[PATCH net 00/10] rxrpc: Fix packet reception code
From: David Howells
Date: Mon Oct 08 2018 - 18:47:23 EST
Here are a set of patches that prepares for and fix problems in rxrpc's
package reception code. There serious problems are:
(A) There's a window between binding the socket and setting the data_ready
hook in which packets can find their way into the UDP socket's receive
queues.
(B) The skb_recv_udp() will return an error (and clear the error state) if
there was an error on the Tx side. rxrpc doesn't handle this.
(C) The rxrpc data_ready handler doesn't fully drain the UDP receive
queue.
(D) The rxrpc data_ready handler assumes it is called in a non-reentrant
state.
The second patch fixes (A) - (C); the third patch renders (B) and (C)
non-issues by using the recap_rcv hook instead of data_ready - and the
final patch fixes (D). That last is the most complex.
The preparatory patches are:
(1) Fix some places that are doing things in the wrong net namespace.
(2) Stop taking the rcu read lock as it's held by the IP input routine in
the call chain.
(3) Only end the Tx phase if *we* rotated the final packet out of the Tx
buffer.
(4) Don't assume that the call state won't change after dropping the
call_state lock.
(5) Only take receive window and MTU suze parameters from an ACK packet if
it's the latest ACK packet.
(6) Record connection-level abort information correctly.
(7) Fix a trace line.
And then there are three main patches - note that these are mixed in with
the preparatory patches somewhat:
(1) Fix the setup window (A), skb_recv_udp() error check (B) and packet
drainage (C).
(2) Switch to using the encap_rcv instead of data_ready to cut out the
effects of the UDP read queues and get the packets delivered directly.
(3) Add more locking into the various packet input paths to defend against
re-entrance (D).
The patches are tagged here:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
rxrpc-fixes-20181008
and can also be found on the following branch:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes
David
---
David Howells (10):
rxrpc: Fix some missed refs to init_net
rxrpc: Fix the data_ready handler
rxrpc: Use the UDP encap_rcv hook
rxrpc: Don't need to take the RCU read lock in the packet receiver
rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window()
rxrpc: Carry call state out of locked section in rxrpc_rotate_tx_window()
rxrpc: Only take the rwind and mtu values from latest ACK
rxrpc: Fix connection-level abort handling
rxrpc: Fix the rxrpc_tx_packet trace line
rxrpc: Fix the packet reception routine
include/trace/events/rxrpc.h | 1
include/uapi/linux/udp.h | 1
net/rxrpc/ar-internal.h | 23 ++--
net/rxrpc/call_accept.c | 27 +++-
net/rxrpc/call_object.c | 5 -
net/rxrpc/conn_client.c | 10 +-
net/rxrpc/conn_event.c | 26 ++--
net/rxrpc/input.c | 253 ++++++++++++++++++++++--------------------
net/rxrpc/local_object.c | 30 ++++-
net/rxrpc/peer_event.c | 5 +
net/rxrpc/peer_object.c | 29 +++--
11 files changed, 236 insertions(+), 174 deletions(-)