Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp227808ybt; Tue, 30 Jun 2020 19:21:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzuyuoZIx+tz6TrI04kmkBcru/WJLxa5ZMYDZdzxJ0tmOXHEpepUOFxJudkqhuHligAWdzJ X-Received: by 2002:a17:906:404e:: with SMTP id y14mr20380342ejj.260.1593570069419; Tue, 30 Jun 2020 19:21:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593570069; cv=none; d=google.com; s=arc-20160816; b=EBDeGCHWwb7poE3DvXINOZUHFYzdaqhEcI6xqxWvFaAtHaIeKi9N2CQ7xudc4vqbOe Oz96cHkZVuI/xTxOBekObfZRkeNID1kCOtav64qBjFW02a9RzPcxJRo1/+exe0WHJz3g 4kQ9MMVMeM0sggLYuqTZgK/xaT0bxrpN3uE297FP4YnFuOFyDFFwWPHaEYwpXlrxylFX P1aI70SlMuZW5Ph1S7MWpnEhWzAHac7plFBkOFrgI7f/0VNO2tOBNd3AFY7tE0HQQfQ5 xpi9VDAzxjADQjABlbkV/K9hkDPdeeRTsja6vMWBvG2Ag9k25CMj5yiE4KhTwT52fmn+ 9EaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=QQ3KRdyNKq0NjChcDS5Efh5/mojKWckJwK+l+KsphhM=; b=xK7Xt4Ww27G9aARAVEy3oIGRpQqpCDIsFewavMzj4AlJhgQuzaDn5aF16tDgJa09Y1 8O6hkLitdrW7NIQlJ943cdDhzMv874OHzN8XRCxArVgGLSwi59dXEU70u69Ez9h8pVqS WgTdW9Z2T++sY7FlwGbhtDuaDMHvwcVerTOoEsmoYCe/7s7n9vMGG7Qh53s18nSKQLZj PdSoYu23r1kCtqYfcpDA70H3HutE9MslK4EDyZ/C4kAzAaJPuSDR0cmTeGamuBr+UWk7 InheFvD0OFScO0allksNAyOSuYSDyktbPxafXMnyjSkUy2FEnD7HKPa29XPFbXMDPdmL x0tQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=fJXH5kgA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k6si2775227edn.299.2020.06.30.19.20.46; Tue, 30 Jun 2020 19:21:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=fJXH5kgA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726427AbgGACSA (ORCPT + 99 others); Tue, 30 Jun 2020 22:18:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50040 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726110AbgGACR7 (ORCPT ); Tue, 30 Jun 2020 22:17:59 -0400 Received: from mail-yb1-xb43.google.com (mail-yb1-xb43.google.com [IPv6:2607:f8b0:4864:20::b43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53C4EC03E979 for ; Tue, 30 Jun 2020 19:17:59 -0700 (PDT) Received: by mail-yb1-xb43.google.com with SMTP id e197so7142744yba.5 for ; Tue, 30 Jun 2020 19:17:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QQ3KRdyNKq0NjChcDS5Efh5/mojKWckJwK+l+KsphhM=; b=fJXH5kgAaIYzB9rvTW3U8j5fmccmSA2+BZfNUdfYIAtTuU56W7Y0oFU3fczx2+skFX 0Jm11JvxZahtDz5DQF5DRP8qBedrTLySaMN8TKxxdRFNEz0vc3XOtEx5yOb2mWzEZrTj bnneqqERieACLYgpzOV3LEI2+4or2SnpV+9bZdt+nE1Q61ZZowJ1BzVAMJdS/zn+YqE1 6PqJ+RDkkuB5TiDQiaK/XwClyG4Jp8BA5ss9XY9UStTr8e5p184j7g6VoNUaly9io3jX MD+FViLQmQsp0CjbZNld+lhsKFPu8hRdWZaiqEOlJYgJ9dPwV4s+gaDtVzTva3vsVHPD 7FPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QQ3KRdyNKq0NjChcDS5Efh5/mojKWckJwK+l+KsphhM=; b=L1yp95rrVayQ5lMbuUgz6tq+4eMIeFiYLOwpGI9opu20Id1MBuTdDJRQ1YxDFO4ZoE uFVqOkzuIawx558PHc+UtBmG4mnVx3o9gbZE6Slc5Es5eQJQRFhJGIgZGJURPiZXEtJY 53AkL8JemIDbEXNgbBNe6Ad/x49/CMtDTmmd4I9tbd+9JdFrGykMb9jwOoPVMy0dKBGp 4oaDuBvXr1SQMOjSv9RfGDarwF7R5Nx9oNMfHYgQ3sGtd4RnPiGqb+j/ndPOGjxWKORp