[PATCH net 0/4] mptcp: a bunch of assorted fixes
by Paolo Abeni
This series pulls a few fixes for the MPTCP datapath.
Most issues addressed here has been recently introduced
with the recent reworks, with the notable exception of
the first patch, which addresses an issue present since
the early days
Paolo Abeni (4):
mptcp: fix security context on server socket
mptcp: properly annotate nested lock
mptcp: push pending frames when subflow has free space
mptcp: fix pending data accounting
net/mptcp/options.c | 13 ++++++++-----
net/mptcp/protocol.c | 11 ++++++-----
net/mptcp/protocol.h | 2 +-
tools/testing/selftests/net/mptcp/simult_flows.sh | 6 +++---
4 files changed, 18 insertions(+), 14 deletions(-)
--
2.26.2
2 months, 2 weeks
[MPTCP][PATCH v3 mptcp-next 0/6] MP_PRIO support
by Geliang Tang
v3:
- drop the MPTCP_PM_ADDR_FLAG_NOBACKUP flag
v2:
- add set_flags command
v1:
- add MP_PRIO PM netlink support
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/51
Geliang Tang (6):
mptcp: add the outgoing MP_PRIO support
mptcp: add the incoming MP_PRIO support
mptcp: add set_flags command in PM netlink
selftests: mptcp: add set_flags command in pm_nl_ctl
mptcp: add the mibs for MP_PRIO
selftests: mptcp: add the MP_PRIO testcases
include/uapi/linux/mptcp.h | 1 +
net/mptcp/mib.c | 2 +
net/mptcp/mib.h | 2 +
net/mptcp/options.c | 56 ++++++++++
net/mptcp/pm.c | 8 ++
net/mptcp/pm_netlink.c | 100 ++++++++++++++++++
net/mptcp/protocol.h | 13 ++-
.../testing/selftests/net/mptcp/mptcp_join.sh | 72 ++++++++++++-
tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 85 ++++++++++++++-
9 files changed, 336 insertions(+), 3 deletions(-)
--
2.26.2
2 months, 2 weeks
[MPTCP][PATCH v2 net-next] mptcp: clear use_ack and use_map when dropping other suboptions
by Geliang Tang
This patch cleared use_ack and use_map when dropping other suboptions to
fix the following syzkaller BUG:
[ 15.223006] BUG: unable to handle page fault for address: 0000000000223b10
[ 15.223700] #PF: supervisor read access in kernel mode
[ 15.224209] #PF: error_code(0x0000) - not-present page
[ 15.224724] PGD b8d5067 P4D b8d5067 PUD c0a5067 PMD 0
[ 15.225237] Oops: 0000 [#1] SMP
[ 15.225556] CPU: 0 PID: 7747 Comm: syz-executor Not tainted 5.10.0-rc6+ #24
[ 15.226281] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 15.227292] RIP: 0010:skb_release_data+0x89/0x1e0
[ 15.227816] Code: 5b 5d 41 5c 41 5d 41 5e 41 5f e9 02 06 8a ff e8 fd 05 8a ff 45 31 ed 80 7d 02 00 4c 8d 65 30 74 55 e8 eb 05 8a ff 49 8b 1c 24 <4c> 8b 7b 08 41 f6 c7 01 0f 85 18 01 00 00 e8 d4 05 8a ff 8b 43 34
[ 15.229669] RSP: 0018:ffffc900019c7c08 EFLAGS: 00010293
[ 15.230188] RAX: ffff88800daad900 RBX: 0000000000223b08 RCX: 0000000000000006
[ 15.230895] RDX: 0000000000000000 RSI: ffffffff818e06c5 RDI: ffff88807f6dc700
[ 15.231593] RBP: ffff88807f71a4c0 R08: 0000000000000001 R09: 0000000000000001
[ 15.232299] R10: ffffc900019c7c18 R11: 0000000000000000 R12: ffff88807f71a4f0
[ 15.233007] R13: 0000000000000000 R14: ffff88807f6dc700 R15: 0000000000000002
[ 15.233714] FS: 00007f65d9b5f700(0000) GS:ffff88807c400000(0000) knlGS:0000000000000000
[ 15.234509] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 15.235081] CR2: 0000000000223b10 CR3: 000000000b883000 CR4: 00000000000006f0
[ 15.235788] Call Trace:
[ 15.236042] skb_release_all+0x28/0x30
[ 15.236419] __kfree_skb+0x11/0x20
[ 15.236768] tcp_data_queue+0x270/0x1240
[ 15.237161] ? tcp_urg+0x50/0x2a0
[ 15.237496] tcp_rcv_established+0x39a/0x890
[ 15.237997] ? mark_held_locks+0x49/0x70
[ 15.238467] tcp_v4_do_rcv+0xb9/0x270
[ 15.238915] __release_sock+0x8a/0x160
[ 15.239365] release_sock+0x32/0xd0
[ 15.239793] __inet_stream_connect+0x1d2/0x400
[ 15.240313] ? do_wait_intr_irq+0x80/0x80
[ 15.240791] inet_stream_connect+0x36/0x50
[ 15.241275] mptcp_stream_connect+0x69/0x1b0
[ 15.241787] __sys_connect+0x122/0x140
[ 15.242236] ? syscall_enter_from_user_mode+0x17/0x50
[ 15.242836] ? lockdep_hardirqs_on_prepare+0xd4/0x170
[ 15.243436] __x64_sys_connect+0x1a/0x20
[ 15.243924] do_syscall_64+0x33/0x40
[ 15.244313] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 15.244821] RIP: 0033:0x7f65d946e469
[ 15.245183] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ff 49 2b 00 f7 d8 64 89 01 48
