diff mbox series

[net,2/2] mptcp: better msk-level shutdown.

Message ID 4cd18371d7caa6ee4a4e7ef988b50b45e362e177.1610471474.git.pabeni@redhat.com (mailing list archive)
State Accepted
Commit 76e2a55d16259b51116767b28b19d759bff43f72
Delegated to: Netdev Maintainers
Headers show
Series mptcp: a couple of fixes | expand

Checks

Context Check Description
netdev/cover_letter success Link
netdev/fixes_present success Link
netdev/patch_count success Link
netdev/tree_selection success Clearly marked for net
netdev/subject_prefix success Link
netdev/cc_maintainers warning 2 maintainers not CCed: matthieu.baerts@tessares.net mathew.j.martineau@linux.intel.com
netdev/source_inline success Was 0 now: 0
netdev/verify_signedoff success Link
netdev/module_param success Was 0 now: 0
netdev/build_32bit success Errors and warnings before: 2 this patch: 2
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/verify_fixes success Link
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 98 lines checked
netdev/build_allmodconfig_warn success Errors and warnings before: 2 this patch: 2
netdev/header_inline success Link
netdev/stable success Stable not CCed

Commit Message

Paolo Abeni Jan. 12, 2021, 5:25 p.m. UTC
Instead of re-implementing most of inet_shutdown, re-use
such helper, and implement the MPTCP-specific bits at the
'proto' level.

The msk-level disconnect() can now be invoked, lets provide a
suitable implementation.

As a side effect, this fixes bad state management for listener
sockets. The latter could lead to division by 0 oops since
commit ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling").

Fixes: 43b54c6ee382 ("mptcp: Use full MPTCP-level disconnect state machine")
Fixes: ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
 net/mptcp/protocol.c | 62 ++++++++++++--------------------------------
 1 file changed, 17 insertions(+), 45 deletions(-)

Comments

Mat Martineau Jan. 12, 2021, 9:38 p.m. UTC | #1
On Tue, 12 Jan 2021, Paolo Abeni wrote:

> Instead of re-implementing most of inet_shutdown, re-use
> such helper, and implement the MPTCP-specific bits at the
> 'proto' level.
>
> The msk-level disconnect() can now be invoked, lets provide a
> suitable implementation.
>
> As a side effect, this fixes bad state management for listener
> sockets. The latter could lead to division by 0 oops since
> commit ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling").
>
> Fixes: 43b54c6ee382 ("mptcp: Use full MPTCP-level disconnect state machine")
> Fixes: ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
> net/mptcp/protocol.c | 62 ++++++++++++--------------------------------
> 1 file changed, 17 insertions(+), 45 deletions(-)
>

Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>

--
Mat Martineau
Intel
Eric Dumazet Jan. 13, 2021, 10:21 a.m. UTC | #2
On 1/12/21 6:25 PM, Paolo Abeni wrote:
> Instead of re-implementing most of inet_shutdown, re-use
> such helper, and implement the MPTCP-specific bits at the
> 'proto' level.
> 
> The msk-level disconnect() can now be invoked, lets provide a
> suitable implementation.
> 
> As a side effect, this fixes bad state management for listener
> sockets. The latter could lead to division by 0 oops since
> commit ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling").
> 
> Fixes: 43b54c6ee382 ("mptcp: Use full MPTCP-level disconnect state machine")
> Fixes: ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
>  net/mptcp/protocol.c | 62 ++++++++++++--------------------------------
>  1 file changed, 17 insertions(+), 45 deletions(-)
> 
> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
> index 2ff8c7caf74f..81faeff8f3bb 100644
> --- a/net/mptcp/protocol.c
> +++ b/net/mptcp/protocol.c
> @@ -2642,11 +2642,12 @@ static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk)
>  
>  static int mptcp_disconnect(struct sock *sk, int flags)
>  {
> -	/* Should never be called.
> -	 * inet_stream_connect() calls ->disconnect, but that
> -	 * refers to the subflow socket, not the mptcp one.
> -	 */
> -	WARN_ON_ONCE(1);
> +	struct mptcp_subflow_context *subflow;
> +	struct mptcp_sock *msk = mptcp_sk(sk);
> +
> +	__mptcp_flush_join_list(msk);
> +	mptcp_for_each_subflow(msk, subflow)
> +		tcp_disconnect(mptcp_subflow_tcp_sock(subflow), flags);

Ouch.

tcp_disconnect() is supposed to be called with socket lock being held.

