Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp641565pxu;
        Fri, 23 Oct 2020 09:36:28 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxW1Q9ENEMQRIsgQUBNN0WN75ivotSQWwwG+8pXw8H2uaA0PP66Zisi6XddvGffi2/3L8vF
X-Received: by 2002:aa7:c7cf:: with SMTP id o15mr2891532eds.15.1603470988298;
        Fri, 23 Oct 2020 09:36:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1603470988; cv=none;
        d=google.com; s=arc-20160816;
        b=L/mNYg7GbwBF5rFa1XFgMLUdKb8fQy1g48JidAl5oRjr7cSe75PzvbbCi6BzmGxPeL
         kRUmpVH45BuI8FGpG4cb05hQyIdXFBDUtlpRQTh94MW9JKEmEAllGKoLYsIGpXEnLKEp
         HlDGpslJsmG3FT5+2+okvBiyl5gr+Hv2xeI8esr6HqetdeLAQvFckPHRWEOzjitmRXYF
         Q/y84llAdg+hyBhpJ1K+kc5qHssUPR220kVt1/vP8AeAyvnT9VaLIP8JqS4e+XzDCPZO
         sDWABnP1Z1EjjQ1JJHWErGaTbh//UWRjRi+lIvN8juDd++ybVji3hHEU0P+Uh6Xtg5Wq
         rTEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=fBmYo/+9lN5WrZS8+VFUY+eln77PvkT/0UFmNnb+zKE=;
        b=gfZFkf8zOnoY0sS0/KWGb/bdfDL5JXwQYospIoZySHe/SKmyBd8oc+saqdtpf3HPlm
         zKJO0aUhfq+tHS9O39fLINoZ6U3qX2xYg82DWYxdSPyEcK06S49UGTzeBQDGCM8jOy8x
         zvQomgnNbUQrZdHNA3Ue/W0z3sr6aWfVx1O8+L/G6AtUKM4MJLyH4BWBoJuh5ADA/6yd
         pMXPpBxvDlLJ5URonz4B3ujjDyrkiCtPaVNHHahgylHUQH9ij/fgIIWBpwR8xwkswEKK
         rATz7HtfsmSMRbmXj6L3aFWqQo0LsbgTPIG+D0HDv/aIptMM7aoyfLPlVOhJ8mAm1diC
         ia6A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="R2u/jOJd";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id t14si1110732eds.425.2020.10.23.09.36.05;
        Fri, 23 Oct 2020 09:36:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="R2u/jOJd";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S464511AbgJWP4U (ORCPT <rfc822;crosarcplusplustest@gmail.com>
        + 99 others); Fri, 23 Oct 2020 11:56:20 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43054 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S464345AbgJWP4T (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Oct 2020 11:56:19 -0400
Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BEE7C0613CE
        for <linux-kernel@vger.kernel.org>; Fri, 23 Oct 2020 08:56:19 -0700 (PDT)
Received: by mail-il1-x142.google.com with SMTP id p9so1838230ilr.1
        for <linux-kernel@vger.kernel.org>; Fri, 23 Oct 2020 08:56:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=fBmYo/+9lN5WrZS8+VFUY+eln77PvkT/0UFmNnb+zKE=;
        b=R2u/jOJdCc2r2g0bTh2jFhXbC7DDyeRfoVvwX+zCogwiQbA2Aco4/iIy3lw0o3KmNo
         II8pZXIGBVTDXxlfQcNLdGz8o2HvAB++eCtSaH6WJjFB8M0/RFa/PDeM91h6vZ5MJARU
         aanxxDvjHk0+EQJTzCQktJS+Q3tnyMTSlGQpikm1LVqiL2wDIvGcqu/Zu2wogzIseGnQ
         Umu28KX02nOXazRg6C243ohZJee/Z5pi+1LrYZmsaOzJHDdJaOgDtAq0v3yGgTCyyy9o
         3ZFV/sazJgyw9CUDGuY7LihsQ1qBR4WKNjC40bb+28IO2n69/Zr0KfCY92Zq4m35hrEl
         EzoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=fBmYo/+9lN5WrZS8+VFUY+eln77PvkT/0UFmNnb+zKE=;
        b=aXCYK6UNLOMhZd3VNbxf6o5NZbuFFl+wB7fYnTbpw/PqTwCdlqH5vBN3yLsbiW6BBx
         KSUVbmfxZZrAxMICZPzpGzLwLeSQcX+5NgB+rVPvg1hJcyVKQDgK1jTnt2Lk9FC0BBi+
         dVaJ8fbpHIVJ/uFPEqDngecDmyXxnhFRFEswGF6Q4wHzs9bPF4nv/mIyMF4TkZ3Cai9x
         f1yPGgD1YKClNhFqSaXRQeNWeCuHm1fYcTXGETJHnsklofcb/g/e1yFkXQi1f192vHjK
