOBUaFwmQE7dpS1XAZXX8jUI6AK3xc tJYMLfRIwwECBbxFOAUMlXQ5CV+1X9Fp88FhgOjC8eqFz1S6cNjlapQPNV0JFaKh1Hz5 IWcyrb4/2VzVzGNvcSt8Dkl3NGitSY6KL10P4KLUbJiQbE2pdSedK6vGw82+J/F5EzLX bDVTMVkN5iTt8txCUMDQ/iocJbDFVGiFikKrJEns86sB3ceLZmqszrFzOq5vkjQ5j6Zu XI8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DV0T/Qr/nJx8jfvW3ukFjANC4TKgQt+cqMliLspYgy0=; b=ER1FD6LcPFz7NHol6fDEBk5ztsYfoCREOH5aNQxyTwGSoSxOinfotm5YBH9QgcXLSc QOA7hXr4Nw6nyVmVLg/DILv2FcdGPiKUuedn9DVZ+NemGQTmHfUEjQq+nzgAv7XTvJv6 kPqTfMkSIu3tHaiZjdWoAV1mv9PgTIBA+ENjm8VtUEDXbZ/GFxWf6muIhYMs0Hx22poL llNKdoyrZjye7y5BzjDnQ7wfJEYUouW+Z3jlvXC6HE9JFbp5R9fYREMjNJ8rA3S5Oi6N G7UfaUTDnsWNXQME5lnu6jk68jp7DaB0o0GTpfJmKW1Ajy/hUtdYDzepxpR/XWkcYwFA 1x1Q== X-Gm-Message-State: AOAM532LUuFxPTOt1NcBj3nfyfBLp2rDTJtKIMLXMbP6smtaugAMOWJ7 BXvRSzaHbih3WRGwbixDbE9j4IGG2ShIlw== X-Google-Smtp-Source: ABdhPJwXkb/ZXaI5sM13aSy3fvwscGQdtQKfA+7RYcOpX9RN8r9NjXvirX+c3J+y9KosaR0jLnASIQ== X-Received: by 2002:a17:90a:d258:: with SMTP id o24mr6635398pjw.221.1622077932425; Wed, 26 May 2021 18:12:12 -0700 (PDT) Received: from unknown.attlocal.net ([2600:1700:65a0:ab60:991:63cd:5e03:9e3a]) by smtp.gmail.com with ESMTPSA id n21sm360282pfu.99.2021.05.26.18.12.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 May 2021 18:12:12 -0700 (PDT) From: Cong Wang To: netdev@vger.kernel.org Cc: bpf@vger.kernel.org, Cong Wang , John Fastabend , Daniel Borkmann , Jakub Sitnicki , Lorenz Bauer Subject: [Patch bpf v3 3/8] udp: fix a memory leak in udp_read_sock() Date: Wed, 26 May 2021 18:11:50 -0700 Message-Id: <20210527011155.10097-4-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210527011155.10097-1-xiyou.wangcong@gmail.com> References: <20210527011155.10097-1-xiyou.wangcong@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Cong Wang sk_psock_verdict_recv() clones the skb and uses the clone afterward, so udp_read_sock() should free the skb after using it, regardless of error or not. This fixes a real kmemleak. Fixes: d7f571188ecf ("udp: Implement ->read_sock() for sockmap") Cc: John Fastabend Cc: Daniel Borkmann Cc: Jakub Sitnicki Cc: Lorenz Bauer Signed-off-by: Cong Wang --- net/ipv4/udp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 15f5504adf5b..e31d67fd5183 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1798,11 +1798,13 @@ int udp_read_sock(struct sock *sk, read_descriptor_t *desc, if (used <= 0) { if (!copied) copied = used; + kfree_skb(skb); break; } else if (used <= skb->len) { copied += used; } + kfree_skb(skb); if (!desc->count) break; } From patchwork Thu May 27 01:11:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 449379 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A230C4708E for ; Thu, 27 May 2021 01:12:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6C02861073 for ; Thu, 27 May 2021 01:12:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234330AbhE0BOB (ORCPT ); Wed, 26 May 2021 21:14:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234199AbhE0BNs (ORCPT ); Wed, 26 May 2021 21:13:48 -0400 Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC7B4C061574; Wed, 26 May 2021 18:12:14 -0700 (PDT) Received: by mail-pl1-x62b.google.com with SMTP id z4so1501273plg.8; Wed, 26 May 2021 18:12:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Z52yKO5K3X5Hvoq0tYlNwZhMPzpoNySZf4mcZZAiaZU=; b=VkFGoGW+HNF3xnbCEfTSW1Xd+FuFp1LMRKFl2bSmH/y27SpETu0bgcJcZS9D90nmeR XUILyDZ8aTeqqLbZ2+BnlwRGdIzRfrPGwVNuU+unKU6Vb4OgU0pOY/PPOjSDpIsl73zh kAGjsnDsoYoL1YaGbQyt35gwtHpNITAK20NQZSf24e3aCPsgmTbb/N3fUPXPE5jO3yj5 