[ 15.247019] RSP: 002b:00007f65d9b5eda8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 15.247770] RAX: ffffffffffffffda RBX: 000000000049bf00 RCX: 00007f65d946e469
[ 15.248471] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000005
[ 15.249205] RBP: 000000000049bf00 R08: 0000000000000000 R09: 0000000000000000
[ 15.249908] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000049bf0c
[ 15.250603] R13: 00007fffe8a25cef R14: 00007f65d9b3f000 R15: 0000000000000003
[ 15.251312] Modules linked in:
[ 15.251626] CR2: 0000000000223b10
[ 15.251965] BUG: kernel NULL pointer dereference, address: 0000000000000048
[ 15.252005] ---[ end trace f5c51fe19123c773 ]---
[ 15.252822] #PF: supervisor read access in kernel mode
[ 15.252823] #PF: error_code(0x0000) - not-present page
[ 15.252825] PGD c6c6067 P4D c6c6067 PUD c0d8067
[ 15.253294] RIP: 0010:skb_release_data+0x89/0x1e0
[ 15.253910] PMD 0
[ 15.253914] Oops: 0000 [#2] SMP
[ 15.253917] CPU: 1 PID: 7746 Comm: syz-executor Tainted: G D 5.10.0-rc6+ #24
[ 15.253920] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 15.254435] Code: 5b 5d 41 5c 41 5d 41 5e 41 5f e9 02 06 8a ff e8 fd 05 8a ff 45 31 ed 80 7d 02 00 4c 8d 65 30 74 55 e8 eb 05 8a ff 49 8b 1c 24 <4c> 8b 7b 08 41 f6 c7 01 0f 85 18 01 00 00 e8 d4 05 8a ff 8b 43 34
[ 15.254899] RIP: 0010:skb_release_data+0x89/0x1e0
[ 15.254902] Code: 5b 5d 41 5c 41 5d 41 5e 41 5f e9 02 06 8a ff e8 fd 05 8a ff 45 31 ed 80 7d 02 00 4c 8d 65 30 74 55 e8 eb 05 8a ff 49 8b 1c 24 <4c> 8b 7b 08 41 f6 c7 01 0f 85 18 01 00 00 e8 d4 05 8a ff 8b 43 34
[ 15.254905] RSP: 0018:ffffc900019bfc08 EFLAGS: 00010293
[ 15.255376] RSP: 0018:ffffc900019c7c08 EFLAGS: 00010293
[ 15.255580]
[ 15.255583] RAX: ffff888004a7ac80 RBX: 0000000000000040 RCX: 0000000000000000
[ 15.255912]
[ 15.256724] RDX: 0000000000000000 RSI: ffffffff818e06c5 RDI: ffff88807f6ddd00
[ 15.257620] RAX: ffff88800daad900 RBX: 0000000000223b08 RCX: 0000000000000006
[ 15.259817] RBP: ffff88800e9006c0 R08: 0000000000000000 R09: 0000000000000000
[ 15.259818] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88800e9006f0
[ 15.259820] R13: 0000000000000000 R14: ffff88807f6ddd00 R15: 0000000000000002
[ 15.259822] FS: 00007fae4a60a700(0000) GS:ffff88807c500000(0000) knlGS:0000000000000000
[ 15.259826] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 15.260296] RDX: 0000000000000000 RSI: ffffffff818e06c5 RDI: ffff88807f6dc700
[ 15.262514] CR2: 0000000000000048 CR3: 000000000b89c000 CR4: 00000000000006e0
[ 15.262515] Call Trace:
[ 15.262519] skb_release_all+0x28/0x30
[ 15.262523] __kfree_skb+0x11/0x20
[ 15.263054] RBP: ffff88807f71a4c0 R08: 0000000000000001 R09: 0000000000000001
[ 15.263680] tcp_data_queue+0x270/0x1240
[ 15.263843] R10: ffffc900019c7c18 R11: 0000000000000000 R12: ffff88807f71a4f0
[ 15.264693] ? tcp_urg+0x50/0x2a0
[ 15.264856] R13: 0000000000000000 R14: ffff88807f6dc700 R15: 0000000000000002
[ 15.265720] tcp_rcv_established+0x39a/0x890
[ 15.266438] FS: 00007f65d9b5f700(0000) GS:ffff88807c400000(0000) knlGS:0000000000000000
[ 15.267283] ? __schedule+0x3fa/0x880
[ 15.267287] tcp_v4_do_rcv+0xb9/0x270
[ 15.267290] __release_sock+0x8a/0x160
[ 15.268049] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 15.268788] release_sock+0x32/0xd0
[ 15.268791] __inet_stream_connect+0x1d2/0x400
[ 15.268795] ? do_wait_intr_irq+0x80/0x80
[ 15.269593] CR2: 0000000000223b10 CR3: 000000000b883000 CR4: 00000000000006f0
[ 15.270246] inet_stream_connect+0x36/0x50
[ 15.270250] mptcp_stream_connect+0x69/0x1b0
[ 15.270253] __sys_connect+0x122/0x140
[ 15.271097] Kernel panic - not syncing: Fatal exception
[ 15.271820] ? syscall_enter_from_user_mode+0x17/0x50
[ 15.283542] ? lockdep_hardirqs_on_prepare+0xd4/0x170
[ 15.284275] __x64_sys_connect+0x1a/0x20
[ 15.284853] do_syscall_64+0x33/0x40
[ 15.285369] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 15.286105] RIP: 0033:0x7fae49f19469
[ 15.286638] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ff 49 2b 00 f7 d8 64 89 01 48
[ 15.289295] RSP: 002b:00007fae4a609da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 15.290375] RAX: ffffffffffffffda RBX: 000000000049bf00 RCX: 00007fae49f19469
[ 15.291403] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000005
