2020-01-22 08:56:15 +08:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
/* Multipath TCP
|
|
|
|
*
|
|
|
|
* Copyright (c) 2017 - 2019, Intel Corporation.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __MPTCP_PROTOCOL_H
|
|
|
|
#define __MPTCP_PROTOCOL_H
|
|
|
|
|
2020-01-22 08:56:20 +08:00
|
|
|
#include <linux/random.h>
|
|
|
|
#include <net/tcp.h>
|
|
|
|
#include <net/inet_connection_sock.h>
|
2021-02-13 08:00:01 +08:00
|
|
|
#include <uapi/linux/mptcp.h>
|
2020-01-22 08:56:20 +08:00
|
|
|
|
2020-01-22 08:56:31 +08:00
|
|
|
#define MPTCP_SUPPORTED_VERSION 1
|
2020-01-22 08:56:16 +08:00
|
|
|
|
|
|
|
/* MPTCP option bits */
|
|
|
|
#define OPTION_MPTCP_MPC_SYN BIT(0)
|
|
|
|
#define OPTION_MPTCP_MPC_SYNACK BIT(1)
|
|
|
|
#define OPTION_MPTCP_MPC_ACK BIT(2)
|
2020-03-28 05:48:39 +08:00
|
|
|
#define OPTION_MPTCP_MPJ_SYN BIT(3)
|
|
|
|
#define OPTION_MPTCP_MPJ_SYNACK BIT(4)
|
|
|
|
#define OPTION_MPTCP_MPJ_ACK BIT(5)
|
2020-03-28 05:48:37 +08:00
|
|
|
#define OPTION_MPTCP_ADD_ADDR BIT(6)
|
2021-04-07 08:15:59 +08:00
|
|
|
#define OPTION_MPTCP_RM_ADDR BIT(7)
|
|
|
|
#define OPTION_MPTCP_FASTCLOSE BIT(8)
|
|
|
|
#define OPTION_MPTCP_PRIO BIT(9)
|
|
|
|
#define OPTION_MPTCP_RST BIT(10)
|
2020-01-22 08:56:16 +08:00
|
|
|
|
|
|
|
/* MPTCP option subtypes */
|
|
|
|
#define MPTCPOPT_MP_CAPABLE 0
|
|
|
|
#define MPTCPOPT_MP_JOIN 1
|
|
|
|
#define MPTCPOPT_DSS 2
|
|
|
|
#define MPTCPOPT_ADD_ADDR 3
|
|
|
|
#define MPTCPOPT_RM_ADDR 4
|
|
|
|
#define MPTCPOPT_MP_PRIO 5
|
|
|
|
#define MPTCPOPT_MP_FAIL 6
|
|
|
|
#define MPTCPOPT_MP_FASTCLOSE 7
|
2021-04-02 07:19:44 +08:00
|
|
|
#define MPTCPOPT_RST 8
|
2020-01-22 08:56:16 +08:00
|
|
|
|
|
|
|
/* MPTCP suboption lengths */
|
2020-01-22 08:56:31 +08:00
|
|
|
#define TCPOLEN_MPTCP_MPC_SYN 4
|
2020-01-22 08:56:16 +08:00
|
|
|
#define TCPOLEN_MPTCP_MPC_SYNACK 12
|
|
|
|
#define TCPOLEN_MPTCP_MPC_ACK 20
|
2020-01-22 08:56:31 +08:00
|
|
|
#define TCPOLEN_MPTCP_MPC_ACK_DATA 22
|
2020-03-28 05:48:39 +08:00
|
|
|
#define TCPOLEN_MPTCP_MPJ_SYN 12
|
|
|
|
#define TCPOLEN_MPTCP_MPJ_SYNACK 16
|
|
|
|
#define TCPOLEN_MPTCP_MPJ_ACK 24
|
2020-01-22 08:56:23 +08:00
|
|
|
#define TCPOLEN_MPTCP_DSS_BASE 4
|
2020-01-22 08:56:24 +08:00
|
|
|
#define TCPOLEN_MPTCP_DSS_ACK32 4
|
2020-01-22 08:56:23 +08:00
|
|
|
#define TCPOLEN_MPTCP_DSS_ACK64 8
|
2020-01-22 08:56:24 +08:00
|
|
|
#define TCPOLEN_MPTCP_DSS_MAP32 10
|
2020-01-22 08:56:23 +08:00
|
|
|
#define TCPOLEN_MPTCP_DSS_MAP64 14
|
|
|
|
#define TCPOLEN_MPTCP_DSS_CHECKSUM 2
|
2020-03-28 05:48:37 +08:00
|
|
|
#define TCPOLEN_MPTCP_ADD_ADDR 16
|
mptcp: fix length of ADD_ADDR with port sub-option
in current Linux, MPTCP peers advertising endpoints with port numbers use
a sub-option length that wrongly accounts for the trailing TCP NOP. Also,
receivers will only process incoming ADD_ADDR with port having such wrong
sub-option length. Fix this, making ADD_ADDR compliant to RFC8684 §3.4.1.
this can be verified running tcpdump on the kselftests artifacts:
unpatched kernel:
[root@bottarga mptcp]# tcpdump -tnnr unpatched.pcap | grep add-addr
reading from file unpatched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.53078: Flags [.], ack 101, win 509, options [nop,nop,TS val 214459678 ecr 521312851,mptcp add-addr v1 id 1 a00:201:2774:2d88:7436:85c3:17fd:101], length 0
IP 10.0.1.2.53078 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 521312852 ecr 214459678,mptcp add-addr[bad opt]]
patched kernel:
[root@bottarga mptcp]# tcpdump -tnnr patched.pcap | grep add-addr
reading from file patched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.38178: Flags [.], ack 101, win 509, options [nop,nop,TS val 3728873902 ecr 2732713192,mptcp add-addr v1 id 1 10.0.2.1:10100 hmac 0xbccdfcbe59292a1f,nop,nop], length 0
IP 10.0.1.2.38178 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 2732713195 ecr 3728873902,mptcp add-addr v1-echo id 1 10.0.2.1:10100,nop,nop], length 0
Fixes: 22fb85ffaefb ("mptcp: add port support for ADD_ADDR suboption writing")
CC: stable@vger.kernel.org # 5.11+
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Acked-and-tested-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-08 17:00:04 +08:00
|
|
|
#define TCPOLEN_MPTCP_ADD_ADDR_PORT 18
|
2020-03-28 05:48:37 +08:00
|
|
|
#define TCPOLEN_MPTCP_ADD_ADDR_BASE 8
|
mptcp: fix length of ADD_ADDR with port sub-option
in current Linux, MPTCP peers advertising endpoints with port numbers use
a sub-option length that wrongly accounts for the trailing TCP NOP. Also,
receivers will only process incoming ADD_ADDR with port having such wrong
sub-option length. Fix this, making ADD_ADDR compliant to RFC8684 §3.4.1.
this can be verified running tcpdump on the kselftests artifacts:
unpatched kernel:
[root@bottarga mptcp]# tcpdump -tnnr unpatched.pcap | grep add-addr
reading from file unpatched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.53078: Flags [.], ack 101, win 509, options [nop,nop,TS val 214459678 ecr 521312851,mptcp add-addr v1 id 1 a00:201:2774:2d88:7436:85c3:17fd:101], length 0
IP 10.0.1.2.53078 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 521312852 ecr 214459678,mptcp add-addr[bad opt]]
patched kernel:
[root@bottarga mptcp]# tcpdump -tnnr patched.pcap | grep add-addr
reading from file patched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.38178: Flags [.], ack 101, win 509, options [nop,nop,TS val 3728873902 ecr 2732713192,mptcp add-addr v1 id 1 10.0.2.1:10100 hmac 0xbccdfcbe59292a1f,nop,nop], length 0
IP 10.0.1.2.38178 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 2732713195 ecr 3728873902,mptcp add-addr v1-echo id 1 10.0.2.1:10100,nop,nop], length 0
Fixes: 22fb85ffaefb ("mptcp: add port support for ADD_ADDR suboption writing")
CC: stable@vger.kernel.org # 5.11+
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Acked-and-tested-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-08 17:00:04 +08:00
|
|
|
#define TCPOLEN_MPTCP_ADD_ADDR_BASE_PORT 10
|
2020-03-28 05:48:37 +08:00
|
|
|
#define TCPOLEN_MPTCP_ADD_ADDR6 28
|
mptcp: fix length of ADD_ADDR with port sub-option
in current Linux, MPTCP peers advertising endpoints with port numbers use
a sub-option length that wrongly accounts for the trailing TCP NOP. Also,
receivers will only process incoming ADD_ADDR with port having such wrong
sub-option length. Fix this, making ADD_ADDR compliant to RFC8684 §3.4.1.
this can be verified running tcpdump on the kselftests artifacts:
unpatched kernel:
[root@bottarga mptcp]# tcpdump -tnnr unpatched.pcap | grep add-addr
reading from file unpatched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.53078: Flags [.], ack 101, win 509, options [nop,nop,TS val 214459678 ecr 521312851,mptcp add-addr v1 id 1 a00:201:2774:2d88:7436:85c3:17fd:101], length 0
IP 10.0.1.2.53078 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 521312852 ecr 214459678,mptcp add-addr[bad opt]]
patched kernel:
[root@bottarga mptcp]# tcpdump -tnnr patched.pcap | grep add-addr
reading from file patched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.38178: Flags [.], ack 101, win 509, options [nop,nop,TS val 3728873902 ecr 2732713192,mptcp add-addr v1 id 1 10.0.2.1:10100 hmac 0xbccdfcbe59292a1f,nop,nop], length 0
IP 10.0.1.2.38178 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 2732713195 ecr 3728873902,mptcp add-addr v1-echo id 1 10.0.2.1:10100,nop,nop], length 0
Fixes: 22fb85ffaefb ("mptcp: add port support for ADD_ADDR suboption writing")
CC: stable@vger.kernel.org # 5.11+
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Acked-and-tested-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-08 17:00:04 +08:00
|
|
|
#define TCPOLEN_MPTCP_ADD_ADDR6_PORT 30
|
2020-03-28 05:48:37 +08:00
|
|
|
#define TCPOLEN_MPTCP_ADD_ADDR6_BASE 20
|
mptcp: fix length of ADD_ADDR with port sub-option
in current Linux, MPTCP peers advertising endpoints with port numbers use
a sub-option length that wrongly accounts for the trailing TCP NOP. Also,
receivers will only process incoming ADD_ADDR with port having such wrong
sub-option length. Fix this, making ADD_ADDR compliant to RFC8684 §3.4.1.
this can be verified running tcpdump on the kselftests artifacts:
unpatched kernel:
[root@bottarga mptcp]# tcpdump -tnnr unpatched.pcap | grep add-addr
reading from file unpatched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.53078: Flags [.], ack 101, win 509, options [nop,nop,TS val 214459678 ecr 521312851,mptcp add-addr v1 id 1 a00:201:2774:2d88:7436:85c3:17fd:101], length 0
IP 10.0.1.2.53078 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 521312852 ecr 214459678,mptcp add-addr[bad opt]]
patched kernel:
[root@bottarga mptcp]# tcpdump -tnnr patched.pcap | grep add-addr
reading from file patched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.38178: Flags [.], ack 101, win 509, options [nop,nop,TS val 3728873902 ecr 2732713192,mptcp add-addr v1 id 1 10.0.2.1:10100 hmac 0xbccdfcbe59292a1f,nop,nop], length 0
IP 10.0.1.2.38178 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 2732713195 ecr 3728873902,mptcp add-addr v1-echo id 1 10.0.2.1:10100,nop,nop], length 0
Fixes: 22fb85ffaefb ("mptcp: add port support for ADD_ADDR suboption writing")
CC: stable@vger.kernel.org # 5.11+
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Acked-and-tested-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-08 17:00:04 +08:00
|
|
|
#define TCPOLEN_MPTCP_ADD_ADDR6_BASE_PORT 22
|
|
|
|
#define TCPOLEN_MPTCP_PORT_LEN 2
|
|
|
|
#define TCPOLEN_MPTCP_PORT_ALIGN 2
|
2021-03-13 09:16:11 +08:00
|
|
|
#define TCPOLEN_MPTCP_RM_ADDR_BASE 3
|
mptcp: fix length of MP_PRIO suboption
With version 0 of the protocol it was legal to encode the 'Subflow Id' in
the MP_PRIO suboption, to specify which subflow would change its 'Backup'
flag. This has been removed from v1 specification: thus, according to RFC
8684 §3.3.8, the resulting 'Length' for MP_PRIO changed from 4 to 3 byte.
