Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp4850880imm;
        Fri, 18 May 2018 11:45:33 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZrjvgSuqcbU0Jd93slNc10WNL+sKb7MNmzt5GMBxUrsZQiYjXydkZkn0LKHnq4rd7dNTqhK
X-Received: by 2002:a65:4a46:: with SMTP id a6-v6mr8474761pgu.227.1526669133352;
        Fri, 18 May 2018 11:45:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526669133; cv=none;
        d=google.com; s=arc-20160816;
        b=url/NxA4nLkMa2jl8hxWBQq1aTF/w4Yl3Armb92xWcdiUxoSu8xDyxD5nq3kYrK3dc
         cJVRkzmB1C5sKIhhMcoL8aVw1a24BpBQf2x0ok4nGTgo4U+V5o6VBUWe9oNJD0imK3mn
         69LuZkucZyJRQ7MtEfM34UzHEBdjmxsf5BZF0fSR/39A095eQMmFCCJSODfPv3bMFrtf
         /9mFklAeyWF7qTeoO/BeLv4pHEjAL8AxwtUXRa4Noup1mIdmuOEHTSRWiBKqNoiq6SoN
         HDw358YQHhENUneKhvEBtsJCRyNY884X66cDp7GQ2VUg2AX0h7FSVHevmp6iW6vWvGhW
         EqLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=+eQTI4omKd4oqo+nFeep167kqAMUCqvsZN6VmPCGXq8=;
        b=HTN6qWNVd02Q5JEunVeUfmVb0IGypOsqAdECCjCncZOkWB4/WY7qqs3rDulKcINBSR
         Tr4Kszm1+NovmUH9Mi0rcnpfdcybD6UTHv8qCZ01Ej3AFLoKBEWcqy8t4vxTXQwuIGYO
         MMirVRJnMOhKYjz+yerStvZBh79tbc1PTUlramGmC22oVzB6YabH56/A0m5VAXmWl80z
         rzZ6BfnDVu7ujNCGkQ0yyvRxU3uDNTE8B6ChUl4rmMN+HF9xmt+9+jG4xma4lomGvWds
         rnwKkUKa22CW2NgbiKCYskl0Xj54rAc7SbuIe1kzmDRQvjeVQSNFxOisYfzuoLWxoE0C
         7jEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=AkW/20X4;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s10-v6si6405540pge.41.2018.05.18.11.45.18;
        Fri, 18 May 2018 11:45:33 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=AkW/20X4;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751588AbeERSpG (ORCPT <rfc822;mohamedabbas.us@gmail.com>
        + 99 others); Fri, 18 May 2018 14:45:06 -0400
Received: from mail-ua0-f195.google.com ([209.85.217.195]:45279 "EHLO
        mail-ua0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751156AbeERSpE (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 18 May 2018 14:45:04 -0400
Received: by mail-ua0-f195.google.com with SMTP id j5-v6so5977428uak.12;
        Fri, 18 May 2018 11:45:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=+eQTI4omKd4oqo+nFeep167kqAMUCqvsZN6VmPCGXq8=;
        b=AkW/20X4x9lrOhc2R12M8c21w1hQuPOxVxNsVntazC29EZTmnxNT+n2W/O69sGHxX+
         IyKZNLsBNp0QoJjoMK7+IU7Irx9Kr3NlwtKockZSIR1aVatCIX4+f9GQNFBEZneHVt9G
         8914qf6lza7XZ/5rb2JZTd5SJAvZFid459XKEeEWLg0isSZj/Jwft5D7/NKQR+N0HZGR
         OjZS105zBzDYvfWcEUyRGobr1qfa312ZCJxJT7fRqZy0FRQLjrp2sT0JYbiixYXvKPCF
         DD1KEF2kR9/RPwSeBsKOuFlzGBCwZSbBAkxcaUT8gAzd4AqP0Comw1il8cwRBGVKivuN
         zQfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=+eQTI4omKd4oqo+nFeep167kqAMUCqvsZN6VmPCGXq8=;
        b=S4c7DYrqCumjhFGvnVd44F6aBgK9gjCa/08Et9ojkHOjD3XwNuCUMAv78hAT6L1gfa
         0whCD1f1HEiWBiuMlFU9K77ov2dsNiL+l7wwdXKFCQQnag2xqfUmDMFTe6Y1Jr8iZixs
         lZGcM2ypr0EEyuTmfj/4d/sWD2ZA441ZWfhpaylkQF/nCdsj4VatpXf0P0Gq4m9Tb+B6
         RK0xXkFCjo1CyvmqY3zGOWgN2UyjKLGAu7EadrCbqb2dU4wM0FgFthmIae0xsMoV0oOu
         kdhmiqnwG95siu8Bh+B1vy+Eh+7jj8XaygPqpfSzsjIce7pMcUNRcvu0Bg4FmaSsu2R6
         OL8w==
X-Gm-Message-State: ALKqPwd6/5Xud/0OAiYesU3CPDLgBzZs/3Qle/IMIEPG6e83lPYEtUwr