[ 15.292437] RBP: 000000000049bf00 R08: 0000000000000000 R09: 0000000000000000
[ 15.293456] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000049bf0c
[ 15.294473] R13: 00007fff0004b6bf R14: 00007fae4a5ea000 R15: 0000000000000003
[ 15.295492] Modules linked in:
[ 15.295944] CR2: 0000000000000048
[ 15.296567] Kernel Offset: disabled
[ 15.296941] ---[ end Kernel panic - not syncing: Fatal exception ]---
Reported-by: Christoph Paasch <cpaasch(a)apple.com>
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/104
Fixes: 84dfe3677a6f (mptcp: send out dedicated ADD_ADDR packet)
Signed-off-by: Geliang Tang <geliangtang(a)gmail.com>
---
Obsoletes: v1 (mptcp: avoid using the main socket to send ack)
---
net/mptcp/options.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/mptcp/options.c b/net/mptcp/options.c
index 5e7d7755d1a6..f4047ace032d 100644
--- a/net/mptcp/options.c
+++ b/net/mptcp/options.c
@@ -606,6 +606,8 @@ static bool mptcp_established_options_add_addr(struct sock *sk, struct sk_buff *
skb && skb_is_tcp_pure_ack(skb)) {
pr_debug("drop other suboptions");
opts->suboptions = 0;
+ opts->ext_copy.use_ack = 0;
+ opts->ext_copy.use_map = 0;
remaining += opt_size;
drop_other_suboptions = true;
}
--
2.29.2
2 months, 2 weeks
[Weekly meetings] MoM - 10th of December 2020
by Matthieu Baerts
Hello everyone,
Today, we had our 128th meeting with Mat and Ossama (Intel), Christoph
(Apple), Davide, Paolo and Florian (RedHat) and myself (Tessares).
Thanks again for this new good meeting!
Here are the minutes of the meeting:
Accepted patches:
- The list of accepted patches can be seen on PatchWork:
https://patchwork.ozlabs.org/project/mptcp/list/?state=3
netdev (if mptcp ML is in cc) (Geliang Tang, Mat Martineau, Paolo
Abeni):
1413736 [net-next,11/11] mptcp: use the variable sk instead of open-coding
1413735 [net-next,10/11] mptcp: rename add_addr_signal and
mptcp_add_addr_sta...
1413734 [net-next,09/11] mptcp: drop rm_addr_signal flag
1413733 [net-next,08/11] mptcp: print out port and ahmac when receiving
ADD_A...
1413732 [net-next,07/11] mptcp: add port parameter for
mptcp_pm_announce_addr
1413731 [net-next,06/11] mptcp: send out dedicated packet for ADD_ADDR
using ...
1413730 [net-next,05/11] mptcp: add the outgoing ADD_ADDR port support
1413729 [net-next,04/11] mptcp: use adding up size to get ADD_ADDR length
1413728 [net-next,03/11] mptcp: add port support for ADD_ADDR suboption
writi...
1413726 [net-next,02/11] mptcp: unify ADD_ADDR and ADD_ADDR6 suboptions
writi...
1413727 [net-next,01/11] mptcp: unify ADD_ADDR and echo suboptions writing
1413338 [net-next,3/3] mptcp: be careful on subflows shutdown
1413337 [net-next,2/3] mptcp: plug subflow context memory leak
1413336 [net-next,1/3] mptcp: link MPC subflow into msk only after accept
our repo (by: Geliang Tang, Paolo Abeni):
1413552 [mptcp-next] mptcp: push pending frames when subflow has free space
1411918 [mptcp-next] Squash to "mptcp: parse and act on incoming
FASTCLOSE op...
1410977 [mptcp-next] mptcp: plug subflow context memory leak
1410476 [net-next] mptcp: pm: simplify select_local_address()
1410365 [mptcp-next] mptcp: link MPC subflow into msk only after accept
1409493 [mptcp-next] mptcp: use MPTCPOPT_HMAC_LEN macro
1409483 [mptcp-next] Squash to "mptcp: use adding up size to get
ADD_ADDR len...
1408049 [v2,mptcp-next,2/2] selftests: mptcp: add the flush addrs testcase
1408047 [v2,mptcp-next,1/2] mptcp: remove address when netlink flush addrs
1406751 [v3] mptcp: let MPTCP create max size skbs
Pending patches:
- The list of pending patches can be seen on PatchWork:
https://patchwork.ozlabs.org/project/mptcp/list/?state=*
netdev (if mptcp ML is in cc) (by: /):
/
our repo (by: Florian Westphal, Geliang Tang, Paolo Abeni):
1370700: RFC: [RFC,2/4] tcp: move selected mptcp helpers to tcp.h/mptcp.h
1370702: RFC: [RFC,4/4] tcp: parse tcp options contained in reset packets
1375893: RFC: [RFC,mptpcp-next] mptcp: add ooo prune support
1395128: RFC: [1/5] tcp: make two mptcp helpers available to tcp stack
1395131: RFC: [3/5] mptcp: add mptcp reset option support
1395133: RFC: [5/5] mptcp: send fastclose if userspace closes socket
with unread data:
- Any to drop? Replaced by other ones?