Current Linux generates / parses MP_PRIO according to the old spec, using
'Length' equal to 4, and hardcoding 1 as 'Subflow Id'; RFC compliance can
improve if we change 'Length' in other to become 3, leaving a 'Nop' after
the MP_PRIO suboption. In this way the kernel will emit and accept *only*
MP_PRIO suboptions that are compliant to version 1 of the MPTCP protocol.
unpatched 5.11-rc kernel:
[root@bottarga ~]# tcpdump -tnnr unpatched.pcap | grep prio
reading from file unpatched.pcap, link-type LINUX_SLL (Linux cooked v1)
dropped privs to tcpdump
IP 10.0.3.2.48433 > 10.0.1.1.10006: Flags [.], ack 1, win 502, options [nop,nop,TS val 4032325513 ecr 1876514270,mptcp prio non-backup id 1,mptcp dss ack 14084896651682217737], length 0
patched 5.11-rc kernel:
[root@bottarga ~]# tcpdump -tnnr patched.pcap | grep prio
reading from file patched.pcap, link-type LINUX_SLL (Linux cooked v1)
dropped privs to tcpdump
IP 10.0.3.2.49735 > 10.0.1.1.10006: Flags [.], ack 1, win 502, options [nop,nop,TS val 1276737699 ecr 2686399734,mptcp prio non-backup,nop,mptcp dss ack 18433038869082491686], length 0
Changes since v2:
- when accounting for option space, don't increment 'TCPOLEN_MPTCP_PRIO'
and use 'TCPOLEN_MPTCP_PRIO_ALIGN' instead, thanks to Matthieu Baerts.
Changes since v1:
- refactor patch to avoid using 'TCPOLEN_MPTCP_PRIO' with its old value,
thanks to Geliang Tang.
Fixes: 067065422fcd ("mptcp: add the outgoing MP_PRIO support")
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Matteo Croce <mcroce@linux.microsoft.com>
Link: https://lore.kernel.org/r/846cdd41e6ad6ec88ef23fee1552ab39c2f5a3d1.1612184361.git.dcaratti@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-02-01 21:05:26 +08:00
|
|
|
#define TCPOLEN_MPTCP_PRIO 3
|
|
|
|
#define TCPOLEN_MPTCP_PRIO_ALIGN 4
|
2020-12-11 06:25:04 +08:00
|
|
|
#define TCPOLEN_MPTCP_FASTCLOSE 12
|
2021-04-02 07:19:44 +08:00
|
|
|
#define TCPOLEN_MPTCP_RST 4
|
2020-01-22 08:56:16 +08:00
|
|
|
|
2021-06-18 07:46:14 +08:00
|
|
|
#define TCPOLEN_MPTCP_MPC_ACK_DATA_CSUM (TCPOLEN_MPTCP_DSS_CHECKSUM + TCPOLEN_MPTCP_MPC_ACK_DATA)
|
|
|
|
|
2020-03-28 05:48:40 +08:00
|
|
|
/* MPTCP MP_JOIN flags */
|
2020-03-28 05:48:39 +08:00
|
|
|
#define MPTCPOPT_BACKUP BIT(0)
|
|
|
|
#define MPTCPOPT_HMAC_LEN 20
|
2020-03-28 05:48:40 +08:00
|
|
|
#define MPTCPOPT_THMAC_LEN 8
|
2020-03-28 05:48:39 +08:00
|
|
|
|
2020-01-22 08:56:16 +08:00
|
|
|
/* MPTCP MP_CAPABLE flags */
|
|
|
|
#define MPTCP_VERSION_MASK (0x0F)
|
|
|
|
#define MPTCP_CAP_CHECKSUM_REQD BIT(7)
|
|
|
|
#define MPTCP_CAP_EXTENSIBILITY BIT(6)
|
2021-06-23 03:25:19 +08:00
|
|
|
#define MPTCP_CAP_DENY_JOIN_ID0 BIT(5)
|
2020-01-22 08:56:30 +08:00
|
|
|
#define MPTCP_CAP_HMAC_SHA256 BIT(0)
|
2021-06-23 03:25:19 +08:00
|
|
|
#define MPTCP_CAP_FLAG_MASK (0x1F)
|
2020-01-22 08:56:16 +08:00
|
|
|
|
2020-01-22 08:56:23 +08:00
|
|
|
/* MPTCP DSS flags */
|
|
|
|
#define MPTCP_DSS_DATA_FIN BIT(4)
|
|
|
|
#define MPTCP_DSS_DSN64 BIT(3)
|
|
|
|
#define MPTCP_DSS_HAS_MAP BIT(2)
|
|
|
|
#define MPTCP_DSS_ACK64 BIT(1)
|
|
|
|
#define MPTCP_DSS_HAS_ACK BIT(0)
|
2020-01-22 08:56:24 +08:00
|
|
|
#define MPTCP_DSS_FLAG_MASK (0x1F)
|
|
|
|
|
2020-03-28 05:48:37 +08:00
|
|
|
/* MPTCP ADD_ADDR flags */
|
|
|
|
#define MPTCP_ADDR_ECHO BIT(0)
|
|
|
|
|
2021-01-09 08:47:58 +08:00
|
|
|
/* MPTCP MP_PRIO flags */
|
|
|
|
#define MPTCP_PRIO_BKUP BIT(0)
|
|
|
|
|
2021-04-02 07:19:44 +08:00
|
|
|
/* MPTCP TCPRST flags */
|
|
|
|
#define MPTCP_RST_TRANSIENT BIT(0)
|
|
|
|
|
2020-01-22 08:56:24 +08:00
|
|
|
/* MPTCP socket flags */
|
2020-02-17 23:54:38 +08:00
|
|
|
#define MPTCP_DATA_READY 0
|
2020-11-16 17:48:12 +08:00
|
|
|
#define MPTCP_NOSPACE 1
|
2020-03-28 05:48:48 +08:00
|
|
|
#define MPTCP_WORK_RTX 2
|
2020-04-02 19:44:52 +08:00
|
|
|
#define MPTCP_WORK_EOF 3
|
2020-06-30 04:26:20 +08:00
|
|
|
#define MPTCP_FALLBACK_DONE 4
|
2020-10-10 01:00:01 +08:00
|
|
|
#define MPTCP_WORK_CLOSE_SUBFLOW 5
|
2020-11-27 18:10:27 +08:00
|
|
|
#define MPTCP_PUSH_PENDING 6
|
|
|
|
#define MPTCP_CLEAN_UNA 7
|
2021-02-12 07:30:37 +08:00
|
|
|
#define MPTCP_ERROR_REPORT 8
|
2021-03-27 02:26:30 +08:00
|
|
|
#define MPTCP_RETRANSMIT 9
|
2021-04-16 07:44:53 +08:00
|
|
|
#define MPTCP_WORK_SYNC_SETSOCKOPT 10
|
2021-06-22 08:33:08 +08:00
|
|
|
#define MPTCP_CONNECTED 11
|
2020-01-22 08:56:23 +08:00
|
|
|
|
2020-11-16 17:48:08 +08:00
|
|
|
static inline bool before64(__u64 seq1, __u64 seq2)
|
|
|
|
{
|
|
|
|
return (__s64)(seq1 - seq2) < 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define after64(seq2, seq1) before64(seq1, seq2)
|
|
|
|
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
struct mptcp_options_received {
|
|
|
|
u64 sndr_key;
|
|
|
|
u64 rcvr_key;
|
|
|
|
u64 data_ack;
|
|
|
|
u64 data_seq;
|
|
|
|
u32 subflow_seq;
|
|
|
|
u16 data_len;
|
2021-06-18 07:46:14 +08:00
|
|
|
__sum16 csum;
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
u16 mp_capable : 1,
|
|
|
|
mp_join : 1,
|
2020-12-11 06:25:04 +08:00
|
|
|
fastclose : 1,
|
2021-04-02 07:19:44 +08:00
|
|
|
reset : 1,
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
dss : 1,
|
|
|
|
add_addr : 1,
|
|
|
|
rm_addr : 1,
|
2021-01-09 08:47:58 +08:00
|
|
|
mp_prio : 1,
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
echo : 1,
|
2021-06-18 07:46:13 +08:00
|
|
|
csum_reqd : 1,
|
2021-06-23 03:25:20 +08:00
|
|
|
backup : 1,
|
|
|
|
deny_join_id0 : 1;
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
u32 token;
|
|
|
|
u32 nonce;
|
|
|
|
u64 thmac;
|
2020-12-11 06:25:01 +08:00
|
|
|
u8 hmac[MPTCPOPT_HMAC_LEN];
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
u8 join_id;
|
|
|
|
u8 use_map:1,
|
|
|
|
dsn64:1,
|
|
|
|
data_fin:1,
|
|
|
|
use_ack:1,
|
|
|
|
ack64:1,
|
|
|
|
mpc_map:1,
|
|
|
|
__unused:2;
|
2021-04-07 08:16:00 +08:00
|
|
|
struct mptcp_addr_info addr;
|
2021-03-13 09:16:13 +08:00
|
|
|
struct mptcp_rm_list rm_list;
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
u64 ahmac;
|
2021-04-02 07:19:44 +08:00
|
|
|
u8 reset_reason:4;
|
|
|
|
u8 reset_transient:1;
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
};
|
|
|
|
|
2020-03-28 05:48:37 +08:00
|
|
|
static inline __be32 mptcp_option(u8 subopt, u8 len, u8 nib, u8 field)
|
|
|
|
{
|
|
|
|
return htonl((TCPOPT_MPTCP << 24) | (len << 16) | (subopt << 12) |
|
|
|
|
((nib & 0xF) << 8) | field);
|
|
|
|
}
|
|
|
|
|
2020-03-28 05:48:38 +08:00
|
|
|
enum mptcp_pm_status {
|
|
|
|
MPTCP_PM_ADD_ADDR_RECEIVED,
|
2020-11-20 03:46:00 +08:00
|
|
|
MPTCP_PM_ADD_ADDR_SEND_ACK,
|
2020-09-24 08:29:49 +08:00
|
|
|
MPTCP_PM_RM_ADDR_RECEIVED,
|
2020-03-28 05:48:38 +08:00
|
|
|
MPTCP_PM_ESTABLISHED,
|
2020-12-09 19:03:29 +08:00
|
|
|
MPTCP_PM_ALREADY_ESTABLISHED, /* persistent status, set after ESTABLISHED event */
|
2020-03-28 05:48:38 +08:00
|