uuZ2MexOG4XsfRTCfyNnFbjtSPJ5Hf+clpvL+yzBMuH2H7x5bbG11gM1kQgbPmSEBZrm RLbQ== X-Gm-Message-State: AOAM532OvIHlJliRg978igNVYQJNIb+Xxky2DMlEt+cWIXYHhxLkcS3z eRqmePatyAxvxizSNdZ3VYI9TVt311hlPOwctIlrMr8bHSE= X-Received: by 2002:a25:ca4a:: with SMTP id a71mr17561581ybg.101.1593569878306; Tue, 30 Jun 2020 19:17:58 -0700 (PDT) MIME-Version: 1.0 References: <20200701020211.GA6875@gondor.apana.org.au> In-Reply-To: <20200701020211.GA6875@gondor.apana.org.au> From: Eric Dumazet Date: Tue, 30 Jun 2020 19:17:46 -0700 Message-ID: Subject: Re: [regression] TCP_MD5SIG on established sockets To: Herbert Xu Cc: Mathieu Desnoyers , David Miller , Linus Torvalds , LKML , netdev , Yuchung Cheng , Jonathan Rajotte-Julien Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 30, 2020 at 7:02 PM Herbert Xu wrote: > > Eric Dumazet wrote: > > > > diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c > > index 810cc164f795f8e1e8ca747ed5df51bb20fec8a2..ecc0e3fabce8b03bef823cbfc5c1b0a9e24df124 > > 100644 > > --- a/net/ipv4/tcp.c > > +++ b/net/ipv4/tcp.c > > @@ -4034,9 +4034,12 @@ EXPORT_SYMBOL(tcp_md5_hash_skb_data); > > int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, const struct > > tcp_md5sig_key *key) > > { > > struct scatterlist sg; > > + u8 keylen = key->keylen; > > > > - sg_init_one(&sg, key->key, key->keylen); > > - ahash_request_set_crypt(hp->md5_req, &sg, NULL, key->keylen); > > + smp_rmb(); /* paired with smp_wmb() in tcp_md5_do_add() */ > > + > > + sg_init_one(&sg, key->key, keylen); > > + ahash_request_set_crypt(hp->md5_req, &sg, NULL, keylen); > > return crypto_ahash_update(hp->md5_req); > > } > > EXPORT_SYMBOL(tcp_md5_hash_key); > > diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c > > index ad6435ba6d72ffd8caf783bb25cad7ec151d6909..99916fcc15ca0be12c2c133ff40516f79e6fdf7f > > 100644 > > --- a/net/ipv4/tcp_ipv4.c > > +++ b/net/ipv4/tcp_ipv4.c > > @@ -1113,6 +1113,9 @@ int tcp_md5_do_add(struct sock *sk, const union > > tcp_md5_addr *addr, > > if (key) { > > /* Pre-existing entry - just update that one. */ > > memcpy(key->key, newkey, newkeylen); > > + > > + smp_wmb(); /* pairs with smp_rmb() in tcp_md5_hash_key() */ > > + > > key->keylen = newkeylen; > > return 0; > > } > > This doesn't make sense. Your smp_rmb only guarantees that you > see a version of key->key that's newer than keylen. What if the > key got changed twice? You could still read more than what's in > the key (if that's what you're trying to protect against). The worst that can happen is a dropped packet. Which is anyway going to happen anyway eventually if an application changes a TCP MD5 key on a live flow. The main issue of the prior code was the double read of key->keylen in tcp_md5_hash_key(), not that few bytes could change under us. I used smp_rmb() to ease backports, since old kernels had no READ_ONCE()/WRITE_ONCE(), but ACCESS_ONCE() instead.