- WIP
1408030: Changes Requested: [v7,mptcp-next,1/7] mptcp: create the
listening socket for new port
1408031: Changes Requested: [v7,mptcp-next,2/7] mptcp: add port number
check for MP_JOIN
1408032: Changes Requested: [v7,mptcp-next,3/7] mptcp: add port number
announced check
1408033: Changes Requested: [v7,mptcp-next,4/7] mptcp: deal with
MPTCP_PM_ADDR_ATTR_PORT in PM netlink
1408034: Changes Requested: [v7,mptcp-next,5/7] selftests: mptcp: add
port argument for pm_nl_ctl
1408035: Changes Requested: [v7,mptcp-next,6/7] mptcp: add the mibs for
ADD_ADDR with port
1408036: Changes Requested: [v7,mptcp-next,7/7] selftests: mptcp: add
testcases for ADD_ADDR with port
1408091: Changes Requested: [mptcp-next] Squash to "[MPTCP][PATCH v7
mptcp-next 3/7] mptcp: add port number announced check"
1408144: Changes Requested: [mptcp-next] mptcp: enable use_port when
invoke addresses_equal:
- The two last ones can be part of the future v8
- Some modifications needed
1409622: Changes Requested: [RFC] selinux: handle MPTCP consistently
with TCP:
- fixes in MPTCP core will be needed
- sk_security is not copied
- either we replace sk_clone_lock with another one copying the
sk_security field
- or we do an explicit copy
1410827: Changes Requested: [net-next] mptcp: avoid using the main
socket to send ack:
- Geliang is working on a v2
- Paolo is not able to reproduce the issue, probably a different
KConfig and we need net-next
- But this fix is important
- If anybody can reproduce it, it can be useful if Geliang needs help
- *@Geliang* : can you reproduce it on the export branch too?
1413254: New: [v4,mptcp-next,1/2] mptcp: add the address ID assignment
bitmap
1413262: New: [v4,mptcp-next,2/2] selftests: mptcp: add testcases for
setting the address ID:
- Review needed
1413268: New: [v3,mptcp-next,1/6] mptcp: add the outgoing MP_PRIO support
1413269: New: [v3,mptcp-next,2/6] mptcp: add the incoming MP_PRIO support
1413270: New: [v3,mptcp-next,3/6] mptcp: add set_flags command in PM netlink
1413271: New: [v3,mptcp-next,4/6] selftests: mptcp: add set_flags
command in pm_nl_ctl
1413272: New: [v3,mptcp-next,5/6] mptcp: add the mibs for MP_PRIO
1413273: New: [v3,mptcp-next,6/6] selftests: mptcp: add the MP_PRIO
testcases:
- Review needed
- v2 → v3 is small
Issues on Github:
https://github.com/multipath-tcp/mptcp_net-next/issues/
Recently opened (latest from last week: 118)
124 ./mptcp_connect.sh -m mmap test blocks: regression [bug]:
- Happening since: "mptcp: push pending frames when subflow has
free space"
- From Paolo: mmh
- Paolo didn't have the issue on his environment
123 sndmsg autotuning is disable [bug] @pabeni:
- When investigating low perf between two VMs
- Disabled since last sendmsg refactor
- When autotuning is not needed, perf are good!
- But not easy to re-enable it
122 PM doesn't create subflow with IPv4 mapped IPv6 socket [bug]
@geliangtang:
- kernel_bind() → inet6_bind() → error
- Geliang is looking at it
- Geliang had an issue to compile packetdrill (multiple
definition of `mp_state')
- From Davide: mmh
- *@Geliang* : do you still have the issue?
- Fedora 30 is no longer supported, an upgrade might be needed
- If still blocked, please report the issue on Github/IRC
121 [syzkaller] divide error in __tcp_select_window [bug] [syzkaller]:
- It seems similar to #111 but the upstream fix didn't help for
this one.
120 [interop] netnext is dropping packets, causing MPTCP-level
retransmissions on mptcp.org:
- Some logs have been added
119 [syzkaller] memory leak in __get_filter [bug] [syzkaller]:
- no repro yet
125 [syzkaller] KASAN: wild-memory-access Write in
subflow_req_destructor
126 [syzkaller] WARNING in mptcp_reset_timer:
- might be linked to #105 (still happening) and #70
127 [syzkaller] WARNING in corrupted:
- all these new ones (125 → 127) are with export from yesterday:
export/20201209T060936
- syzkaller config is different, likely validating new stuff
Bugs (opened, flagged as "bug" and assigned)
123 sndmsg autotuning is disable [bug] @pabeni:
- See ↑
122 PM doesn't create subflow with IPv4 mapped IPv6 socket [bug]
@geliangtang:
- See ↑
104 [syzkaller] general protection fault in skb_release_data [bug]
[syzkaller] @geliangtang:
- Geliang is working on it
- one patch has already been shared
94 Packetdrill: after a received DATA_FIN, no new packets can be
treated [bug] [packetdrill] @dcaratti:
- workaround pushed. Can we close this?