kxU48ei9hVybuaQuUME2GxGCWeZ3YdTiCV7xIIXeS6v6iJdxcv5lmTwtqbgYU7KpRsHt 7794GuVII3vf3spjbig1olF63SWWZmgkAYBe37iDC1MClF/Bn6jKQkbq+XqK7OO7ubJJ e0kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Z52yKO5K3X5Hvoq0tYlNwZhMPzpoNySZf4mcZZAiaZU=; b=H3WE288Y0nJTDT7Wr7Oh0ua74qNdSdlLRu5ozTjXOq0vD+mRSAXlyvjSTH8kRXj2CE 2sRCr5LMYW8gbuU/oCbCVpPHldNiSXdypYjXyOH1tT9PjFZMhUPIb/BONxx7gQ04lcVw ZK5xCowTwQTgUXnTozV8D5ERpQLF7ZFRe7bxm5fu8YpXf8XBYv/or8BLbjjz6yA6IQ/W l4a0KkwAQlltkEIiRrV/y+I36CU3Wsi9W0NExGyedZcDvXynSAIgTT6dD30dxrwoi500 l4kjd0B/p8UAHpjWzzwsC8uN8teLL872eB9mPjm1Snu/Z59e7TaDWGKB0WW1NRgy2F65 wQGQ== X-Gm-Message-State: AOAM531eUze2/mINMk71dy99SPvkdVQquO1Ap0JOFP7LdiDVBD48yXio pRQKIn4ERd2QRJR+ST3AGe4iLqTa8l1ZXA== X-Google-Smtp-Source: ABdhPJx+klGNHlnCzqAuMGh7VsXng1IH5JKxWiy3YY7bqkxdF9NO7zQWg+ishuwE1ywfVaxa02W8pg== X-Received: by 2002:a17:90a:9511:: with SMTP id t17mr1027743pjo.108.1622077934323; Wed, 26 May 2021 18:12:14 -0700 (PDT) Received: from unknown.attlocal.net ([2600:1700:65a0:ab60:991:63cd:5e03:9e3a]) by smtp.gmail.com with ESMTPSA id n21sm360282pfu.99.2021.05.26.18.12.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 May 2021 18:12:14 -0700 (PDT) From: Cong Wang To: netdev@vger.kernel.org Cc: bpf@vger.kernel.org, Cong Wang , John Fastabend , Daniel Borkmann , Jakub Sitnicki , Lorenz Bauer Subject: [Patch bpf v3 5/8] skmsg: fix a memory leak in sk_psock_verdict_apply() Date: Wed, 26 May 2021 18:11:52 -0700 Message-Id: <20210527011155.10097-6-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210527011155.10097-1-xiyou.wangcong@gmail.com> References: <20210527011155.10097-1-xiyou.wangcong@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Cong Wang If the dest psock does not set SK_PSOCK_TX_ENABLED, the skb can't be queued anywhere so must be dropped. This one is found during code review. Fixes: 799aa7f98d53 ("skmsg: Avoid lock_sock() in sk_psock_backlog()") Cc: John Fastabend Cc: Daniel Borkmann Cc: Jakub Sitnicki Cc: Lorenz Bauer Signed-off-by: Cong Wang --- net/core/skmsg.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/core/skmsg.c b/net/core/skmsg.c index 4334720e2a04..5464477e2d3d 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -924,8 +924,13 @@ static void sk_psock_verdict_apply(struct sk_psock *psock, if (sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED)) { skb_queue_tail(&psock->ingress_skb, skb); schedule_work(&psock->work); + err = 0; } spin_unlock_bh(&psock->ingress_lock); + if (err < 0) { + skb_bpf_redirect_clear(skb); + goto out_free; + } } break; case __SK_REDIRECT: From patchwork Thu May 27 01:11:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 449378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B8E6BC47089 for ; Thu, 27 May 2021 01:12:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9B1E661073 for ; Thu, 27 May 2021 01:12:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234492AbhE0BOD (ORCPT ); Wed, 26 May 2021 21:14:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234224AbhE0BNt (ORCPT ); Wed, 26 May 2021 21:13:49 -0400 Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE404C0613CE; Wed, 26 May 2021 18:12:16 -0700 (PDT) Received: by mail-pf1-x42d.google.com with SMTP id d16so2334194pfn.12; Wed, 26 May 2021 18:12:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Li7iIK9O8bheMw2lclanyfnMSKgSW79Xj968UPC+rYs=; b=oAv6YrOyfDhehpeMDNJBRNPuDyYiTxbS8w31OlUMDswhd2UDArd9zyYc8j4x/o3M+q OV41+Tk5nECjABjahnM0istnC3v2leDEO6kgFDjalZWM67JvsLPIrtw29ze7oGcSpNQN WwB0eQsE9gwdOqho31PT4It0tM43400NRnp54eJT8ysa+xKHl4DFhKaunIkGzAQCb7tw