|
|
MPTCP_PM_SUBFLOW_ESTABLISHED,
|
|
|
|
};
|
|
|
|
|
2020-12-10 07:51:27 +08:00
|
|
|
enum mptcp_addr_signal_status {
|
2020-11-20 03:45:59 +08:00
|
|
|
MPTCP_ADD_ADDR_SIGNAL,
|
|
|
|
MPTCP_ADD_ADDR_ECHO,
|
2020-11-20 03:46:00 +08:00
|
|
|
MPTCP_ADD_ADDR_IPV6,
|
2020-12-10 07:51:22 +08:00
|
|
|
MPTCP_ADD_ADDR_PORT,
|
2020-12-10 07:51:26 +08:00
|
|
|
MPTCP_RM_ADDR_SIGNAL,
|
2020-11-20 03:45:59 +08:00
|
|
|
};
|
|
|
|
|
2020-03-28 05:48:38 +08:00
|
|
|
struct mptcp_pm_data {
|
|
|
|
struct mptcp_addr_info local;
|
|
|
|
struct mptcp_addr_info remote;
|
2020-09-24 08:29:54 +08:00
|
|
|
struct list_head anno_list;
|
2020-03-28 05:48:38 +08:00
|
|
|
|
|
|
|
spinlock_t lock; /*protects the whole PM data */
|
|
|
|
|
2020-12-10 07:51:27 +08:00
|
|
|
u8 addr_signal;
|
2020-03-28 05:48:38 +08:00
|
|
|
bool server_side;
|
|
|
|
bool work_pending;
|
|
|
|
bool accept_addr;
|
|
|
|
bool accept_subflow;
|
2021-06-23 03:25:20 +08:00
|
|
|
bool remote_deny_join_id0;
|
2020-03-28 05:48:38 +08:00
|
|
|
u8 add_addr_signaled;
|
|
|
|
u8 add_addr_accepted;
|
|
|
|
u8 local_addr_used;
|
|
|
|
u8 subflows;
|
|
|
|
u8 status;
|
2021-03-13 09:16:12 +08:00
|
|
|
struct mptcp_rm_list rm_list_tx;
|
2021-03-13 09:16:14 +08:00
|
|
|
struct mptcp_rm_list rm_list_rx;
|
2020-03-28 05:48:38 +08:00
|
|
|
};
|
|
|
|
|
2020-03-28 05:48:43 +08:00
|
|
|
struct mptcp_data_frag {
|
|
|
|
struct list_head list;
|
|
|
|
u64 data_seq;
|
2020-11-16 17:48:07 +08:00
|
|
|
u16 data_len;
|
|
|
|
u16 offset;
|
|
|
|
u16 overhead;
|
|
|
|
u16 already_sent;
|
2020-03-28 05:48:43 +08:00
|
|
|
struct page *page;
|
|
|
|
};
|
|
|
|
|
2020-01-22 08:56:15 +08:00
|
|
|
/* MPTCP connection sock */
|
|
|
|
struct mptcp_sock {
|
|
|
|
/* inet_connection_sock must be the first member */
|
|
|
|
struct inet_connection_sock sk;
|
2020-01-22 08:56:18 +08:00
|
|
|
u64 local_key;
|
|
|
|
u64 remote_key;
|
2020-01-22 08:56:23 +08:00
|
|
|
u64 write_seq;
|
2020-11-16 17:48:08 +08:00
|
|
|
u64 snd_nxt;
|
2020-01-22 08:56:23 +08:00
|
|
|
u64 ack_seq;
|
2020-11-20 03:46:02 +08:00
|
|
|
u64 rcv_wnd_sent;
|
2020-07-29 06:12:03 +08:00
|
|
|
u64 rcv_data_fin_seq;
|
2020-11-27 18:10:23 +08:00
|
|
|
int wmem_reserved;
|
2020-09-14 16:01:17 +08:00
|
|
|
struct sock *last_snd;
|
|
|
|
int snd_burst;
|
2020-11-20 03:46:03 +08:00
|
|
|
int old_wspace;
|
2020-11-27 18:10:26 +08:00
|
|
|
u64 snd_una;
|
|
|
|
u64 wnd_end;
|
2020-03-28 05:48:44 +08:00
|
|
|
unsigned long timer_ival;
|
2020-01-22 08:56:20 +08:00
|
|
|
u32 token;
|
2020-11-27 18:10:24 +08:00
|
|
|
int rmem_released;
|
2020-01-22 08:56:24 +08:00
|
|
|
unsigned long flags;
|
2020-01-22 08:56:32 +08:00
|
|
|
bool can_ack;
|
2020-07-23 19:02:32 +08:00
|
|
|
bool fully_established;
|
2020-07-29 06:12:03 +08:00
|
|
|
bool rcv_data_fin;
|
2020-07-29 06:12:02 +08:00
|
|
|
bool snd_data_fin_enable;
|
2020-12-11 06:25:04 +08:00
|
|
|
bool rcv_fastclose;
|
2020-10-07 00:26:17 +08:00
|
|
|
bool use_64bit_ack; /* Set when we received a 64-bit DSN */
|
2021-06-18 07:46:07 +08:00
|
|
|
bool csum_enabled;
|
2020-03-28 05:48:40 +08:00
|
|
|
spinlock_t join_list_lock;
|
2020-02-26 17:14:47 +08:00
|
|
|
struct work_struct work;
|
2020-09-14 16:01:12 +08:00
|
|
|
struct sk_buff *ooo_last_skb;
|
|
|
|
struct rb_root out_of_order_queue;
|
2020-11-27 18:10:24 +08:00
|
|
|
struct sk_buff_head receive_queue;
|
2020-11-27 18:10:25 +08:00
|
|
|
int tx_pending_data;
|
2020-01-22 08:56:18 +08:00
|
|
|
struct list_head conn_list;
|
2020-03-28 05:48:43 +08:00
|
|
|
struct list_head rtx_queue;
|
2020-11-16 17:48:07 +08:00
|
|
|
struct mptcp_data_frag *first_pending;
|
2020-03-28 05:48:40 +08:00
|
|
|
struct list_head join_list;
|
2020-01-22 08:56:15 +08:00
|
|
|
struct socket *subflow; /* outgoing connect/listener/!mp_capable */
|
mptcp: cope with later TCP fallback
With MPTCP v1, passive connections can fallback to TCP after the
subflow becomes established:
syn + MP_CAPABLE ->
<- syn, ack + MP_CAPABLE
ack, seq = 3 ->
// OoO packet is accepted because in-sequence
// passive socket is created, is in ESTABLISHED
// status and tentatively as MP_CAPABLE
ack, seq = 2 ->
// no MP_CAPABLE opt, subflow should fallback to TCP
We can't use the 'subflow' socket fallback, as we don't have
it available for passive connection.
Instead, when the fallback is detected, replace the mptcp
socket with the underlying TCP subflow. Beyond covering
the above scenario, it makes a TCP fallback socket as efficient
as plain TCP ones.
Co-developed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-22 08:56:33 +08:00
|
|
|
struct sock *first;
|
2020-03-28 05:48:38 +08:00
|
|
|
struct mptcp_pm_data pm;
|
2020-07-01 03:24:45 +08:00
|
|
|
struct {
|
|
|
|
u32 space; /* bytes copied in last measurement window */
|
|
|
|
u32 copied; /* bytes copied in this measurement window */
|
|
|
|
u64 time; /* start time of measurement window */
|
|
|
|
u64 rtt_us; /* last maximum rtt of subflows */
|
|
|
|
} rcvq_space;
|
2021-04-16 07:44:54 +08:00
|
|
|
|
|
|
|
u32 setsockopt_seq;
|
2021-05-26 05:23:10 +08:00
|
|
|
char ca_name[TCP_CA_NAME_MAX];
|
2020-01-22 08:56:15 +08:00
|
|
|
};
|
|
|
|
|
2020-11-27 18:10:22 +08:00
|
|
|
#define mptcp_lock_sock(___sk, cb) do { \
|
|
|
|
struct sock *__sk = (___sk); /* silence macro reuse warning */ \
|
|
|
|
might_sleep(); \
|
|
|
|
spin_lock_bh(&__sk->sk_lock.slock); \
|
|
|
|
if (__sk->sk_lock.owned) \
|
|
|
|
__lock_sock(__sk); \
|
|
|
|
cb; \
|
|
|
|
__sk->sk_lock.owned = 1; \
|
|
|
|
spin_unlock(&__sk->sk_lock.slock); \
|
|
|
|
mutex_acquire(&__sk->sk_lock.dep_map, 0, 0, _RET_IP_); \
|
|
|
|
local_bh_enable(); \
|
|
|
|
} while (0)
|
|
|
|
|
2020-11-27 18:10:24 +08:00
|
|
|
#define mptcp_data_lock(sk) spin_lock_bh(&(sk)->sk_lock.slock)
|
|
|
|
#define mptcp_data_unlock(sk) spin_unlock_bh(&(sk)->sk_lock.slock)
|
|
|
|
|
2020-01-22 08:56:18 +08:00
|
|
|
#define mptcp_for_each_subflow(__msk, __subflow) \
|
|
|
|
list_for_each_entry(__subflow, &((__msk)->conn_list), node)
|
|
|
|
|
2021-02-05 07:23:30 +08:00
|
|
|
static inline void msk_owned_by_me(const struct mptcp_sock *msk)
|
|
|
|
{
|
|
|
|
sock_owned_by_me((const struct sock *)msk);
|
|
|
|
}
|
|
|
|
|
2020-01-22 08:56:15 +08:00
|
|
|
static inline struct mptcp_sock *mptcp_sk(const struct sock *sk)
|
|
|
|
{
|
|
|
|
return (struct mptcp_sock *)sk;
|
|
|
|
}
|
|
|
|
|
2021-07-10 08:20:51 +08:00
|
|
|
/* the msk socket don't use the backlog, also account for the bulk
|
|
|
|
* free memory
|
|
|
|
*/
|
|
|
|
static inline int __mptcp_rmem(const struct sock *sk)
|
|
|
|
{
|
|
|
|
return atomic_read(&sk->sk_rmem_alloc) - READ_ONCE(mptcp_sk(sk)->rmem_released);
|
|
|
|
}
|
|
|
|
|
2020-11-20 03:46:03 +08:00
|
|
|
static inline int __mptcp_space(const struct sock *sk)
|
|
|
|
{
|
2021-07-10 08:20:51 +08:00
|
|
|
return tcp_win_from_space(sk, READ_ONCE(sk->sk_rcvbuf) - __mptcp_rmem(sk));
|
2020-11-20 03:46:03 +08:00
|
|
|
}
|
|
|
|
|
2020-11-16 17:48:07 +08:00
|
|
|
static inline struct mptcp_data_frag *mptcp_send_head(const struct sock *sk)
|
|
|
|
{
|
|
|
|
const struct mptcp_sock *msk = mptcp_sk(sk);
|
|
|
|
|
|
|
|
return READ_ONCE(msk->first_pending);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline struct mptcp_data_frag *mptcp_send_next(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct mptcp_sock *msk = mptcp_sk(sk);
|
|
|
|
struct mptcp_data_frag *cur;
|
|
|
|
|
|
|
|
cur = msk->first_pending;
|
|
|
|
return list_is_last(&cur->list, &msk->rtx_queue) ? NULL :
|
|
|
|
list_next_entry(cur, list);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline struct mptcp_data_frag *mptcp_pending_tail(const struct sock *sk)
|
|
|
|
{
|
|
|
|
struct mptcp_sock *msk = mptcp_sk(sk);
|
|
|
|
|
|
|
|
if (!msk->first_pending)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (WARN_ON_ONCE(list_empty(&msk->rtx_queue)))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
return list_last_entry(&msk->rtx_queue, struct mptcp_data_frag, list);
|
|
|
|
}
|
|
|
|
|
2021-02-12 07:30:39 +08:00
|
|
|
static inline struct mptcp_data_frag *mptcp_rtx_head(const struct sock *sk)
|
2020-03-28 05:48:43 +08:00
|
|
|
{
|
|
|
|
struct mptcp_sock *msk = mptcp_sk(sk);
|
|
|
|
|
2021-02-12 07:30:39 +08:00
|
|
|
if (msk->snd_una == READ_ONCE(msk->snd_nxt))
|
2020-03-28 05:48:43 +08:00
|
|
|
return NULL;
|
|
|
|
|
2020-06-15 16:34:28 +08:00
|
|
|
return list_first_entry_or_null(&msk->rtx_queue, struct mptcp_data_frag, list);
|
2020-03-28 05:48:46 +08:00
|
|
|
}
|
|
|
|
|
2021-06-18 07:46:08 +08:00
|
|
|
struct csum_pseudo_header {
|
|
|
|
__be64 data_seq;
|
|
|
|
__be32 subflow_seq;
|
|
|
|
__be16 data_len;
|
|
|
|
__sum16 csum;
|
|
|
|
};
|
|
|
|
|
2020-01-22 08:56:18 +08:00
|
|
|
struct mptcp_subflow_request_sock {
|
|
|
|
struct tcp_request_sock sk;
|
2020-01-22 08:56:32 +08:00
|
|
|
u16 mp_capable : 1,
|
2020-01-22 08:56:18 +08:00
|
|
|
mp_join : 1,
|
2021-06-18 07:46:09 +08:00
|
|
|
backup : 1,
|
2021-06-23 03:25:19 +08:00
|
|
|
csum_reqd : 1,
|
|
|
|
allow_join_id0 : 1;
|
2020-03-28 05:48:38 +08:00
|
|
|
u8 local_id;
|
2020-03-28 05:48:39 +08:00
|
|
|
u8 remote_id;
|
2020-01-22 08:56:18 +08:00
|
|
|
u64 local_key;
|
2020-01-22 08:56:20 +08:00
|
|
|
u64 idsn;
|
|
|
|
u32 token;
|
2020-01-22 08:56:24 +08:00
|
|
|
u32 ssn_offset;
|
2020-03-28 05:48:39 +08:00
|
|
|
u64 thmac;
|
|
|
|
u32 local_nonce;
|
|
|
|
u32 remote_nonce;
|
2020-06-17 18:08:56 +08:00
|
|
|
struct mptcp_sock *msk;
|
2020-06-27 01:30:00 +08:00
|
|
|
struct hlist_nulls_node token_node;
|
2020-01-22 08:56:18 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
static inline struct mptcp_subflow_request_sock *
|
|
|
|
mptcp_subflow_rsk(const struct request_sock *rsk)
|
|
|
|
{
|
|
|
|
return (struct mptcp_subflow_request_sock *)rsk;
|
|
|
|
}
|
|
|
|
|
2020-09-14 16:01:09 +08:00
|
|
|
enum mptcp_data_avail {
|
|
|
|
MPTCP_SUBFLOW_NODATA,
|
|
|
|
MPTCP_SUBFLOW_DATA_AVAIL,
|
|
|
|
};
|
|
|
|
|
2021-01-20 22:39:14 +08:00
|
|
|
struct mptcp_delegated_action {
|
|
|
|
struct napi_struct napi;
|
|
|
|
struct list_head head;
|
|
|
|
};
|
|
|
|
|
|
|
|
DECLARE_PER_CPU(struct mptcp_delegated_action, mptcp_delegated_actions);
|
|
|
|
|
|
|
|
#define MPTCP_DELEGATE_SEND 0
|
|
|
|
|
2020-01-22 08:56:17 +08:00
|
|
|
/* MPTCP subflow context */
|
|
|
|
struct mptcp_subflow_context {
|
2020-01-22 08:56:18 +08:00
|
|
|
struct list_head node;/* conn_list of subflows */
|
|
|
|
u64 local_key;
|
|
|
|
u64 remote_key;
|
2020-01-22 08:56:20 +08:00
|
|
|
u64 idsn;
|
2020-01-22 08:56:24 +08:00
|
|
|
u64 map_seq;
|
2020-01-22 08:56:31 +08:00
|
|
|
u32 snd_isn;
|
2020-01-22 08:56:20 +08:00
|
|
|
u32 token;
|
2020-01-22 08:56:23 +08:00
|
|
|
u32 rel_write_seq;
|
2020-01-22 08:56:24 +08:00
|
|
|
u32 map_subflow_seq;
|
|
|
|
u32 ssn_offset;
|
|
|
|
u32 map_data_len;
|
mptcp: validate the data checksum
This patch added three new members named data_csum, csum_len and
map_csum in struct mptcp_subflow_context, implemented a new function
named mptcp_validate_data_checksum().
If the current mapping is valid and csum is enabled traverse the later
pending skbs and compute csum incrementally till the whole mapping has
been covered. If not enough data is available in the rx queue, return
MAPPING_EMPTY - that is, no data.
Next subflow_data_ready invocation will trigger again csum computation.
When the full DSS is available, validate the csum and return to the
caller an appropriate error code, to trigger subflow reset of fallback
as required by the RFC.
Additionally:
- if the csum prevence in the DSS don't match the negotiated value e.g.
csum present, but not requested, return invalid mapping to trigger
subflow reset.
- keep some csum state, to avoid re-compute the csum on the same data
when multiple rx queue traversal are required.
- clean-up the uncompleted mapping from the receive queue on close, to
allow proper subflow disposal
Co-developed-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-06-18 07:46:16 +08:00
|
|
|
__wsum map_data_csum;
|
|
|
|
u32 map_csum_len;
|
2020-01-22 08:56:18 +08:00
|
|
|
u32 request_mptcp : 1, /* send MP_CAPABLE */
|
2020-03-28 05:48:40 +08:00
|
|
|
request_join : 1, /* send MP_JOIN */
|
|
|
|
request_bkup : 1,
|
2020-01-22 08:56:18 +08:00
|
|
|
mp_capable : 1, /* remote is MPTCP capable */
|
2020-03-28 05:48:39 +08:00
|
|
|
mp_join : 1, /* remote is JOINing */
|
2020-03-19 18:06:30 +08:00
|
|
|
fully_established : 1, /* path validated */
|
2020-03-28 05:48:39 +08:00
|
|
|
pm_notified : 1, /* PM hook called for established status */
|
2020-01-22 08:56:24 +08:00
|
|
|
conn_finished : 1,
|
|
|
|
map_valid : 1,
|
mptcp: validate the data checksum
This patch added three new members named data_csum, csum_len and
map_csum in struct mptcp_subflow_context, implemented a new function
named mptcp_validate_data_checksum().
If the current mapping is valid and csum is enabled traverse the later
pending skbs and compute csum incrementally till the whole mapping has
been covered. If not enough data is available in the rx queue, return
MAPPING_EMPTY - that is, no data.
Next subflow_data_ready invocation will trigger again csum computation.
When the full DSS is available, validate the csum and return to the
caller an appropriate error code, to trigger subflow reset of fallback
as required by the RFC.
Additionally:
- if the csum prevence in the DSS don't match the negotiated value e.g.
csum present, but not requested, return invalid mapping to trigger
subflow reset.
- keep some csum state, to avoid re-compute the csum on the same data
when multiple rx queue traversal are required.
- clean-up the uncompleted mapping from the receive queue on close, to
allow proper subflow disposal
Co-developed-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-06-18 07:46:16 +08:00
|
|
|
map_csum_reqd : 1,
|
|
|
|
map_data_fin : 1,
|
2020-01-22 08:56:32 +08:00
|
|
|
mpc_map : 1,
|
2020-03-28 05:48:39 +08:00
|
|
|
backup : 1,
|
2021-01-09 08:47:57 +08:00
|
|
|
send_mp_prio : 1,
|
2020-01-22 08:56:32 +08:00
|
|
|
rx_eof : 1,
|
2020-11-16 17:48:09 +08:00
|
|
|
can_ack : 1, /* only after processing the remote a key */
|
|
|
|
disposable : 1; /* ctx can be free at ulp release time */
|
2020-09-14 16:01:09 +08:00
|
|
|
enum mptcp_data_avail data_avail;
|
2020-03-28 05:48:39 +08:00
|
|
|
u32 remote_nonce;
|
|
|
|
u64 thmac;
|
|
|
|
u32 local_nonce;
|
2020-03-28 05:48:40 +08:00
|
|
|
u32 remote_token;
|
|
|
|
u8 hmac[MPTCPOPT_HMAC_LEN];
|
2020-03-28 05:48:39 +08:00
|
|
|
u8 local_id;
|
|
|
|
u8 remote_id;
|
2021-04-02 07:19:44 +08:00
|
|
|
u8 reset_seen:1;
|
|
|
|
u8 reset_transient:1;
|
|
|
|
u8 reset_reason:4;
|
2021-08-14 06:15:42 +08:00
|
|
|
u8 stale_count;
|
2020-01-22 08:56:24 +08:00
|
|
|
|
2021-01-20 22:39:14 +08:00
|
|
|
long delegated_status;
|
|
|
|
struct list_head delegated_node; /* link into delegated_action, protected by local BH */
|
|
|
|
|
2021-08-14 06:15:42 +08:00
|
|
|
u32 setsockopt_seq;
|
|
|
|
u32 stale_rcv_tstamp;
|
2021-04-16 07:44:54 +08:00
|
|
|
|
2020-01-22 08:56:17 +08:00
|
|
|
struct sock *tcp_sock; /* tcp sk backpointer */
|
|
|
|
struct sock *conn; /* parent mptcp_sock */
|
2020-01-22 08:56:18 +08:00
|
|
|
const struct inet_connection_sock_af_ops *icsk_af_ops;
|
2020-01-22 08:56:24 +08:00
|
|
|
void (*tcp_data_ready)(struct sock *sk);
|
|
|
|
void (*tcp_state_change)(struct sock *sk);
|
|
|
|
void (*tcp_write_space)(struct sock *sk);
|
2021-02-12 07:30:37 +08:00
|
|
|
void (*tcp_error_report)(struct sock *sk);
|
2020-01-22 08:56:24 +08:00
|
|
|
|
2020-01-22 08:56:17 +08:00
|
|
|
struct rcu_head rcu;
|
|
|
|
};
|
|
|
|
|
|
|
|
static inline struct mptcp_subflow_context *
|
|
|
|
mptcp_subflow_ctx(const struct sock *sk)
|
|
|
|
{
|
|
|
|
struct inet_connection_sock *icsk = inet_csk(sk);
|
|
|
|
|
|
|
|
/* Use RCU on icsk_ulp_data only for sock diag code */
|
|
|
|
return (__force struct mptcp_subflow_context *)icsk->icsk_ulp_data;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline struct sock *
|
|
|
|
mptcp_subflow_tcp_sock(const struct mptcp_subflow_context *subflow)
|
|
|
|
{
|
|
|
|
return subflow->tcp_sock;
|
|
|
|
}
|
|
|
|
|
2020-01-22 08:56:24 +08:00
|
|
|
static inline u64
|
|
|
|
mptcp_subflow_get_map_offset(const struct mptcp_subflow_context *subflow)
|
|
|
|
{
|
|
|
|
return tcp_sk(mptcp_subflow_tcp_sock(subflow))->copied_seq -
|
|
|
|
subflow->ssn_offset -
|
|
|
|
subflow->map_subflow_seq;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline u64
|
|
|
|
mptcp_subflow_get_mapped_dsn(const struct mptcp_subflow_context *subflow)
|
|
|
|
{
|
|
|
|
return subflow->map_seq + mptcp_subflow_get_map_offset(subflow);
|
|
|
|
}
|
|
|
|
|
2020-11-20 03:45:58 +08:00
|
|
|
static inline void mptcp_add_pending_subflow(struct mptcp_sock *msk,
|
|
|
|
struct mptcp_subflow_context *subflow)
|
|
|
|
{
|
|
|
|
sock_hold(mptcp_subflow_tcp_sock(subflow));
|
|
|
|
spin_lock_bh(&msk->join_list_lock);
|
|
|
|
list_add_tail(&subflow->node, &msk->join_list);
|
|
|
|
spin_unlock_bh(&msk->join_list_lock);
|
|
|
|
}
|
|
|
|
|
2021-01-20 22:39:14 +08:00
|
|
|
void mptcp_subflow_process_delegated(struct sock *ssk);
|
|
|
|
|
|
|
|
static inline void mptcp_subflow_delegate(struct mptcp_subflow_context *subflow)
|
|
|
|
{
|
|
|
|
struct mptcp_delegated_action *delegated;
|
|
|
|
bool schedule;
|
|
|
|
|
|
|
|
/* The implied barrier pairs with mptcp_subflow_delegated_done(), and
|
|
|
|
* ensures the below list check sees list updates done prior to status
|
|
|
|
* bit changes
|
|
|
|
*/
|
|
|
|
if (!test_and_set_bit(MPTCP_DELEGATE_SEND, &subflow->delegated_status)) {
|
|
|
|
/* still on delegated list from previous scheduling */
|
|
|
|
if (!list_empty(&subflow->delegated_node))
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* the caller held the subflow bh socket lock */
|
|
|
|
lockdep_assert_in_softirq();
|
|
|
|
|
|
|
|
delegated = this_cpu_ptr(&mptcp_delegated_actions);
|
|
|
|
schedule = list_empty(&delegated->head);
|
|
|
|
list_add_tail(&subflow->delegated_node, &delegated->head);
|
|
|
|
sock_hold(mptcp_subflow_tcp_sock(subflow));
|
|
|
|
if (schedule)
|
|
|
|
napi_schedule(&delegated->napi);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline struct mptcp_subflow_context *
|
|
|
|
mptcp_subflow_delegated_next(struct mptcp_delegated_action *delegated)
|
|
|
|
{
|
|
|
|
struct mptcp_subflow_context *ret;
|
|
|
|
|
|
|
|
if (list_empty(&delegated->head))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
ret = list_first_entry(&delegated->head, struct mptcp_subflow_context, delegated_node);
|
|
|
|
list_del_init(&ret->delegated_node);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline bool mptcp_subflow_has_delegated_action(const struct mptcp_subflow_context *subflow)
|
|
|
|
{
|
|
|
|
return test_bit(MPTCP_DELEGATE_SEND, &subflow->delegated_status);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void mptcp_subflow_delegated_done(struct mptcp_subflow_context *subflow)
|
|
|
|
{
|
|
|
|
/* pairs with mptcp_subflow_delegate, ensures delegate_node is updated before
|
|
|
|
* touching the status bit
|
|
|
|
*/
|
|
|
|
smp_wmb();
|
|
|
|
clear_bit(MPTCP_DELEGATE_SEND, &subflow->delegated_status);
|
|
|
|
}
|
|
|
|
|
2020-01-22 08:56:24 +08:00
|
|
|
int mptcp_is_enabled(struct net *net);
|
2020-11-04 03:05:07 +08:00
|
|
|
unsigned int mptcp_get_add_addr_timeout(struct net *net);
|
2021-06-18 07:46:19 +08:00
|
|
|
int mptcp_is_checksum_enabled(struct net *net);
|
2021-06-23 03:25:18 +08:00
|
|
|
int mptcp_allow_join_id0(struct net *net);
|
2020-07-23 19:02:32 +08:00
|
|
|
void mptcp_subflow_fully_established(struct mptcp_subflow_context *subflow,
|
|
|
|
struct mptcp_options_received *mp_opt);
|
2020-01-22 08:56:24 +08:00
|
|
|
bool mptcp_subflow_data_available(struct sock *sk);
|
2020-06-27 01:29:59 +08:00
|
|
|
void __init mptcp_subflow_init(void);
|
2020-09-24 08:29:49 +08:00
|
|
|
void mptcp_subflow_shutdown(struct sock *sk, struct sock *ssk, int how);
|
2021-02-13 07:59:55 +08:00
|
|
|
void mptcp_close_ssk(struct sock *sk, struct sock *ssk,
|
|
|
|
struct mptcp_subflow_context *subflow);
|
2020-10-10 01:00:00 +08:00
|
|
|
void mptcp_subflow_reset(struct sock *ssk);
|
2021-01-20 22:39:10 +08:00
|
|
|
void mptcp_sock_graft(struct sock *sk, struct socket *parent);
|
2021-02-02 07:09:12 +08:00
|
|
|
struct socket *__mptcp_nmpc_socket(const struct mptcp_sock *msk);
|
2020-03-28 05:48:40 +08:00
|
|
|
|
|
|
|
/* called with sk socket lock held */
|
2020-09-14 16:01:15 +08:00
|
|
|
int __mptcp_subflow_connect(struct sock *sk, const struct mptcp_addr_info *loc,
|
2021-04-07 08:15:57 +08:00
|
|
|
const struct mptcp_addr_info *remote,
|
|
|
|
u8 flags, int ifindex);
|
2020-01-22 08:56:17 +08:00
|
|
|
int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock);
|
2021-02-02 07:09:12 +08:00
|
|
|
void mptcp_info2sockaddr(const struct mptcp_addr_info *info,
|
|
|
|
struct sockaddr_storage *addr,
|
|
|
|
unsigned short family);
|
2020-01-22 08:56:17 +08:00
|
|
|
|
2021-04-17 06:38:03 +08:00
|
|
|
static inline bool mptcp_subflow_active(struct mptcp_subflow_context *subflow)
|
|
|
|
{
|
|
|
|
struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
|
|
|
|
|
|
|
|
/* can't send if JOIN hasn't completed yet (i.e. is usable for mptcp) */
|
|
|
|
if (subflow->request_join && !subflow->fully_established)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
/* only send if our side has not closed yet */
|
|
|
|
return ((1 << ssk->sk_state) & (TCPF_ESTABLISHED | TCPF_CLOSE_WAIT));
|
|
|
|
}
|
|
|
|
|
2020-01-22 08:56:24 +08:00
|
|
|
static inline void mptcp_subflow_tcp_fallback(struct sock *sk,
|
|
|
|
struct mptcp_subflow_context *ctx)
|
|
|
|
{
|
|
|
|
sk->sk_data_ready = ctx->tcp_data_ready;
|
|
|
|
sk->sk_state_change = ctx->tcp_state_change;
|
|
|
|
sk->sk_write_space = ctx->tcp_write_space;
|
2021-02-12 07:30:37 +08:00
|
|
|
sk->sk_error_report = ctx->tcp_error_report;
|
2020-01-22 08:56:24 +08:00
|
|
|
|
|
|
|
inet_csk(sk)->icsk_af_ops = ctx->icsk_af_ops;
|
|
|
|
}
|
|
|
|
|
2020-06-27 01:29:59 +08:00
|
|
|
void __init mptcp_proto_init(void);
|
2020-01-22 08:56:28 +08:00
|
|
|
#if IS_ENABLED(CONFIG_MPTCP_IPV6)
|
2020-06-27 01:29:59 +08:00
|
|
|
int __init mptcp_proto_v6_init(void);
|
2020-01-22 08:56:28 +08:00
|
|
|
#endif
|
2020-01-22 08:56:24 +08:00
|
|
|
|
2020-04-20 22:25:06 +08:00
|
|
|
struct sock *mptcp_sk_clone(const struct sock *sk,
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
const struct mptcp_options_received *mp_opt,
|
2020-04-20 22:25:06 +08:00
|
|
|
struct request_sock *req);
|
2021-06-18 07:46:12 +08:00
|
|
|
void mptcp_get_options(const struct sock *sk,
|
|
|
|
const struct sk_buff *skb,
|
mptcp: move option parsing into mptcp_incoming_options()
The mptcp_options_received structure carries several per
packet flags (mp_capable, mp_join, etc.). Such fields must
be cleared on each packet, even on dropped ones or packet
not carrying any MPTCP options, but the current mptcp
code clears them only on TCP option reset.
On several races/corner cases we end-up with stray bits in
incoming options, leading to WARN_ON splats. e.g.:
[ 171.164906] Bad mapping: ssn=32714 map_seq=1 map_data_len=32713
[ 171.165006] WARNING: CPU: 1 PID: 5026 at net/mptcp/subflow.c:533 warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.167632] Modules linked in: ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel geneve ip6_udp_tunnel udp_tunnel macsec macvtap tap ipvlan macvlan 8021q garp mrp xfrm_interface veth netdevsim nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun binfmt_misc intel_rapl_msr intel_rapl_common rfkill kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel joydev virtio_balloon pcspkr i2c_piix4 sunrpc ip_tables xfs libcrc32c crc32c_intel serio_raw virtio_console ata_generic virtio_blk virtio_net net_failover failover ata_piix libata
[ 171.199464] CPU: 1 PID: 5026 Comm: repro Not tainted 5.7.0-rc1.mptcp_f227fdf5d388+ #95
[ 171.200886] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
[ 171.202546] RIP: 0010:warn_bad_map (linux-mptcp/net/mptcp/subflow.c:533 linux-mptcp/net/mptcp/subflow.c:531)
[ 171.206537] Code: c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 1d 8b 55 3c 44 89 e6 48 c7 c7 20 51 13 95 e8 37 8b 22 fe <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 89 4c 24 04 e8 db d6 94 fe 8b 4c
[ 171.220473] RSP: 0018:ffffc90000150560 EFLAGS: 00010282
[ 171.221639] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 171.223108] RDX: 0000000000000000 RSI: 0000000000000008 RDI: fffff5200002a09e
[ 171.224388] RBP: ffff8880aa6e3c00 R08: 0000000000000001 R09: fffffbfff2ec9955
[ 171.225706] R10: ffffffff9764caa7 R11: fffffbfff2ec9954 R12: 0000000000007fca
[ 171.227211] R13: ffff8881066f4a7f R14: ffff8880aa6e3c00 R15: 0000000000000020
[ 171.228460] FS: 00007f8623719740(0000) GS:ffff88810be00000(0000) knlGS:0000000000000000
[ 171.230065] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 171.231303] CR2: 00007ffdab190a50 CR3: 00000001038ea006 CR4: 0000000000160ee0
[ 171.232586] Call Trace:
[ 171.233109] <IRQ>
[ 171.233531] get_mapping_status (linux-mptcp/net/mptcp/subflow.c:691)
[ 171.234371] mptcp_subflow_data_available (linux-mptcp/net/mptcp/subflow.c:736 linux-mptcp/net/mptcp/subflow.c:832)
[ 171.238181] subflow_state_change (linux-mptcp/net/mptcp/subflow.c:1085 (discriminator 1))
[ 171.239066] tcp_fin (linux-mptcp/net/ipv4/tcp_input.c:4217)
[ 171.240123] tcp_data_queue (linux-mptcp/./include/linux/compiler.h:199 linux-mptcp/net/ipv4/tcp_input.c:4822)
[ 171.245083] tcp_rcv_established (linux-mptcp/./include/linux/skbuff.h:1785 linux-mptcp/./include/net/tcp.h:1774 linux-mptcp/./include/net/tcp.h:1847 linux-mptcp/net/ipv4/tcp_input.c:5238 linux-mptcp/net/ipv4/tcp_input.c:5730)
[ 171.254089] tcp_v4_rcv (linux-mptcp/./include/linux/spinlock.h:393 linux-mptcp/net/ipv4/tcp_ipv4.c:2009)
[ 171.258969] ip_protocol_deliver_rcu (linux-mptcp/net/ipv4/ip_input.c:204 (discriminator 1))
[ 171.260214] ip_local_deliver_finish (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/ipv4/ip_input.c:232)
[ 171.261389] ip_local_deliver (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:252)
[ 171.265884] ip_rcv (linux-mptcp/./include/linux/netfilter.h:307 linux-mptcp/./include/linux/netfilter.h:301 linux-mptcp/net/ipv4/ip_input.c:539)
[ 171.273666] process_backlog (linux-mptcp/./include/linux/rcupdate.h:651 linux-mptcp/net/core/dev.c:6135)
[ 171.275328] net_rx_action (linux-mptcp/net/core/dev.c:6572 linux-mptcp/net/core/dev.c:6640)
[ 171.280472] __do_softirq (linux-mptcp/./arch/x86/include/asm/jump_label.h:25 linux-mptcp/./include/linux/jump_label.h:200 linux-mptcp/./include/trace/events/irq.h:142 linux-mptcp/kernel/softirq.c:293)
[ 171.281379] do_softirq_own_stack (linux-mptcp/arch/x86/entry/entry_64.S:1083)
[ 171.282358] </IRQ>
We could address the issue clearing explicitly the relevant fields
in several places - tcp_parse_option, tcp_fast_parse_options,
possibly others.
Instead we move the MPTCP option parsing into the already existing
mptcp ingress hook, so that we need to clear the fields in a single
place.
This allows us dropping an MPTCP hook from the TCP code and
removing the quite large mptcp_options_received from the tcp_sock
struct. On the flip side, the MPTCP sockets will traverse the
option space twice (in tcp_parse_option() and in
mptcp_incoming_options(). That looks acceptable: we already
do that for syn and 3rd ack packets, plain TCP socket will
benefit from it, and even MPTCP sockets will experience better
code locality, reducing the jumps between TCP and MPTCP code.
v1 -> v2:
- rebased on current '-net' tree
Fixes: 648ef4b88673 ("mptcp: Implement MPTCP receive path")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-30 21:01:52 +08:00
|
|
|
struct mptcp_options_received *mp_opt);
|
2020-01-22 08:56:18 +08:00
|
|
|
|
|
|
|
void mptcp_finish_connect(struct sock *sk);
|
2021-06-22 08:33:08 +08:00
|
|
|
void __mptcp_set_connected(struct sock *sk);
|
2020-07-23 19:02:32 +08:00
|
|
|
static inline bool mptcp_is_fully_established(struct sock *sk)
|
|
|
|
{
|
|
|
|
return inet_sk_state_load(sk) == TCP_ESTABLISHED &&
|
|
|
|
READ_ONCE(mptcp_sk(sk)->fully_established);
|
|
|
|
}
|
2020-07-01 03:24:45 +08:00
|
|
|
void mptcp_rcv_space_init(struct mptcp_sock *msk, const struct sock *ssk);
|
2020-02-26 17:14:51 +08:00
|
|
|
void mptcp_data_ready(struct sock *sk, struct sock *ssk);
|
2020-03-28 05:48:39 +08:00
|
|
|
bool mptcp_finish_join(struct sock *sk);
|
2020-11-16 17:48:05 +08:00
|
|
|
bool mptcp_schedule_work(struct sock *sk);
|
2021-04-16 07:44:51 +08:00
|
|
|
int mptcp_setsockopt(struct sock *sk, int level, int optname,
|
|
|
|
sockptr_t optval, unsigned int optlen);
|
|
|
|
int mptcp_getsockopt(struct sock *sk, int level, int optname,
|
|
|
|
char __user *optval, int __user *option);
|
|
|
|
|
2021-06-19 06:02:20 +08:00
|
|
|
u64 __mptcp_expand_seq(u64 old_seq, u64 cur_seq);
|
|
|
|
static inline u64 mptcp_expand_seq(u64 old_seq, u64 cur_seq, bool use_64bit)
|
|
|
|
{
|
|
|
|
if (use_64bit)
|
|
|
|
return cur_seq;
|
|
|
|
|
|
|
|
return __mptcp_expand_seq(old_seq, cur_seq);
|
|
|
|
}
|
2020-12-16 19:48:34 +08:00
|
|
|
void __mptcp_check_push(struct sock *sk, struct sock *ssk);
|
2020-11-27 18:10:26 +08:00
|
|
|
void __mptcp_data_acked(struct sock *sk);
|
2021-02-12 07:30:37 +08:00
|
|
|
void __mptcp_error_report(struct sock *sk);
|
2020-04-02 19:44:52 +08:00
|
|
|
void mptcp_subflow_eof(struct sock *sk);
|
2020-09-30 06:08:20 +08:00
|
|
|
bool mptcp_update_rcv_data_fin(struct mptcp_sock *msk, u64 data_fin_seq, bool use_64bit);
|
2020-11-20 03:46:00 +08:00
|
|
|
void __mptcp_flush_join_list(struct mptcp_sock *msk);
|
2020-11-16 17:48:09 +08:00
|
|
|
static inline bool mptcp_data_fin_enabled(const struct mptcp_sock *msk)
|
|
|
|
{
|
|
|
|
return READ_ONCE(msk->snd_data_fin_enable) &&
|
|
|
|
READ_ONCE(msk->write_seq) == READ_ONCE(msk->snd_nxt);
|
|
|
|
}
|
|
|
|
|
2021-01-20 22:39:11 +08:00
|
|
|
static inline bool mptcp_propagate_sndbuf(struct sock *sk, struct sock *ssk)
|
|
|
|
{
|
|
|
|
if ((sk->sk_userlocks & SOCK_SNDBUF_LOCK) || ssk->sk_sndbuf <= READ_ONCE(sk->sk_sndbuf))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
WRITE_ONCE(sk->sk_sndbuf, ssk->sk_sndbuf);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void mptcp_write_space(struct sock *sk)
|
|
|
|
{
|
|
|
|
if (sk_stream_is_writeable(sk)) {
|
|
|
|
/* pairs with memory barrier in mptcp_poll */
|
|
|
|
smp_mb();
|
|
|
|
if (test_and_clear_bit(MPTCP_NOSPACE, &mptcp_sk(sk)->flags))
|
|
|
|
sk_stream_write_space(sk);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-24 08:29:57 +08:00
|
|
|
void mptcp_destroy_common(struct mptcp_sock *msk);
|
2020-01-22 08:56:18 +08:00
|
|
|
|
2021-05-28 07:54:25 +08:00
|
|
|
#define MPTCP_TOKEN_MAX_RETRIES 4
|
|
|
|
|
2020-06-27 01:30:00 +08:00
|
|
|
void __init mptcp_token_init(void);
|
|
|
|
static inline void mptcp_token_init_request(struct request_sock *req)
|
|
|
|
{
|
|
|
|
mptcp_subflow_rsk(req)->token_node.pprev = NULL;
|
|
|
|
}
|
|
|
|
|
2020-01-22 08:56:20 +08:00
|
|
|
int mptcp_token_new_request(struct request_sock *req);
|
2020-06-27 01:30:00 +08:00
|
|
|
void mptcp_token_destroy_request(struct request_sock *req);
|
2020-01-22 08:56:20 +08:00
|
|
|
int mptcp_token_new_connect(struct sock *sk);
|
2020-06-27 01:30:00 +08:00
|
|
|
void mptcp_token_accept(struct mptcp_subflow_request_sock *r,
|
|
|
|
struct mptcp_sock *msk);
|
2020-07-31 03:25:54 +08:00
|
|
|
bool mptcp_token_exists(u32 token);
|
2020-03-28 05:48:39 +08:00
|
|
|
struct mptcp_sock *mptcp_token_get_sock(u32 token);
|
2020-07-09 21:12:40 +08:00
|
|
|
struct mptcp_sock *mptcp_token_iter_next(const struct net *net, long *s_slot,
|
|
|
|
long *s_num);
|
2020-06-27 01:30:00 +08:00
|
|
|
void mptcp_token_destroy(struct mptcp_sock *msk);
|
2020-01-22 08:56:20 +08:00
|
|
|
|
|
|
|
void mptcp_crypto_key_sha(u64 key, u32 *token, u64 *idsn);
|
|
|
|
|
2020-03-28 05:48:37 +08:00
|
|
|
void mptcp_crypto_hmac_sha(u64 key1, u64 key2, u8 *msg, int len, void *hmac);
|
2020-01-22 08:56:20 +08:00
|
|
|
|
2020-06-27 01:29:59 +08:00
|
|
|
void __init mptcp_pm_init(void);
|
2020-03-28 05:48:38 +08:00
|
|
|
void mptcp_pm_data_init(struct mptcp_sock *msk);
|
2021-08-14 06:15:42 +08:00
|
|
|
void mptcp_pm_subflow_chk_stale(const struct mptcp_sock *msk, struct sock *ssk);
|
2021-02-13 07:59:58 +08:00
|
|
|
void mptcp_pm_new_connection(struct mptcp_sock *msk, const struct sock *ssk, int server_side);
|
|
|
|
void mptcp_pm_fully_established(struct mptcp_sock *msk, const struct sock *ssk, gfp_t gfp);
|
2020-03-28 05:48:38 +08:00
|
|
|
bool mptcp_pm_allow_new_subflow(struct mptcp_sock *msk);
|
|
|
|
void mptcp_pm_connection_closed(struct mptcp_sock *msk);
|
2021-03-27 02:26:33 +08:00
|
|
|
void mptcp_pm_subflow_established(struct mptcp_sock *msk);
|
2020-03-28 05:48:38 +08:00
|
|
|
void mptcp_pm_subflow_closed(struct mptcp_sock *msk, u8 id);
|
|
|
|
void mptcp_pm_add_addr_received(struct mptcp_sock *msk,
|
|
|
|
const struct mptcp_addr_info *addr);
|
2021-03-27 02:26:38 +08:00
|
|
|
void mptcp_pm_add_addr_echoed(struct mptcp_sock *msk,
|
|
|
|
struct mptcp_addr_info *addr);
|
2020-11-20 03:46:00 +08:00
|
|
|
void mptcp_pm_add_addr_send_ack(struct mptcp_sock *msk);
|
2021-03-27 02:26:41 +08:00
|
|
|
void mptcp_pm_nl_addr_send_ack(struct mptcp_sock *msk);
|
2021-03-13 09:16:13 +08:00
|
|
|
void mptcp_pm_rm_addr_received(struct mptcp_sock *msk,
|
|
|
|
const struct mptcp_rm_list *rm_list);
|
2021-01-09 08:47:58 +08:00
|
|
|
void mptcp_pm_mp_prio_received(struct sock *sk, u8 bkup);
|
2021-01-09 08:47:57 +08:00
|
|
|
int mptcp_pm_nl_mp_prio_send_ack(struct mptcp_sock *msk,
|
|
|
|
struct mptcp_addr_info *addr,
|
|
|
|
u8 bkup);
|
2020-09-24 08:29:54 +08:00
|
|
|
void mptcp_pm_free_anno_list(struct mptcp_sock *msk);
|
2021-02-02 07:09:15 +08:00
|
|
|
bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock *sk);
|
2020-09-24 08:30:02 +08:00
|
|
|
struct mptcp_pm_add_entry *
|
|
|
|
mptcp_pm_del_add_timer(struct mptcp_sock *msk,
|
mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer
when Linux receives an echo-ed ADD_ADDR, it checks the IP address against
the list of "announced" addresses. In case of a positive match, the timer
that handles retransmissions is stopped regardless of the 'Address Id' in
the received packet: this behaviour does not comply with RFC8684 3.4.1.
Fix it by validating the 'Address Id' in received echo-ed ADD_ADDRs.
Tested using packetdrill, with the following captured output:
unpatched kernel:
Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0xfd2e62517888fe29,mptcp dss ack 3007449509], length 0
In <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 1 1.2.3.4,mptcp dss ack 3013740213], length 0
Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0xfd2e62517888fe29,mptcp dss ack 3007449509], length 0
In <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 90 198.51.100.2,mptcp dss ack 3013740213], length 0
^^^ retransmission is stopped here, but 'Address Id' is 90
patched kernel:
Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0x1cf372d59e05f4b8,mptcp dss ack 3007449509], length 0
In <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 1 1.2.3.4,mptcp dss ack 1672384568], length 0
Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0x1cf372d59e05f4b8,mptcp dss ack 3007449509], length 0
In <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 90 198.51.100.2,mptcp dss ack 1672384568], length 0
Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0x1cf372d59e05f4b8,mptcp dss ack 3007449509], length 0
In <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 1 198.51.100.2,mptcp dss ack 1672384568], length 0
^^^ retransmission is stopped here, only when both 'Address Id' and 'IP Address' match
Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-05-26 05:23:13 +08:00
|
|
|
struct mptcp_addr_info *addr, bool check_id);
|
2021-03-27 02:26:37 +08:00
|
|
|
struct mptcp_pm_add_entry *
|
|
|
|
mptcp_lookup_anno_list_by_saddr(struct mptcp_sock *msk,
|
|
|
|
struct mptcp_addr_info *addr);
|
2020-03-28 05:48:38 +08:00
|
|
|
|
|
|
|
int mptcp_pm_announce_addr(struct mptcp_sock *msk,
|
2020-09-24 08:29:50 +08:00
|
|
|
const struct mptcp_addr_info *addr,
|
2021-03-27 02:26:31 +08:00
|
|
|
bool echo);
|
2021-03-13 09:16:12 +08:00
|
|
|
int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list);
|
2021-03-13 09:16:16 +08:00
|
|
|
int mptcp_pm_remove_subflow(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list);
|
2020-03-28 05:48:38 +08:00
|
|
|
|
2021-02-13 08:00:01 +08:00
|
|
|
void mptcp_event(enum mptcp_event_type type, const struct mptcp_sock *msk,
|
|
|
|
const struct sock *ssk, gfp_t gfp);
|
|
|
|
void mptcp_event_addr_announced(const struct mptcp_sock *msk, const struct mptcp_addr_info *info);
|
|
|
|
void mptcp_event_addr_removed(const struct mptcp_sock *msk, u8 id);
|
|
|
|
|
2020-09-24 08:29:47 +08:00
|
|
|
static inline bool mptcp_pm_should_add_signal(struct mptcp_sock *msk)
|
2020-03-28 05:48:38 +08:00
|
|
|
{
|
2020-12-10 07:51:27 +08:00
|
|
|
return READ_ONCE(msk->pm.addr_signal) & BIT(MPTCP_ADD_ADDR_SIGNAL);
|
2020-11-20 03:45:59 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline bool mptcp_pm_should_add_signal_echo(struct mptcp_sock *msk)
|
|
|
|
{
|
2020-12-10 07:51:27 +08:00
|
|
|
return READ_ONCE(msk->pm.addr_signal) & BIT(MPTCP_ADD_ADDR_ECHO);
|
2020-03-28 05:48:38 +08:00
|
|
|
}
|
|
|
|
|
2020-11-20 03:46:00 +08:00
|
|
|
static inline bool mptcp_pm_should_add_signal_ipv6(struct mptcp_sock *msk)
|
|
|
|
{
|
2020-12-10 07:51:27 +08:00
|
|
|
return READ_ONCE(msk->pm.addr_signal) & BIT(MPTCP_ADD_ADDR_IPV6);
|
2020-11-20 03:46:00 +08:00
|
|
|
}
|
|
|
|
|
2020-12-10 07:51:22 +08:00
|
|
|
static inline bool mptcp_pm_should_add_signal_port(struct mptcp_sock *msk)
|
|
|
|
{
|
2020-12-10 07:51:27 +08:00
|
|
|
return READ_ONCE(msk->pm.addr_signal) & BIT(MPTCP_ADD_ADDR_PORT);
|
2020-12-10 07:51:22 +08:00
|
|
|
}
|
|
|
|
|
2020-09-24 08:29:48 +08:00
|
|
|
static inline bool mptcp_pm_should_rm_signal(struct mptcp_sock *msk)
|
|
|
|
{
|
2020-12-10 07:51:27 +08:00
|
|
|
return READ_ONCE(msk->pm.addr_signal) & BIT(MPTCP_RM_ADDR_SIGNAL);
|
2020-09-24 08:29:48 +08:00
|
|
|
}
|
|
|
|
|
2020-12-10 07:51:22 +08:00
|
|
|
static inline unsigned int mptcp_add_addr_len(int family, bool echo, bool port)
|
2020-03-28 05:48:38 +08:00
|
|
|
{
|
2020-12-10 07:51:21 +08:00
|
|
|
u8 len = TCPOLEN_MPTCP_ADD_ADDR_BASE;
|
|
|
|
|
|
|
|
if (family == AF_INET6)
|
|
|
|
len = TCPOLEN_MPTCP_ADD_ADDR6_BASE;
|
|
|
|
if (!echo)
|
|
|
|
len += MPTCPOPT_THMAC_LEN;
|
mptcp: fix length of ADD_ADDR with port sub-option
in current Linux, MPTCP peers advertising endpoints with port numbers use
a sub-option length that wrongly accounts for the trailing TCP NOP. Also,
receivers will only process incoming ADD_ADDR with port having such wrong
sub-option length. Fix this, making ADD_ADDR compliant to RFC8684 §3.4.1.
this can be verified running tcpdump on the kselftests artifacts:
unpatched kernel:
[root@bottarga mptcp]# tcpdump -tnnr unpatched.pcap | grep add-addr
reading from file unpatched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.53078: Flags [.], ack 101, win 509, options [nop,nop,TS val 214459678 ecr 521312851,mptcp add-addr v1 id 1 a00:201:2774:2d88:7436:85c3:17fd:101], length 0
IP 10.0.1.2.53078 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 521312852 ecr 214459678,mptcp add-addr[bad opt]]
patched kernel:
[root@bottarga mptcp]# tcpdump -tnnr patched.pcap | grep add-addr
reading from file patched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.38178: Flags [.], ack 101, win 509, options [nop,nop,TS val 3728873902 ecr 2732713192,mptcp add-addr v1 id 1 10.0.2.1:10100 hmac 0xbccdfcbe59292a1f,nop,nop], length 0
IP 10.0.1.2.38178 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 2732713195 ecr 3728873902,mptcp add-addr v1-echo id 1 10.0.2.1:10100,nop,nop], length 0
Fixes: 22fb85ffaefb ("mptcp: add port support for ADD_ADDR suboption writing")
CC: stable@vger.kernel.org # 5.11+
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Acked-and-tested-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-08 17:00:04 +08:00
|
|
|
/* account for 2 trailing 'nop' options */
|
2020-12-10 07:51:22 +08:00
|
|
|
if (port)
|
mptcp: fix length of ADD_ADDR with port sub-option
in current Linux, MPTCP peers advertising endpoints with port numbers use
a sub-option length that wrongly accounts for the trailing TCP NOP. Also,
receivers will only process incoming ADD_ADDR with port having such wrong
sub-option length. Fix this, making ADD_ADDR compliant to RFC8684 §3.4.1.
this can be verified running tcpdump on the kselftests artifacts:
unpatched kernel:
[root@bottarga mptcp]# tcpdump -tnnr unpatched.pcap | grep add-addr
reading from file unpatched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.53078: Flags [.], ack 101, win 509, options [nop,nop,TS val 214459678 ecr 521312851,mptcp add-addr v1 id 1 a00:201:2774:2d88:7436:85c3:17fd:101], length 0
IP 10.0.1.2.53078 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 521312852 ecr 214459678,mptcp add-addr[bad opt]]
patched kernel:
[root@bottarga mptcp]# tcpdump -tnnr patched.pcap | grep add-addr
reading from file patched.pcap, link-type LINUX_SLL (Linux cooked v1), snapshot length 65535
IP 10.0.1.1.10000 > 10.0.1.2.38178: Flags [.], ack 101, win 509, options [nop,nop,TS val 3728873902 ecr 2732713192,mptcp add-addr v1 id 1 10.0.2.1:10100 hmac 0xbccdfcbe59292a1f,nop,nop], length 0
IP 10.0.1.2.38178 > 10.0.1.1.10000: Flags [.], ack 101, win 502, options [nop,nop,TS val 2732713195 ecr 3728873902,mptcp add-addr v1-echo id 1 10.0.2.1:10100,nop,nop], length 0
Fixes: 22fb85ffaefb ("mptcp: add port support for ADD_ADDR suboption writing")
CC: stable@vger.kernel.org # 5.11+
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Acked-and-tested-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-08 17:00:04 +08:00
|
|
|
len += TCPOLEN_MPTCP_PORT_LEN + TCPOLEN_MPTCP_PORT_ALIGN;
|
2020-12-10 07:51:21 +08:00
|
|
|
|
|
|
|
return len;
|
2020-03-28 05:48:38 +08:00
|
|
|
}
|
|
|
|
|
2021-03-13 09:16:11 +08:00
|
|
|
static inline int mptcp_rm_addr_len(const struct mptcp_rm_list *rm_list)
|
|
|
|
{
|
|
|
|
if (rm_list->nr == 0 || rm_list->nr > MPTCP_RM_IDS_MAX)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
return TCPOLEN_MPTCP_RM_ADDR_BASE + roundup(rm_list->nr - 1, 4) + 1;
|
|
|
|
}
|
|
|
|
|
2020-09-24 08:29:47 +08:00
|
|
|
bool mptcp_pm_add_addr_signal(struct mptcp_sock *msk, unsigned int remaining,
|
2020-12-10 07:51:22 +08:00
|
|
|
struct mptcp_addr_info *saddr, bool *echo, bool *port);
|
2020-09-24 08:29:48 +08:00
|
|
|
bool mptcp_pm_rm_addr_signal(struct mptcp_sock *msk, unsigned int remaining,
|
2021-03-13 09:16:11 +08:00
|
|
|
struct mptcp_rm_list *rm_list);
|
2020-03-28 05:48:38 +08:00
|
|
|
int mptcp_pm_get_local_id(struct mptcp_sock *msk, struct sock_common *skc);
|
|
|
|
|
2020-06-27 01:29:59 +08:00
|
|
|
void __init mptcp_pm_nl_init(void);
|
2020-03-28 05:48:51 +08:00
|
|
|
void mptcp_pm_nl_data_init(struct mptcp_sock *msk);
|
2021-02-13 07:59:54 +08:00
|
|
|
void mptcp_pm_nl_work(struct mptcp_sock *msk);
|
2021-03-13 09:16:16 +08:00
|
|
|
void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk,
|
|
|
|
const struct mptcp_rm_list *rm_list);
|
2020-03-28 05:48:51 +08:00
|
|
|
int mptcp_pm_nl_get_local_id(struct mptcp_sock *msk, struct sock_common *skc);
|
2021-02-02 07:09:07 +08:00
|
|
|
unsigned int mptcp_pm_get_add_addr_signal_max(struct mptcp_sock *msk);
|
|
|
|
unsigned int mptcp_pm_get_add_addr_accept_max(struct mptcp_sock *msk);
|
|
|
|
unsigned int mptcp_pm_get_subflows_max(struct mptcp_sock *msk);
|
2021-02-13 08:52:02 +08:00
|
|
|
unsigned int mptcp_pm_get_local_addr_max(struct mptcp_sock *msk);
|
2021-04-16 07:44:53 +08:00
|
|
|
|
|
|
|
void mptcp_sockopt_sync(struct mptcp_sock *msk, struct sock *ssk);
|
|
|
|
void mptcp_sockopt_sync_all(struct mptcp_sock *msk);
|
2020-03-28 05:48:51 +08:00
|
|
|
|
2021-04-02 07:19:44 +08:00
|
|
|
static inline struct mptcp_ext *mptcp_get_ext(const struct sk_buff *skb)
|
2020-01-22 08:56:23 +08:00
|
|
|
{
|
|
|
|
return (struct mptcp_ext *)skb_ext_find(skb, SKB_EXT_MPTCP);
|
|
|
|
}
|
|
|
|
|
2020-03-28 05:48:49 +08:00
|
|
|
void mptcp_diag_subflow_init(struct tcp_ulp_ops *ops);
|
|
|
|
|
2020-09-14 16:01:17 +08:00
|
|
|
static inline bool __mptcp_check_fallback(const struct mptcp_sock *msk)
|
2020-06-30 04:26:20 +08:00
|
|
|
{
|
|
|
|
return test_bit(MPTCP_FALLBACK_DONE, &msk->flags);
|
|
|
|
}
|
|
|
|
|
2020-09-14 16:01:17 +08:00
|
|
|
static inline bool mptcp_check_fallback(const struct sock *sk)
|
2020-06-30 04:26:20 +08:00
|
|
|
{
|
|
|
|
struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
|
|
|
|
struct mptcp_sock *msk = mptcp_sk(subflow->conn);
|
|
|
|
|
|
|
|
return __mptcp_check_fallback(msk);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void __mptcp_do_fallback(struct mptcp_sock *msk)
|
|
|
|
{
|
|
|
|
if (test_bit(MPTCP_FALLBACK_DONE, &msk->flags)) {
|
|
|
|
pr_debug("TCP fallback already done (msk=%p)", msk);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
set_bit(MPTCP_FALLBACK_DONE, &msk->flags);
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void mptcp_do_fallback(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
|
|
|
|
struct mptcp_sock *msk = mptcp_sk(subflow->conn);
|
|
|
|
|
|
|
|
__mptcp_do_fallback(msk);
|
|
|
|
}
|
|
|
|
|
|
|
|
#define pr_fallback(a) pr_debug("%s:fallback to TCP (msk=%p)", __func__, a)
|
|
|
|
|
mptcp: fallback in case of simultaneous connect
when a MPTCP client tries to connect to itself, tcp_finish_connect() is
never reached. Because of this, depending on the socket current state,
multiple faulty behaviours can be observed:
1) a WARN_ON() in subflow_data_ready() is hit
WARNING: CPU: 2 PID: 882 at net/mptcp/subflow.c:911 subflow_data_ready+0x18b/0x230
[...]
CPU: 2 PID: 882 Comm: gh35 Not tainted 5.7.0+ #187
[...]
RIP: 0010:subflow_data_ready+0x18b/0x230
[...]
Call Trace:
tcp_data_queue+0xd2f/0x4250
tcp_rcv_state_process+0xb1c/0x49d3
tcp_v4_do_rcv+0x2bc/0x790
__release_sock+0x153/0x2d0
release_sock+0x4f/0x170
mptcp_shutdown+0x167/0x4e0
__sys_shutdown+0xe6/0x180
__x64_sys_shutdown+0x50/0x70
do_syscall_64+0x9a/0x370
entry_SYSCALL_64_after_hwframe+0x44/0xa9
2) client is stuck forever in mptcp_sendmsg() because the socket is not
TCP_ESTABLISHED
crash> bt 4847
PID: 4847 TASK: ffff88814b2fb100 CPU: 1 COMMAND: "gh35"
#0 [ffff8881376ff680] __schedule at ffffffff97248da4
#1 [ffff8881376ff778] schedule at ffffffff9724a34f
#2 [ffff8881376ff7a0] schedule_timeout at ffffffff97252ba0
#3 [ffff8881376ff8a8] wait_woken at ffffffff958ab4ba
#4 [ffff8881376ff940] sk_stream_wait_connect at ffffffff96c2d859
#5 [ffff8881376ffa28] mptcp_sendmsg at ffffffff97207fca
#6 [ffff8881376ffbc0] sock_sendmsg at ffffffff96be1b5b
#7 [ffff8881376ffbe8] sock_write_iter at ffffffff96be1daa
#8 [ffff8881376ffce8] new_sync_write at ffffffff95e5cb52
#9 [ffff8881376ffe50] vfs_write at ffffffff95e6547f
#10 [ffff8881376ffe90] ksys_write at ffffffff95e65d26
#11 [ffff8881376fff28] do_syscall_64 at ffffffff956088ba
#12 [ffff8881376fff50] entry_SYSCALL_64_after_hwframe at ffffffff9740008c
RIP: 00007f126f6956ed RSP: 00007ffc2a320278 RFLAGS: 00000217
RAX: ffffffffffffffda RBX: 0000000020000044 RCX: 00007f126f6956ed
RDX: 0000000000000004 RSI: 00000000004007b8 RDI: 0000000000000003
RBP: 00007ffc2a3202a0 R8: 0000000000400720 R9: 0000000000400720
R10: 0000000000400720 R11: 0000000000000217 R12: 00000000004004b0
R13: 00007ffc2a320380 R14: 0000000000000000 R15: 0000000000000000
ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b
3) tcpdump captures show that DSS is exchanged even when MP_CAPABLE handshake
didn't complete.
$ tcpdump -tnnr bad.pcap
IP 127.0.0.1.20000 > 127.0.0.1.20000: Flags [S], seq 3208913911, win 65483, options [mss 65495,sackOK,TS val 3291706876 ecr 3291694721,nop,wscale 7,mptcp capable v1], length 0
IP 127.0.0.1.20000 > 127.0.0.1.20000: Flags [S.], seq 3208913911, ack 3208913912, win 65483, options [mss 65495,sackOK,TS val 3291706876 ecr 3291706876,nop,wscale 7,mptcp capable v1], length 0
IP 127.0.0.1.20000 > 127.0.0.1.20000: Flags [.], ack 1, win 512, options [nop,nop,TS val 3291706876 ecr 3291706876], length 0
IP 127.0.0.1.20000 > 127.0.0.1.20000: Flags [F.], seq 1, ack 1, win 512, options [nop,nop,TS val 3291707876 ecr 3291706876,mptcp dss fin seq 0 subseq 0 len 1,nop,nop], length 0
IP 127.0.0.1.20000 > 127.0.0.1.20000: Flags [.], ack 2, win 512, options [nop,nop,TS val 3291707876 ecr 3291707876], length 0
force a fallback to TCP in these cases, and adjust the main socket
state to avoid hanging in mptcp_sendmsg().
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/35
Reported-by: Christoph Paasch <cpaasch@apple.com>
Suggested-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-06-30 04:26:21 +08:00
|
|
|
static inline bool subflow_simultaneous_connect(struct sock *sk)
|
|
|
|
{
|
|
|
|
struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
|
|
|
|
struct sock *parent = subflow->conn;
|
|
|
|
|
|
|
|
return sk->sk_state == TCP_ESTABLISHED &&
|
|
|
|
!mptcp_sk(parent)->pm.server_side &&
|
|
|
|
!subflow->conn_finished;
|
|
|
|
}
|
|
|
|
|
2020-07-31 03:25:56 +08:00
|
|
|
#ifdef CONFIG_SYN_COOKIES
|
|
|
|
void subflow_init_req_cookie_join_save(const struct mptcp_subflow_request_sock *subflow_req,
|
|
|
|
struct sk_buff *skb);
|
|
|
|
bool mptcp_token_join_cookie_init_state(struct mptcp_subflow_request_sock *subflow_req,
|
|
|
|
struct sk_buff *skb);
|
|
|
|
void __init mptcp_join_cookie_init(void);
|
|
|
|
#else
|
|
|
|
static inline void
|
|
|
|
subflow_init_req_cookie_join_save(const struct mptcp_subflow_request_sock *subflow_req,
|
|
|
|
struct sk_buff *skb) {}
|
|
|
|
static inline bool
|
|
|
|
mptcp_token_join_cookie_init_state(struct mptcp_subflow_request_sock *subflow_req,
|
|
|
|
struct sk_buff *skb)
|
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline void mptcp_join_cookie_init(void) {}
|
|
|
|
#endif
|
|
|
|
|
2020-01-22 08:56:15 +08:00
|
|
|
#endif /* __MPTCP_PROTOCOL_H */
|