- No, Matth had the issue yesterday
- problem: not matching the port → cannot understand the port,
maybe we can match "any port"
Bugs (opened and flagged as "bug" and not assigned)
124 ./mptcp_connect.sh -m mmap test blocks: regression [bug]
121 [syzkaller] divide error in __tcp_select_window [bug] [syzkaller]
119 [syzkaller] memory leak in __get_filter [bug] [syzkaller]
115 [syzkaller] WARNING in sk_stream_kill_queues [bug] [syzkaller]
114 packetdrill: dss tolerance issue to emit the FIN+ACK [bug]
[packetdrill]
112 sporadic failure of mptcp_join.sh selftest 13 [bug]:
- could be good to look at this one not to have many bad reports
from the CIs.
110 [syzkaller] memory leak in __ip_mc_join_group [bug] [syzkaller]
107 Review use of WARN_ON() / WARN_ON_ONCE() [bug]
106 [syzkaller] BUG: Bad page state [bug] [syzkaller]
65 clearing properly the status in listen() [bug]
56 msk connection state set without msk lock [bug]
In Progress (opened and assigned)
117 Allow user-space to set endpoint ID [enhancement] [help wanted]
@geliangtang
96 Python: add support for IPPROTO_MPTCP [enhancement] @matttbe
76 [gs]etsockopt per subflow: BPF [enhancement] @matttbe
54 ADD_ADDR: ports support [enhancement] @geliangtang
51 MP_PRIO support [enhancement] @geliangtang
43 [syzkaller] Change syzkaller to exercise MPTCP inet_diag
interface [enhancement] [syzkaller] @cpaasch
Recently closed (since last week)
109 [syzkaller] memory leak in skb_ext_add [bug] [syzkaller]
108 [syzkaller] memory leak in sk_clone_lock [bug] [syzkaller] @pabeni
103 [syzkaller] WARNING in inet_csk_listen_stop [bug] [syzkaller]
@pabeni
85 Packetdrill: multiple timeout reported by the CI [bug]
[packetdrill] @matttbe
72 [iproute2] endpoint add with "id" is not persisted [enhancement]
[iproute2]
67 `./mptcp_connect.sh -m mmap` test blocks [bug]
FYI: Current Roadmap:
- Bugs: https://github.com/multipath-tcp/mptcp_net-next/projects/2
- Current merge window (5.11):
https://github.com/multipath-tcp/mptcp_net-next/projects/6
- For later: https://github.com/multipath-tcp/mptcp_net-next/projects/4
Patches to send to netdev:
- net:
- /
- net-next:
- See below: ↓
- Mat can send them
- Paolo will send independently the SELinux patch because it
will go to different tree/ML
58f1c48d7bbd bpf: expose is_mptcp flag to bpf_tcp_sock → no
f57f3b5446bb mptcp: attach subflow socket to parent cgroup → yes
e1a05f57895d bpf: add 'bpf_mptcp_sock' structure and helper → no
921a342fed73 bpf:selftests: add MPTCP test base → no
eea7e1d5a580 bpf:selftests: add bpf_mptcp_sock() verifier tests → no
d27ed1c635bb mptcp: remove address when netlink flushes addrs → yes
93713a3225de selftests: mptcp: add the flush addrs testcase → yes
5c5e588b0e93 mptcp: use MPTCPOPT_HMAC_LEN macro → yes
dd635e51b7e0 mptcp: hold mptcp socket before calling tcp_done → yes
99b4323a4bd4 tcp: parse mptcp options contained in reset packets → yes
815187eaa4c5 mptcp: parse and act on incoming FASTCLOSE option → yes
62253eedfcee mptcp: pm: simplify select_local_address() → yes
205c9df9ee33 mptcp: let MPTCP create max size skbs → yes
20519a8c3383 mptcp: push pending frames when subflow has free space → no:
- can be seen as a fix, we can wait
Extra tests:
- news about Syzkaller? (Christoph):
- See ↑
- syzkaller config is different, likely validating new stuff
- news about interop with mptcp.org? (Christoph):
- an issue reported last week (120: [interop] netnext is
dropping packets, causing MPTCP-level retransmissions on mptcp.org)
- it looks like the sender (mptcp.org) is sending more than
what it should do
- pcap captures with the corresponding dmesg log might be needed
- *@Christoph* has this and will look at that
- news about Intel's kbuild? (Mat):
- less frequent failure on MP_JOIN selftests
- ADD_ADDR timeout was detected too
- Mat will check at the full logs
- packetdrill (Davide):
- Some small modifications to stabilise some tests running on a
slow env
- Also tolerance is multiplied by 10 when running it with a
debug kernel
- CI (Matth):
- Tests are more stable! (up to yesterday :) )
Removing subflows:
- If the initial subflow has been closed, do we want the path
manager to close the last subflow when an address is removed?
- Or leave it open until it's forced closed by an interface being
shut down?
- Linked to recent modifications done by Geliang
- We need to check if the MPTCP connection is left opened in this
case (PM closes the last subflow):
- the msk should still be in Established and can accept/create
new subflows
- maybe safe to close everything by default?
- https://github.com/multipath-tcp/mptcp_net-next/issues/128
- Note that the situation is different if the msk has been
closed: if no DATA_FIN is received but all subflows are closed (TCP
FIN), the msk is closed.
RPM spec for mptcpd - BSD license:
- Davide has a fix for that
- (but mptcpd is not compiling anymore)
mptcpd doesn't build any more with libell-0.35 (see issue #84)
- ugly workaround: build with no plugins →
https://paste.centos.org/view/f1218db0
- and use libell 0.33 if you want mptcpd functionality
- Ossama has a fix but no release
- Davide can apply a patch if it can apply on the 0.5 release
- *@Ossama* will look at this patch on top of the right version.