        7XH+ZVMuXPY7o4DbDyR625IpadOT2eZl9XIVHjM=
X-Received: by 2002:ab0:3004:: with SMTP id f4-v6mr8254888ual.80.1526669103325;
 Fri, 18 May 2018 11:45:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.151.90 with HTTP; Fri, 18 May 2018 11:44:22 -0700 (PDT)
In-Reply-To: <CAF=yD-Kb4ZfJ3sMAnWEOB_s9Y=TTnLbRZxrDPiGZLO=trPjY5Q@mail.gmail.com>
References: <20180518120826.GA19515@dragonet.kaist.ac.kr> <293d029c-b14c-a625-3703-97a5754e99f1@gmail.com>
 <20180518.114433.390752642781753429.davem@davemloft.net> <CAF=yD-Kb4ZfJ3sMAnWEOB_s9Y=TTnLbRZxrDPiGZLO=trPjY5Q@mail.gmail.com>
From:   Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Date:   Fri, 18 May 2018 14:44:22 -0400
Message-ID: <CAF=yD-LvZk+gdyf_Kq1j+hoJBmFnTKgR=DResvMAC7tEJCgGJw@mail.gmail.com>
Subject: Re: WARNING in ip_recv_error
To:     David Miller <davem@davemloft.net>
Cc:     Eric Dumazet <eric.dumazet@gmail.com>,
        DaeLyong Jeong <threeearcat@gmail.com>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        Network Development <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Byoungyoung Lee <byoungyoung@purdue.edu>,
        Kyungtae Kim <kt0755@gmail.com>, bammanag@purdue.edu,
        Willem de Bruijn <willemb@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, May 18, 2018 at 1:09 PM, Willem de Bruijn
<willemdebruijn.kernel@gmail.com> wrote:
> On Fri, May 18, 2018 at 11:44 AM, David Miller <davem@davemloft.net> wrote:
>> From: Eric Dumazet <eric.dumazet@gmail.com>
>> Date: Fri, 18 May 2018 08:30:43 -0700
>>
>>> We probably need to revert Willem patch (7ce875e5ecb8562fd44040f69bda96c999e38bbc)
>>
>> Is it really valid to reach ip_recv_err with an ipv6 socket?
>
> I guess the issue is that setsockopt IPV6_ADDRFORM is not an
> atomic operation, so that the socket is neither fully ipv4 nor fully
> ipv6 by the time it reaches ip_recv_error.
>
>   sk->sk_socket->ops = &inet_dgram_ops;
>   < HERE >
>   sk->sk_family = PF_INET;
>
> Even calling inet_recv_error to demux would not necessarily help.
>
> Safest would be to look up by skb->protocol, similar to what
> ipv6_recv_error does to handle v4-mapped-v6.
>
> Or to make that function safe with PF_INET and swap the order
> of the above two operations.
>
> All sound needlessly complicated for this rare socket option, but
> I don't have a better idea yet. Dropping on the floor is not nice,
> either.

Ensuring that ip_recv_error correctly handles packets from either
socket and removing the warning should indeed be good.

It is robust against v4-mapped packets from an AF_INET6 socket,
but see caveat on reconnect below.

The code between ipv6_recv_error for v4-mapped addresses and
ip_recv_error is essentially the same, the main difference being
whether to return network headers as sockaddr_in with SOL_IP
or sockaddr_in6 with SOL_IPV6.

There are very few other locations in the stack that explicitly test
sk_family in this way and thus would be vulnerable to races with
IPV6_ADDRFORM.

I'm not sure whether it is possible for a udpv6 socket to queue a
real ipv6 packet on the error queue, disconnect, connect to an
ipv4 address, call IPV6_ADDRFORM and then call ip_recv_error
on a true ipv6 packet. That would return buggy data, e.g., in
msg_name.