Really, CONFIG_LOCKDEP=y should have warned you :/
Eric Dumazet Jan. 13, 2021, 10:26 a.m. UTC | #3
On 1/13/21 11:21 AM, Eric Dumazet wrote:
> 
> 
> On 1/12/21 6:25 PM, Paolo Abeni wrote:
>> Instead of re-implementing most of inet_shutdown, re-use
>> such helper, and implement the MPTCP-specific bits at the
>> 'proto' level.
>>
>> The msk-level disconnect() can now be invoked, lets provide a
>> suitable implementation.
>>
>> As a side effect, this fixes bad state management for listener
>> sockets. The latter could lead to division by 0 oops since
>> commit ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling").
>>
>> Fixes: 43b54c6ee382 ("mptcp: Use full MPTCP-level disconnect state machine")
>> Fixes: ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling")
>> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
>> ---
>>  net/mptcp/protocol.c | 62 ++++++++++++--------------------------------
>>  1 file changed, 17 insertions(+), 45 deletions(-)
>>
>> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
>> index 2ff8c7caf74f..81faeff8f3bb 100644
>> --- a/net/mptcp/protocol.c
>> +++ b/net/mptcp/protocol.c
>> @@ -2642,11 +2642,12 @@ static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk)
>>  
>>  static int mptcp_disconnect(struct sock *sk, int flags)
>>  {
>> -	/* Should never be called.
>> -	 * inet_stream_connect() calls ->disconnect, but that
>> -	 * refers to the subflow socket, not the mptcp one.
>> -	 */
>> -	WARN_ON_ONCE(1);
>> +	struct mptcp_subflow_context *subflow;
>> +	struct mptcp_sock *msk = mptcp_sk(sk);
>> +
>> +	__mptcp_flush_join_list(msk);
>> +	mptcp_for_each_subflow(msk, subflow)
>> +		tcp_disconnect(mptcp_subflow_tcp_sock(subflow), flags);
> 
> Ouch.
> 
> tcp_disconnect() is supposed to be called with socket lock being held.
> 
> Really, CONFIG_LOCKDEP=y should have warned you :/

Or maybe CONFIG_PROVE_RCU=y is needed to catch the bug.
Paolo Abeni Jan. 13, 2021, 3:26 p.m. UTC | #4
On Wed, 2021-01-13 at 11:26 +0100, Eric Dumazet wrote:
> 
> On 1/13/21 11:21 AM, Eric Dumazet wrote:
> > 
> > On 1/12/21 6:25 PM, Paolo Abeni wrote:
> > > Instead of re-implementing most of inet_shutdown, re-use
> > > such helper, and implement the MPTCP-specific bits at the
> > > 'proto' level.
> > > 
> > > The msk-level disconnect() can now be invoked, lets provide a
> > > suitable implementation.
> > > 
> > > As a side effect, this fixes bad state management for listener
> > > sockets. The latter could lead to division by 0 oops since
> > > commit ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling").
> > > 
> > > Fixes: 43b54c6ee382 ("mptcp: Use full MPTCP-level disconnect state machine")
> > > Fixes: ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling")
> > > Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> > > ---
> > >  net/mptcp/protocol.c | 62 ++++++++++++--------------------------------
> > >  1 file changed, 17 insertions(+), 45 deletions(-)
> > > 
> > > diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
> > > index 2ff8c7caf74f..81faeff8f3bb 100644
> > > --- a/net/mptcp/protocol.c
> > > +++ b/net/mptcp/protocol.c
> > > @@ -2642,11 +2642,12 @@ static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk)
> > >  
> > >  static int mptcp_disconnect(struct sock *sk, int flags)
> > >  {
> > > -	/* Should never be called.
> > > -	 * inet_stream_connect() calls ->disconnect, but that
> > > -	 * refers to the subflow socket, not the mptcp one.
> > > -	 */
> > > -	WARN_ON_ONCE(1);
> > > +	struct mptcp_subflow_context *subflow;
> > > +	struct mptcp_sock *msk = mptcp_sk(sk);
> > > +
> > > +	__mptcp_flush_join_list(msk);
> > > +	mptcp_for_each_subflow(msk, subflow)
> > > +		tcp_disconnect(mptcp_subflow_tcp_sock(subflow), flags);
> > 
> > Ouch.
> > 
> > tcp_disconnect() is supposed to be called with socket lock being held.
> > 
> > Really, CONFIG_LOCKDEP=y should have warned you :/
> 
> Or maybe CONFIG_PROVE_RCU=y is needed to catch the bug.

Thank you for catching this!

Yep, CONFIG_PROVE_RCU=y triggers a 'suspicious RCU usage' warning. I
should really enable 'panic_on_warn' in batch tests.

I'll send a patch.

Thanks,

Paolo
diff mbox series

Patch

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 2ff8c7caf74f..81faeff8f3bb 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2642,11 +2642,12 @@  static void mptcp_copy_inaddrs(struct sock *msk, const struct sock *ssk)
 
 static int mptcp_disconnect(struct sock *sk, int flags)
 {
-	/* Should never be called.
-	 * inet_stream_connect() calls ->disconnect, but that
-	 * refers to the subflow socket, not the mptcp one.
-	 */
-	WARN_ON_ONCE(1);
+	struct mptcp_subflow_context *subflow;
+	struct mptcp_sock *msk = mptcp_sk(sk);
+
+	__mptcp_flush_join_list(msk);
+	mptcp_for_each_subflow(msk, subflow)
+		tcp_disconnect(mptcp_subflow_tcp_sock(subflow), flags);
 	return 0;
 }
 
@@ -3089,6 +3090,14 @@  bool mptcp_finish_join(struct sock *ssk)
 	return true;
 }
 
+static void mptcp_shutdown(struct sock *sk, int how)
+{
+	pr_debug("sk=%p, how=%d", sk, how);
+
+	if ((how & SEND_SHUTDOWN) && mptcp_close_state(sk))
+		__mptcp_wr_shutdown(sk);
+}
+
 static struct proto mptcp_prot = {
 	.name		= "MPTCP",
 	.owner		= THIS_MODULE,
@@ -3098,7 +3107,7 @@  static struct proto mptcp_prot = {
 	.accept		= mptcp_accept,
 	.setsockopt	= mptcp_setsockopt,
 	.getsockopt	= mptcp_getsockopt,
-	.shutdown	= tcp_shutdown,
+	.shutdown	= mptcp_shutdown,
 	.destroy	= mptcp_destroy,
 	.sendmsg	= mptcp_sendmsg,
 	.recvmsg	= mptcp_recvmsg,
@@ -3344,43 +3353,6 @@  static __poll_t mptcp_poll(struct file *file, struct socket *sock,
 	return mask;
 }
 
-static int mptcp_shutdown(struct socket *sock, int how)
-{
-	struct mptcp_sock *msk = mptcp_sk(sock->sk);
-	struct sock *sk = sock->sk;
-	int ret = 0;
-
-	pr_debug("sk=%p, how=%d", msk, how);
-
-	lock_sock(sk);
-
-	how++;
-	if ((how & ~SHUTDOWN_MASK) || !how) {
-		ret = -EINVAL;
-		goto out_unlock;
-	}
-
-	if (sock->state == SS_CONNECTING) {
-		if ((1 << sk->sk_state) &
-		    (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_CLOSE))
-			sock->state = SS_DISCONNECTING;
-		else
-			sock->state = SS_CONNECTED;
-	}
-
-	sk->sk_shutdown |= how;
-	if ((how & SEND_SHUTDOWN) && mptcp_close_state(sk))
-		__mptcp_wr_shutdown(sk);
-
-	/* Wake up anyone sleeping in poll. */
-	sk->sk_state_change(sk);
-
-out_unlock:
-	release_sock(sk);
-
-	return ret;
-}
-
 static const struct proto_ops mptcp_stream_ops = {
 	.family		   = PF_INET,
 	.owner		   = THIS_MODULE,
@@ -3394,7 +3366,7 @@  static const struct proto_ops mptcp_stream_ops = {
 	.ioctl		   = inet_ioctl,
 	.gettstamp	   = sock_gettstamp,
 	.listen		   = mptcp_listen,
-	.shutdown	   = mptcp_shutdown,
+	.shutdown	   = inet_shutdown,
 	.setsockopt	   = sock_common_setsockopt,
 	.getsockopt	   = sock_common_getsockopt,
 	.sendmsg	   = inet_sendmsg,
@@ -3444,7 +3416,7 @@  static const struct proto_ops mptcp_v6_stream_ops = {
 	.ioctl		   = inet6_ioctl,
 	.gettstamp	   = sock_gettstamp,
 	.listen		   = mptcp_listen,
-	.shutdown	   = mptcp_shutdown,
+	.shutdown	   = inet_shutdown,
 	.setsockopt	   = sock_common_setsockopt,
 	.getsockopt	   = sock_common_getsockopt,
 	.sendmsg	   = inet6_sendmsg,