Next meeting:
- starting a bit later? 30 minutes later? (because of conflicting
meetings)
- *@Geliang:* do you plan to participate to the meeting next week?
Could we start it 15-30 minutes later
Next meeting:
- We propose to have the next meeting on Thursday, the 17th of
December.
- /!\ *NOT* the Usual UTC time: 16:30 UTC (8.30am PST, 5.30pm CET,
Midnight+30 CST)
- Still open to everyone!
- https://annuel2.framapad.org/p/mptcp_upstreaming_20201217
Feel free to comment on these points and propose new ones for the next
meeting!
Talk to you next Thursday,
Matt
--
Tessares | Belgium | Hybrid Access Solutions
www.tessares.net
2 months, 2 weeks
[MPTCP][PATCH v4 mptcp-next 0/2] mptcp: add the address ID assignment bitmap and testcases
by Geliang Tang
v4:
- update the find_next code
v3:
- call find_next_zero_bit() again for the invalid id.
- use "for (i = id; ..." in mptcp_nl_cmd_dump_addrs.
- add a wrap around testcase.
v2:
- use BITS_PER_LONG macro.
- add back the callback argument in cmd_dump_addrs.
- add a testcase.
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/117
Geliang Tang (2):
mptcp: add the address ID assignment bitmap
selftests: mptcp: add testcases for setting the address ID
net/mptcp/pm_netlink.c | 71 ++++++++++++++-----
.../testing/selftests/net/mptcp/pm_netlink.sh | 41 ++++++++++-
2 files changed, 92 insertions(+), 20 deletions(-)
--
2.26.2
2 months, 2 weeks
[PATCH mptcp-net v2] mptcp: fix pending data accounting
by Paolo Abeni
When sendmsg() needs to wait for memory, the pending data
is not updated. That causes a drift in forward memory allocation,
leading to stall and/or warnings at socket close time.
This change addresses the above issue moving the pending data
counter update inside the sendmsg() main loop.
Fixes: 6e628cd3a8f7 ("mptcp: use mptcp release_cb for delayed tasks")
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
---
v1 -> v2:
- really fix broken accounting
---
net/mptcp/protocol.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 8ec9e4582d18..b372e4b18092 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -1658,6 +1658,7 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
frag_truesize += psize;
pfrag->offset += frag_truesize;
WRITE_ONCE(msk->write_seq, msk->write_seq + psize);
+ msk->tx_pending_data += psize;
/* charge data on mptcp pending queue to the msk socket
* Note: we charge such data both to sk and ssk
@@ -1683,10 +1684,8 @@ static int mptcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
goto out;
}
- if (copied) {
- msk->tx_pending_data += copied;
+ if (copied)
mptcp_push_pending(sk, msg->msg_flags);
- }
out:
release_sock(sk);
--
2.26.2
2 months, 2 weeks
[PATCH mptcp-net] mptcp: properly annotate nested lock
by Paolo Abeni
MPTCP closes the subflows while holding the msk-level lock.
While acquiring the subflow socket lock we need to use the
correct nested annotation, or we can hit a lockdep splat
at runtime.
Reported-and-tested-by: Geliang Tang <geliangtang(a)gmail.com>
Fixes: e16163b6e2b7 ("mptcp: refactor shutdown and close")
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
---
net/mptcp/protocol.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index b372e4b18092..089f084d0ba8 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2118,7 +2118,7 @@ void __mptcp_close_ssk(struct sock *sk, struct sock *ssk,
list_del(&subflow->node);
- lock_sock(ssk);
+ lock_sock_nested(ssk, SINGLE_DEPTH_NESTING);
/* if we are invoked by the msk cleanup code, the subflow is
* already orphaned
--
2.26.2
2 months, 2 weeks
[mptcp-net PATCH] mptcp: fix security context on server socket
by Paolo Abeni
Currently MPTCP is not propagating the security context
from the ingress request socket to newly created msk
at clone time.
Address the issue invoking the missing security helper.