Nh4QkI2am1hhZSWtnmHGr6hIxMPSkYO16jjJ9nZl2Mz7KatTeOj+Zw3F32Z+sOTmhobI yezgqV03SVq2sm4HUg+kVoAtO7+ZLHy8nXqdZAFibFECJXatFvO9tXzZPBhPxrxsIUEL uqeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Li7iIK9O8bheMw2lclanyfnMSKgSW79Xj968UPC+rYs=; b=EMbE/B9GMCasVRJC9X8FWW7vol4dDOtLPIEH2CfogYe+sFmuoI1mjOfGO14nQtmF+h PrkdQimIfGDW0MRYgwp/GpdlGtB/DLVScV07TIB4pUoYZcLN0T7ocZA/RR+qvr4w14h3 h3S/Wi/v+47kWSCGHWMZ0MIvHzKdzx7K4VbJE9USjjpsIFJY5KvP9YWG7iYFyTMGXoyO LpGOdm3ggjS+ISYhLBjMqBT8M2K8zn+AV2Lr6ojoEysw2QXy8pql3IofsWUC8McE0S2w tWiMbfoc8ggm2iyQ+oXEWJxLpGymsy4YMOMxtAf5yMmNHD53lx5afpEyd86QAW4i8I6S 4bBg== X-Gm-Message-State: AOAM5317UOkxTTFgZoDfcEt1MUqJL2JMPSHyLlczW0Vqci8TfYBDyLu2 Vlhw7xZEuYSyopnQC9X1tRplKL47Fae/vA== X-Google-Smtp-Source: ABdhPJwkCIEjVEJ3HsNYfV7PFNMZKZvvYe1Q/jdPCWZC3cdc4phNyqSFLff17WnK+SjgGBwMjfjOiA== X-Received: by 2002:a05:6a00:d41:b029:2da:b8ea:df35 with SMTP id n1-20020a056a000d41b02902dab8eadf35mr1244104pfv.3.1622077936245; Wed, 26 May 2021 18:12:16 -0700 (PDT) Received: from unknown.attlocal.net ([2600:1700:65a0:ab60:991:63cd:5e03:9e3a]) by smtp.gmail.com with ESMTPSA id n21sm360282pfu.99.2021.05.26.18.12.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 May 2021 18:12:15 -0700 (PDT) From: Cong Wang To: netdev@vger.kernel.org Cc: bpf@vger.kernel.org, Cong Wang , John Fastabend , Daniel Borkmann , Jakub Sitnicki , Lorenz Bauer Subject: [Patch bpf v3 7/8] skmsg: pass source psock to sk_psock_skb_redirect() Date: Wed, 26 May 2021 18:11:54 -0700 Message-Id: <20210527011155.10097-8-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210527011155.10097-1-xiyou.wangcong@gmail.com> References: <20210527011155.10097-1-xiyou.wangcong@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Cong Wang sk_psock_skb_redirect() only takes skb as a parameter, we will need to know where this skb is from, so just pass the source psock to this function as a new parameter. This patch prepares for the next one. Cc: John Fastabend Cc: Daniel Borkmann Cc: Jakub Sitnicki Cc: Lorenz Bauer Signed-off-by: Cong Wang --- net/core/skmsg.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/net/core/skmsg.c b/net/core/skmsg.c index e3d210811db4..3aa9065811ad 100644 --- a/net/core/skmsg.c +++ b/net/core/skmsg.c @@ -824,7 +824,7 @@ int sk_psock_msg_verdict(struct sock *sk, struct sk_psock *psock, } EXPORT_SYMBOL_GPL(sk_psock_msg_verdict); -static int sk_psock_skb_redirect(struct sk_buff *skb) +static int sk_psock_skb_redirect(struct sk_psock *from, struct sk_buff *skb) { struct sk_psock *psock_other; struct sock *sk_other; @@ -861,11 +861,12 @@ static int sk_psock_skb_redirect(struct sk_buff *skb) return 0; } -static void sk_psock_tls_verdict_apply(struct sk_buff *skb, struct sock *sk, int verdict) +static void sk_psock_tls_verdict_apply(struct sk_buff *skb, + struct sk_psock *from, int verdict) { switch (verdict) { case __SK_REDIRECT: - sk_psock_skb_redirect(skb); + sk_psock_skb_redirect(from, skb); break; case __SK_PASS: case __SK_DROP: @@ -889,7 +890,7 @@ int sk_psock_tls_strp_read(struct sk_psock *psock, struct sk_buff *skb) ret = sk_psock_map_verd(ret, skb_bpf_redirect_fetch(skb)); skb->sk = NULL; } - sk_psock_tls_verdict_apply(skb, psock->sk, ret); + sk_psock_tls_verdict_apply(skb, psock, ret); rcu_read_unlock(); return ret; } @@ -936,7 +937,7 @@ static int sk_psock_verdict_apply(struct sk_psock *psock, struct sk_buff *skb, } break; case __SK_REDIRECT: - err = sk_psock_skb_redirect(skb); + err = sk_psock_skb_redirect(psock, skb); break; case __SK_DROP: default: