| Message ID | 20221025180546.652251-1-edumazet@google.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | d1e96cc4fbe031c19d6fd9d8d2e63c03452fa290 |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net-next] mptcp: fix tracking issue in mptcp_subflow_create_socket() | expand |
From: Eric Dumazet <edumazet@google.com> Date: Tue, 25 Oct 2022 18:05:46 +0000 > My recent patch missed that mptcp_subflow_create_socket() > was creating a 'kernel' socket, then converted it to 'user' socket. > > Fixes: 0cafd77dcd03 ("net: add a refcount tracker for kernel sockets") > Reported-by: syzbot <syzkaller@googlegroups.com> > Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com> I missed that, thanks for the fix! > Cc: Mat Martineau <mathew.j.martineau@linux.intel.com> > Cc: Matthieu Baerts <matthieu.baerts@tessares.net> > Cc: Kuniyuki Iwashima <kuniyu@amazon.com> > --- > net/mptcp/subflow.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c > index 07dd23d0fe04ac37f4cc66c0c21d4d41f50fb3f4..120f792fda9764271f020771b36d27c6e44d8618 100644 > --- a/net/mptcp/subflow.c > +++ b/net/mptcp/subflow.c > @@ -1595,7 +1595,9 @@ int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) > > /* kernel sockets do not by default acquire net ref, but TCP timer > * needs it. > + * Update ns_tracker to current stack trace and refcounted tracker. > */ > + __netns_tracker_free(net, &sf->sk->ns_tracker, false); > sf->sk->sk_net_refcnt = 1; > get_net_track(net, &sf->sk->ns_tracker, GFP_KERNEL); > sock_inuse_add(net, 1); > -- > 2.38.0.135.g90850a2211-goog
On Tue, 25 Oct 2022, Eric Dumazet wrote: > My recent patch missed that mptcp_subflow_create_socket() > was creating a 'kernel' socket, then converted it to 'user' socket. > > Fixes: 0cafd77dcd03 ("net: add a refcount tracker for kernel sockets") > Reported-by: syzbot <syzkaller@googlegroups.com> > Signed-off-by: Eric Dumazet <edumazet@google.com> > Cc: Mat Martineau <mathew.j.martineau@linux.intel.com> > Cc: Matthieu Baerts <matthieu.baerts@tessares.net> > Cc: Kuniyuki Iwashima <kuniyu@amazon.com> > --- Hi Eric - I also missed this quirk in MPTCP subflow handling, thanks for the fix: Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> > net/mptcp/subflow.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c > index 07dd23d0fe04ac37f4cc66c0c21d4d41f50fb3f4..120f792fda9764271f020771b36d27c6e44d8618 100644 > --- a/net/mptcp/subflow.c > +++ b/net/mptcp/subflow.c > @@ -1595,7 +1595,9 @@ int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) > > /* kernel sockets do not by default acquire net ref, but TCP timer > * needs it. > + * Update ns_tracker to current stack trace and refcounted tracker. > */ > + __netns_tracker_free(net, &sf->sk->ns_tracker, false); > sf->sk->sk_net_refcnt = 1; > get_net_track(net, &sf->sk->ns_tracker, GFP_KERNEL); > sock_inuse_add(net, 1); > -- > 2.38.0.135.g90850a2211-goog > > -- Mat Martineau Intel
Hello: This patch was applied to netdev/net-next.git (master) by Jakub Kicinski <kuba@kernel.org>: On Tue, 25 Oct 2022 18:05:46 +0000 you wrote: > My recent patch missed that mptcp_subflow_create_socket() > was creating a 'kernel' socket, then converted it to 'user' socket. > > Fixes: 0cafd77dcd03 ("net: add a refcount tracker for kernel sockets") > Reported-by: syzbot <syzkaller@googlegroups.com> > Signed-off-by: Eric Dumazet <edumazet@google.com> > Cc: Mat Martineau <mathew.j.martineau@linux.intel.com> > Cc: Matthieu Baerts <matthieu.baerts@tessares.net> > Cc: Kuniyuki Iwashima <kuniyu@amazon.com> > > [...] Here is the summary with links: - [net-next] mptcp: fix tracking issue in mptcp_subflow_create_socket() https://git.kernel.org/netdev/net-next/c/d1e96cc4fbe0 You are awesome, thank you!
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 07dd23d0fe04ac37f4cc66c0c21d4d41f50fb3f4..120f792fda9764271f020771b36d27c6e44d8618 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1595,7 +1595,9 @@ int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) /* kernel sockets do not by default acquire net ref, but TCP timer * needs it. + * Update ns_tracker to current stack trace and refcounted tracker. */ + __netns_tracker_free(net, &sf->sk->ns_tracker, false); sf->sk->sk_net_refcnt = 1; get_net_track(net, &sf->sk->ns_tracker, GFP_KERNEL); sock_inuse_add(net, 1);
My recent patch missed that mptcp_subflow_create_socket() was creating a 'kernel' socket, then converted it to 'user' socket. Fixes: 0cafd77dcd03 ("net: add a refcount tracker for kernel sockets") Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Mat Martineau <mathew.j.martineau@linux.intel.com> Cc: Matthieu Baerts <matthieu.baerts@tessares.net> Cc: Kuniyuki Iwashima <kuniyu@amazon.com> --- net/mptcp/subflow.c | 2 ++ 1 file changed, 2 insertions(+)