Fixes: cf7da0d66cc1 ("mptcp: Create SUBFLOW socket for incoming connections")
Signed-off-by: Paolo Abeni <pabeni(a)redhat.com>
---
net/mptcp/protocol.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 88f2a7a0ccb8..967ce9ccfc0d 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2081,6 +2081,8 @@ struct sock *mptcp_sk_clone(const struct sock *sk,
sock_reset_flag(nsk, SOCK_RCU_FREE);
/* will be fully established after successful MPC subflow creation */
inet_sk_state_store(nsk, TCP_SYN_RECV);
+
+ security_inet_csk_clone(nsk, req);
bh_unlock_sock(nsk);
/* keep a single reference */
--
2.26.2
2 months, 2 weeks
[MPTCP][PATCH net-next] mptcp: avoid using the main socket to send ack
by Geliang Tang
This patch fixed the following syzkaller BUG:
[ 15.223006] BUG: unable to handle page fault for address: 0000000000223b10
[ 15.223700] #PF: supervisor read access in kernel mode
[ 15.224209] #PF: error_code(0x0000) - not-present page
[ 15.224724] PGD b8d5067 P4D b8d5067 PUD c0a5067 PMD 0
[ 15.225237] Oops: 0000 [#1] SMP
[ 15.225556] CPU: 0 PID: 7747 Comm: syz-executor Not tainted 5.10.0-rc6+ #24
[ 15.226281] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 15.227292] RIP: 0010:skb_release_data+0x89/0x1e0
[ 15.227816] Code: 5b 5d 41 5c 41 5d 41 5e 41 5f e9 02 06 8a ff e8 fd 05 8a ff 45 31 ed 80 7d 02 00 4c 8d 65 30 74 55 e8 eb 05 8a ff 49 8b 1c 24 <4c> 8b 7b 08 41 f6 c7 01 0f 85 18 01 00 00 e8 d4 05 8a ff 8b 43 34
[ 15.229669] RSP: 0018:ffffc900019c7c08 EFLAGS: 00010293
[ 15.230188] RAX: ffff88800daad900 RBX: 0000000000223b08 RCX: 0000000000000006
[ 15.230895] RDX: 0000000000000000 RSI: ffffffff818e06c5 RDI: ffff88807f6dc700
[ 15.231593] RBP: ffff88807f71a4c0 R08: 0000000000000001 R09: 0000000000000001
[ 15.232299] R10: ffffc900019c7c18 R11: 0000000000000000 R12: ffff88807f71a4f0
[ 15.233007] R13: 0000000000000000 R14: ffff88807f6dc700 R15: 0000000000000002
[ 15.233714] FS: 00007f65d9b5f700(0000) GS:ffff88807c400000(0000) knlGS:0000000000000000
[ 15.234509] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 15.235081] CR2: 0000000000223b10 CR3: 000000000b883000 CR4: 00000000000006f0
[ 15.235788] Call Trace:
[ 15.236042] skb_release_all+0x28/0x30
[ 15.236419] __kfree_skb+0x11/0x20
[ 15.236768] tcp_data_queue+0x270/0x1240
[ 15.237161] ? tcp_urg+0x50/0x2a0
[ 15.237496] tcp_rcv_established+0x39a/0x890
[ 15.237997] ? mark_held_locks+0x49/0x70
[ 15.238467] tcp_v4_do_rcv+0xb9/0x270
[ 15.238915] __release_sock+0x8a/0x160
[ 15.239365] release_sock+0x32/0xd0
[ 15.239793] __inet_stream_connect+0x1d2/0x400
[ 15.240313] ? do_wait_intr_irq+0x80/0x80
[ 15.240791] inet_stream_connect+0x36/0x50
[ 15.241275] mptcp_stream_connect+0x69/0x1b0
[ 15.241787] __sys_connect+0x122/0x140
[ 15.242236] ? syscall_enter_from_user_mode+0x17/0x50
[ 15.242836] ? lockdep_hardirqs_on_prepare+0xd4/0x170
[ 15.243436] __x64_sys_connect+0x1a/0x20
[ 15.243924] do_syscall_64+0x33/0x40
[ 15.244313] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 15.244821] RIP: 0033:0x7f65d946e469
[ 15.245183] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ff 49 2b 00 f7 d8 64 89 01 48
[ 15.247019] RSP: 002b:00007f65d9b5eda8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 15.247770] RAX: ffffffffffffffda RBX: 000000000049bf00 RCX: 00007f65d946e469
[ 15.248471] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000005
[ 15.249205] RBP: 000000000049bf00 R08: 0000000000000000 R09: 0000000000000000
[ 15.249908] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000049bf0c
[ 15.250603] R13: 00007fffe8a25cef R14: 00007f65d9b3f000 R15: 0000000000000003
[ 15.251312] Modules linked in:
[ 15.251626] CR2: 0000000000223b10
[ 15.251965] BUG: kernel NULL pointer dereference, address: 0000000000000048
[ 15.252005] ---[ end trace f5c51fe19123c773 ]---
[ 15.252822] #PF: supervisor read access in kernel mode
[ 15.252823] #PF: error_code(0x0000) - not-present page
[ 15.252825] PGD c6c6067 P4D c6c6067 PUD c0d8067
[ 15.253294] RIP: 0010:skb_release_data+0x89/0x1e0
[ 15.253910] PMD 0
[ 15.253914] Oops: 0000 [#2] SMP
[ 15.253917] CPU: 1 PID: 7746 Comm: syz-executor Tainted: G D 5.10.0-rc6+ #24
[ 15.253920] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[ 15.254435] Code: 5b 5d 41 5c 41 5d 41 5e 41 5f e9 02 06 8a ff e8 fd 05 8a ff 45 31 ed 80 7d 02 00 4c 8d 65 30 74 55 e8 eb 05 8a ff 49 8b 1c 24 <4c> 8b 7b 08 41 f6 c7 01 0f 85 18 01 00 00 e8 d4 05 8a ff 8b 43 34
[ 15.254899] RIP: 0010:skb_release_data+0x89/0x1e0
