| Message ID | 20240603143231.62085-2-kuniyu@amazon.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | af_unix: Fix lockless access of sk->sk_state and others fields. | expand |
On Mon, Jun 03, 2024 at 07:32:17AM -0700, Kuniyuki Iwashima wrote: > - if (other != old_peer) > + if (other != old_peer) { > unix_dgram_disconnected(sk, old_peer); > + > + unix_state_lock(old_peer); > + if (!unix_peer(old_peer)) > + WRITE_ONCE(old_peer->sk_state, TCP_CLOSE); > + unix_state_lock(old_peer); lock() old_peer twice? Has it been tested? ;-) Regards.
From: Cong Wang <xiyou.wangcong@gmail.com> Date: Mon, 3 Jun 2024 09:26:29 -0700 > On Mon, Jun 03, 2024 at 07:32:17AM -0700, Kuniyuki Iwashima wrote: > > - if (other != old_peer) > > + if (other != old_peer) { > > unix_dgram_disconnected(sk, old_peer); > > + > > + unix_state_lock(old_peer); > > + if (!unix_peer(old_peer)) > > + WRITE_ONCE(old_peer->sk_state, TCP_CLOSE); > > + unix_state_lock(old_peer); > > lock() old_peer twice? Has it been tested? ;-)B Ugh, apparently no :S (compile-test only) Should've run the same command in the changelog. Will fix in v2. Thanks!
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 25b49efc0926..541216382cf5 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -570,7 +570,6 @@ static void unix_dgram_disconnected(struct sock *sk, struct sock *other) sk_error_report(other); } } - other->sk_state = TCP_CLOSE; } static void unix_sock_destructor(struct sock *sk) @@ -1424,8 +1423,15 @@ static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr, unix_state_double_unlock(sk, other); - if (other != old_peer) + if (other != old_peer) { unix_dgram_disconnected(sk, old_peer); + + unix_state_lock(old_peer); + if (!unix_peer(old_peer)) + WRITE_ONCE(old_peer->sk_state, TCP_CLOSE); + unix_state_lock(old_peer); + } + sock_put(old_peer); } else { unix_peer(sk) = other;
When a SOCK_DGRAM socket connect()s to another socket, the both sockets' sk->sk_state are changed to TCP_ESTABLISHED so that we can register them to BPF SOCKMAP. When the socket disconnects from the peer by connect(AF_UNSPEC), the state is set back to TCP_CLOSE. Then, the peer's state is also set to TCP_CLOSE, but the update is done locklessly and unconditionally. Let's say socket A connect()ed to B, B connect()ed to C, and A disconnects from B. After the first two connect()s, all three sockets' sk->sk_state are TCP_ESTABLISHED: $ ss -xa Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess u_dgr ESTAB 0 0 @A 641 * 642 u_dgr ESTAB 0 0 @B 642 * 643 u_dgr ESTAB 0 0 @C 643 * 0 And after the disconnect, B's state is TCP_CLOSE even though it's still connected to C and C's state is TCP_ESTABLISHED. $ ss -xa Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess u_dgr UNCONN 0 0 @A 641 * 642 u_dgr UNCONN 0 0 @B 642 * 643 u_dgr ESTAB 0 0 @C 643 * 0 In this case, we cannot register B to SOCKMAP. So, when a socket disconnects from the peer, we should not set TCP_CLOSE to the peer if the peer is connected to yet another socket, and this must be done under unix_state_lock(). Note that we use WRITE_ONCE() for sk->sk_state as there are many lockless readers. These data-races will be fixed in the following patches. Fixes: 83301b5367a9 ("af_unix: Set TCP_ESTABLISHED for datagram sockets too") Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> --- CC: Cong Wang <cong.wang@bytedance.com> --- net/unix/af_unix.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)