Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp710771pxu; Fri, 23 Oct 2020 11:18:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxdjvHxwyR/oXWe20HfAYG7Xxzm42Bzae7DFJkG4QOn+NVUDxZMGgzE46cMgyYDi37PytPe X-Received: by 2002:a17:906:fb86:: with SMTP id lr6mr3217708ejb.510.1603477119758; Fri, 23 Oct 2020 11:18:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603477119; cv=none; d=google.com; s=arc-20160816; b=vooBz13kwDAGFTwOn/RTQr55JbFhUV/ognIVGDtKWYY7chgIKKx1e41VlhjLWehXcH WCZ4ZyWBZ+puZWytD+/qq53KyGicAkE69hJtwBac2+bZSijrshLc3pfCyGTgLW/aWRFy F/mYP85sbwgZDqNr+aDIVbYRzdNVe5ONZ6P7g+0LR7IlhUOOYpn4MvG0XdYrQmMED3Yq zDpudOxa+yrBnnrzL9HGy1yXbPm4ubcLdC2JtANdVvYXUrznjgDW8U+bJAhFXMfxlcag PNaka8Q+IKZ516PNauBL1/+g94iczCWw0mnuAR1sTGgeTzMfKSfb195XjYu5S1Ec/9z2 Jw7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=mRssJ8ydvqoiUM8sCx1vOe+z6Z5ELMLVEz5GB2mujoE=; b=B0R3r3io6lJ2LwyOt/I8uPKk4BvRc185WTH7B12ebX6rneLmcdWld0rl+2DWVS6WnP hbanfBvExqdZtrFk3nZ6hWFrGZjc7QNdU6nqGFdz8RxiFVpGeIlbZ1R6xbK/o1SZxYgu bupvAiLlROxNDeQDK499tn8jTdtEzkNmWrT6xD4eQITSNMpzkS0l3Z4HsS6J+0YVBBB0 x6+z4CsftuItgylA9sP/EZIlEm2t7rFwjh04/hqqDUz3cBtfjUzWgm17StsoljZoEHyK 32scQBpllxw6FlY0uYgrbSRYzrL16pwJS4ai62ABGyXyZMA+s0YoYGDpnoTFxA3mqzvk EzHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qVnKKmWE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e12si1361882ejd.673.2020.10.23.11.18.17; Fri, 23 Oct 2020 11:18:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=qVnKKmWE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750227AbgJWODl (ORCPT + 99 others); Fri, 23 Oct 2020 10:03:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53780 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S374541AbgJWODl (ORCPT ); Fri, 23 Oct 2020 10:03:41 -0400 Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E8DBCC0613CE for ; Fri, 23 Oct 2020 07:03:39 -0700 (PDT) Received: by mail-il1-x142.google.com with SMTP id n5so1451861ile.7 for ; Fri, 23 Oct 2020 07:03:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mRssJ8ydvqoiUM8sCx1vOe+z6Z5ELMLVEz5GB2mujoE=; b=qVnKKmWEAm0tfevBxG8rohkBBkyKlxmoQaS3qyQab549eqEpSl0oV7ZaCdkNsJbuE/ kHi1jn95s1rccakqFUVXeSml70b7i34pPKIw9QgA/oAn4nwBJGMmeDt7oXiL20a25XYn EtpfoTrKVJV9n11Kf1pR2NaFLqFzUvUqLI95fEX7R1//3V+5RGWmgfytn3HqwL2vZHww s3BpqsuRXbNW36+STmgyfKDXJX08GZS3f9WAWGo2EuQVeDczmDwa04ag4Wf2De51teAf JcbFqXGzwjreIWBEUAyHJlhHenkH4iRRke0qo/lb/6saPU51C+Dpbv3zJ1v5iXORC307 6S1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mRssJ8ydvqoiUM8sCx1vOe+z6Z5ELMLVEz5GB2mujoE=; b=tZcew5Ii7zdnlyB1+TgiiuKgLtHJmZR3TO3i8ZHpvGxiV502gOsi9yF3obr1RRkwSZ 7m2UhiDblr1LIKHRBc0eGdrv7upPDtALLJB2gZPb4tNGJ1RTCvZjQ8Syfa9xb5AS2ZLw H9e0f7pPDhL+0/RgWUFdcxV5ti3to4we33A4sHhAomnnn32NTHETWXdV0l5g6GWiH7Ou QK6PVO9tBzmA3pWRpTvqVxlsfguj35BTWeKpTM7MK95hfy3OhTtAGnSa9JQMnaKX4Vww tiLUeWlJ0M5rrxiIr+EuiFu1vHUyS9KZwhsCyitfB4RfCcN2YblKBTT5FDx6uY+lantE nLaA== X-Gm-Message-State: AOAM533M+tECv9TTWIXuoSEC1+G2VdBtNEys2LdCLNCHu5nfW/LrIA8n eamXSgvMbzVDnaLHzKCO/LUgyeKyMnb07waPkBR6VA== X-Received: by 2002:a05:6e02:970:: with SMTP id q16mr1766465ilt.69.1603461818703; Fri, 23 Oct 2020 07:03:38 -0700 (PDT) MIME-Version: 1.0 References: <20201023111352.GA289522@rdias-suse-pc.lan> In-Reply-To: <20201023111352.GA289522@rdias-suse-pc.lan> From: Eric Dumazet Date: Fri, 23 Oct 2020 16:03:27 +0200 Message-ID: Subject: Re: [PATCH] tcp: fix race condition when creating child sockets from syncookies To: Ricardo Dias Cc: David Miller , Jakub Kicinski , Alexey Kuznetsov , Hideaki YOSHIFUJI , netdev , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 23, 2020 at 1:14 PM Ricardo Dias wrote: > > When the TCP stack is in SYN flood mode, the server child socket is > created from the SYN cookie received in a TCP packet with the ACK flag > set. > ... This patch only handles IPv4, unless I am missing something ? It looks like the fix should be done in inet_ehash_insert(), not adding yet another helper in TCP. This would be family generic. Note that normally, all packets for the same 4-tuple should be handled by the same cpu, so this race is quite unlikely to happen in standard setups.