[ 15.254902] Code: 5b 5d 41 5c 41 5d 41 5e 41 5f e9 02 06 8a ff e8 fd 05 8a ff 45 31 ed 80 7d 02 00 4c 8d 65 30 74 55 e8 eb 05 8a ff 49 8b 1c 24 <4c> 8b 7b 08 41 f6 c7 01 0f 85 18 01 00 00 e8 d4 05 8a ff 8b 43 34
[ 15.254905] RSP: 0018:ffffc900019bfc08 EFLAGS: 00010293
[ 15.255376] RSP: 0018:ffffc900019c7c08 EFLAGS: 00010293
[ 15.255580]
[ 15.255583] RAX: ffff888004a7ac80 RBX: 0000000000000040 RCX: 0000000000000000
[ 15.255912]
[ 15.256724] RDX: 0000000000000000 RSI: ffffffff818e06c5 RDI: ffff88807f6ddd00
[ 15.257620] RAX: ffff88800daad900 RBX: 0000000000223b08 RCX: 0000000000000006
[ 15.259817] RBP: ffff88800e9006c0 R08: 0000000000000000 R09: 0000000000000000
[ 15.259818] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88800e9006f0
[ 15.259820] R13: 0000000000000000 R14: ffff88807f6ddd00 R15: 0000000000000002
[ 15.259822] FS: 00007fae4a60a700(0000) GS:ffff88807c500000(0000) knlGS:0000000000000000
[ 15.259826] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 15.260296] RDX: 0000000000000000 RSI: ffffffff818e06c5 RDI: ffff88807f6dc700
[ 15.262514] CR2: 0000000000000048 CR3: 000000000b89c000 CR4: 00000000000006e0
[ 15.262515] Call Trace:
[ 15.262519] skb_release_all+0x28/0x30
[ 15.262523] __kfree_skb+0x11/0x20
[ 15.263054] RBP: ffff88807f71a4c0 R08: 0000000000000001 R09: 0000000000000001
[ 15.263680] tcp_data_queue+0x270/0x1240
[ 15.263843] R10: ffffc900019c7c18 R11: 0000000000000000 R12: ffff88807f71a4f0
[ 15.264693] ? tcp_urg+0x50/0x2a0
[ 15.264856] R13: 0000000000000000 R14: ffff88807f6dc700 R15: 0000000000000002
[ 15.265720] tcp_rcv_established+0x39a/0x890
[ 15.266438] FS: 00007f65d9b5f700(0000) GS:ffff88807c400000(0000) knlGS:0000000000000000
[ 15.267283] ? __schedule+0x3fa/0x880
[ 15.267287] tcp_v4_do_rcv+0xb9/0x270
[ 15.267290] __release_sock+0x8a/0x160
[ 15.268049] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 15.268788] release_sock+0x32/0xd0
[ 15.268791] __inet_stream_connect+0x1d2/0x400
[ 15.268795] ? do_wait_intr_irq+0x80/0x80
[ 15.269593] CR2: 0000000000223b10 CR3: 000000000b883000 CR4: 00000000000006f0
[ 15.270246] inet_stream_connect+0x36/0x50
[ 15.270250] mptcp_stream_connect+0x69/0x1b0
[ 15.270253] __sys_connect+0x122/0x140
[ 15.271097] Kernel panic - not syncing: Fatal exception
[ 15.271820] ? syscall_enter_from_user_mode+0x17/0x50
[ 15.283542] ? lockdep_hardirqs_on_prepare+0xd4/0x170
[ 15.284275] __x64_sys_connect+0x1a/0x20
[ 15.284853] do_syscall_64+0x33/0x40
[ 15.285369] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 15.286105] RIP: 0033:0x7fae49f19469
[ 15.286638] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ff 49 2b 00 f7 d8 64 89 01 48
[ 15.289295] RSP: 002b:00007fae4a609da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 15.290375] RAX: ffffffffffffffda RBX: 000000000049bf00 RCX: 00007fae49f19469
[ 15.291403] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000005
[ 15.292437] RBP: 000000000049bf00 R08: 0000000000000000 R09: 0000000000000000
[ 15.293456] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000049bf0c
[ 15.294473] R13: 00007fff0004b6bf R14: 00007fae4a5ea000 R15: 0000000000000003
[ 15.295492] Modules linked in:
[ 15.295944] CR2: 0000000000000048
[ 15.296567] Kernel Offset: disabled
[ 15.296941] ---[ end Kernel panic - not syncing: Fatal exception ]---
In mptcp_pm_nl_add_addr_send_ack, we should avoid using the main socket
to send ack, using the subsocket instead.
Reported-by: Christoph Paasch <cpaasch(a)apple.com>
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/104
Fixes: 84dfe3677a6f (mptcp: send out dedicated ADD_ADDR packet)
Signed-off-by: Geliang Tang <geliangtang(a)gmail.com>
---
net/mptcp/pm_netlink.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c
index 03f2c28f11f5..0c3098423199 100644
--- a/net/mptcp/pm_netlink.c
+++ b/net/mptcp/pm_netlink.c
@@ -411,11 +411,13 @@ void mptcp_pm_nl_add_addr_send_ack(struct mptcp_sock *msk)
return;
__mptcp_flush_join_list(msk);
- subflow = list_first_entry_or_null(&msk->conn_list, typeof(*subflow), node);
- if (subflow) {
+ mptcp_for_each_subflow(msk, subflow) {
struct sock *ssk = mptcp_subflow_tcp_sock(subflow);
u8 add_addr;
+ if (!subflow->remote_id && !subflow->local_id)
+ continue;
+
spin_unlock_bh(&msk->pm.lock);
pr_debug("send ack for add_addr6");
lock_sock(ssk);
@@ -426,6 +428,7 @@ void mptcp_pm_nl_add_addr_send_ack(struct mptcp_sock *msk)
add_addr = READ_ONCE(msk->pm.add_addr_signal);
add_addr &= ~BIT(MPTCP_ADD_ADDR_IPV6);
WRITE_ONCE(msk->pm.add_addr_signal, add_addr);
+ break;
}
}
--
2.17.1
2 months, 2 weeks