         ytQSenBpWpUUg1cn+ZFEh+hWSMSXYV1pRENFEML4XXNRGwHv/yVMQO+6W82N9ElesdSR
         ARsw==
X-Gm-Message-State: AOAM530mXaLqmzh27IZ9xl/ZTGkMNaNljwtL6mfoNgXquyKkge3NtW3i
        6Ef8dSoV1fijFUHBx00jSSoMwOT1IAyRBTTLEZaMsg==
X-Received: by 2002:a92:c213:: with SMTP id j19mr2252436ilo.205.1603468578629;
 Fri, 23 Oct 2020 08:56:18 -0700 (PDT)
MIME-Version: 1.0
References: <20201023111352.GA289522@rdias-suse-pc.lan> <CANn89iJDt=XpUZA_uYK98cK8tctW6M=f4RFtGQpTxRaqwnnqSQ@mail.gmail.com>
 <20201023155145.GA316015@rdias-suse-pc.lan>
In-Reply-To: <20201023155145.GA316015@rdias-suse-pc.lan>
From:   Eric Dumazet <edumazet@google.com>
Date:   Fri, 23 Oct 2020 17:56:07 +0200
Message-ID: <CANn89iL2VOH+Mg9-U7pkpMkKykDfhoX-GMRnF-oBmZmCGohDtA@mail.gmail.com>
Subject: Re: [PATCH] tcp: fix race condition when creating child sockets from syncookies
To:     Ricardo Dias <rdias@memsql.com>
Cc:     David Miller <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        netdev <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Oct 23, 2020 at 5:51 PM Ricardo Dias <rdias@memsql.com> wrote:
>
> On Fri, Oct 23, 2020 at 04:03:27PM +0200, Eric Dumazet wrote:
> > On Fri, Oct 23, 2020 at 1:14 PM Ricardo Dias <rdias@memsql.com> wrote:
> > >
> > > When the TCP stack is in SYN flood mode, the server child socket is
> > > created from the SYN cookie received in a TCP packet with the ACK flag
> > > set.
> > >
> > ...
> >
> > This patch only handles IPv4, unless I am missing something ?
>
> Yes, currently the patch only handles IPv4. I'll improve it to also
> handle the IPv6 case.
>
> >
> > It looks like the fix should be done in inet_ehash_insert(), not
> > adding yet another helper in TCP.
> > This would be family generic.
>
> Ok, sounds good as long as there is not problem in changing the
> signature and semantics of the inet_ehash_insert() function, as well as
> changing the inet_ehash_nolisten() function.
>
> >
> > Note that normally, all packets for the same 4-tuple should be handled
> > by the same cpu,
> > so this race is quite unlikely to happen in standard setups.
>
> I was able to write a small client/server program that used the
> loopback interface to create connections, which could hit the race
> condition in 1/200 runs.
>
> The server when accepts a connection sends an 8 byte identifier to
> the client, and then waits for the client to echo the same identifier.
> The client creates hundreds of simultaneous connections to the server,
> and in each connection it sends one byte as soon as the connection is
> established, then reads the 8 byte identifier from the server and sends
> it back to the server.
>
> When we hit the race condition, one of the server connections gets an 8
> byte identifier different from its own identifier.

That is on loopback, right ?

A server under syn flood is usually hit on a physical NIC, and a NIC
will always put all packets of a TCP flow in a single RX queue.
The cpu associated with this single RX queue won't process two packets
in parallel.

Note this issue is known, someone tried to fix it in the past but the
attempt went nowhere.