Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp710928pxb; Thu, 19 Nov 2020 11:49:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJxMBPKAQVMfMyVMCIzdEf8ir0JwoV6ST8vBw9WBdm0ghcuLqyiZEW35FDPmrL0nA8IDBBpL X-Received: by 2002:a50:fc85:: with SMTP id f5mr3127430edq.225.1605815372766; Thu, 19 Nov 2020 11:49:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605815372; cv=none; d=google.com; s=arc-20160816; b=I7SW7PQzj0+Y+YA80KlbjzzKxbEO4d9PKTGq/eU8wBlu8fsn8fKcqdwLu0O2ODRi39 t5WzYWcpgSm+5KlyoD/wJCquG4RPwKZbRs3teM6mFZLW+qSy2weB30r/anOytYYIIyb7 zSJLJVxd7rwTWlmYx6NlU3zM+e23ej2inZ+UwOd9HwrDhP+DFWBjp/u5doeXGoHxmC95 Wi6yZp7FUAV4phel1nD9/jZbTmPE0U/lxi7n+u5/HQqK2LHGja7YP9TPNL4jhwlIg66L VislTaj1oxcUXkRE8dSmqfxP7hg9uDL8CN34m7xBYkgWDBWfTSd3o9mvslKhXyQZuIA3 a9zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=0KGIu9QRLsnQRLw4m01WgKEPBTZoDdSdeLkEBZ2tnKA=; b=CZrG7u90nuWAx5HJP4lD2HW6SeaMjdohwjvyE1XJhCDQEQGS6OUSDK91vxl0TWHZ+j /sbIk0l05lKXSsvFuY+2Ca2oXI448ElqaFSIWOIjj/VqgTXiljbC0mVZjXZEHMP9VA1J wfGqSLq0p0wFk4iLBPdvG/7gXoD7RvqyM4DrawKozUvCb3j9qjAQhXtL1LbB3GXNPvsJ FRvD5FhauUgfadEoWC1ZdEtdPq8Gcgi3ihc0BQyb3HFN9o5IAbOnMvQ4/1qqDtAvhFy7 s9YPwfD4ZLGFk2uJSRFwgCwCORPjWMavSpS3NbhZVXnB0Ljy+qky1VdNU7E5PAeqmeXw 8e1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=wFtV9CzT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h6si382144ejd.632.2020.11.19.11.49.08; Thu, 19 Nov 2020 11:49:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=wFtV9CzT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727453AbgKSTpn (ORCPT + 99 others); Thu, 19 Nov 2020 14:45:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727066AbgKSTpm (ORCPT ); Thu, 19 Nov 2020 14:45:42 -0500 Received: from mail-il1-x141.google.com (mail-il1-x141.google.com [IPv6:2607:f8b0:4864:20::141]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B38A3C0613CF for ; Thu, 19 Nov 2020 11:45:41 -0800 (PST) Received: by mail-il1-x141.google.com with SMTP id q1so6451731ilt.6 for ; Thu, 19 Nov 2020 11:45:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0KGIu9QRLsnQRLw4m01WgKEPBTZoDdSdeLkEBZ2tnKA=; b=wFtV9CzTOhb0ygSMdv7pxPCcDzW5ecgnSj9bV0GLsBaHBjOjZH+dQAUZHvfAN5nr9z jhy8r/GaWxtSdwlC8C9jvnq8lACIvAvInSLgqr835nKCGRMjyNohDU9HkVvi9tjnrLRm zfJVvv39fRmXm8+uGVjYwjZokiwhlRLPzjfbNbMKt6joieaJa+9Z1XMuZASwugDJy2fo F7wv8MN0LgZEKCkTcB85WG9euTP1j3OoSpcz+ZaHdQ9ZtwIklMULl3LzLe2PXlSK2v9G PVhp0ut2Zm+iu6KHy5k+r6ALFj9ve6zGgRTnkvvEGZxmIbKZSSnHdMCU2xvzf02TMZnn VBQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0KGIu9QRLsnQRLw4m01WgKEPBTZoDdSdeLkEBZ2tnKA=; b=kYTCsHIeldHbcbxl/plcvTdHKfYmqVZqktxC9PhU++XHemFwgU5COwLoR4Vbwyj7JB NqTzgSaV5eXEOovw6hx0Ga8tee5NQBC+P7zcgNfaPdm9osjw9jSAY0Sk08KvCaB8u9rb Jnmd8H77CT1PIlHNAq3zb9LiPianTXTwDlK8YHbJgbwgI44I+uw1xu7IxB6MFM8AHlpa /x2jRCmBbN2TREpXhRmlvxCITyDmqP+Z+lT1A/jLSUwMZ4pEmqm8b7qjvoIT8L6KXrCx h9oEev+aTZhi0LB0aedLfqVCGTZtj1UfgNz6vbPHXgGxe7OvnlUjiV0TUoplI8RmEKqp Tdlg== X-Gm-Message-State: AOAM533U1n9u84epa6LBUxNLvW+SU4AJUQXKZXcldGtQU7VHql1nXgqB +7N8m1C7F25L2/neObQF608SyY5qxFrrwoUV5U47ew== X-Received: by 2002:a92:358e:: with SMTP id c14mr6919106ilf.69.1605815140718; Thu, 19 Nov 2020 11:45:40 -0800 (PST) MIME-Version: 1.0 References: <20201119192442.GA820741@rdias-suse-pc.lan> In-Reply-To: <20201119192442.GA820741@rdias-suse-pc.lan> From: Eric Dumazet Date: Thu, 19 Nov 2020 20:45:29 +0100 Message-ID: Subject: Re: [PATCH v7] tcp: fix race condition when creating child sockets from syncookies To: Ricardo Dias Cc: David Miller , Jakub Kicinski , Alexey Kuznetsov , Hideaki YOSHIFUJI , netdev , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 19, 2020 at 8:24 PM Ricardo Dias wrote: > > When the TCP stack is in SYN flood mode, the server child socket is > created from the SYN cookie received in a TCP packet with the ACK flag > set. > > The child socket is created when the server receives the first TCP > packet with a valid SYN cookie from the client. Usually, this packet > corresponds to the final step of the TCP 3-way handshake, the ACK > packet. But is also possible to receive a valid SYN cookie from the > first TCP data packet sent by the client, and thus create a child socket > from that SYN cookie. > > Since a client socket is ready to send data as soon as it receives the > SYN+ACK packet from the server, the client can send the ACK packet (sent > by the TCP stack code), and the first data packet (sent by the userspace > program) almost at the same time, and thus the server will equally > receive the two TCP packets with valid SYN cookies almost at the same > instant. > > When such event happens, the TCP stack code has a race condition that > occurs between the momement a lookup is done to the established > connections hashtable to check for the existence of a connection for the > same client, and the moment that the child socket is added to the > established connections hashtable. As a consequence, this race condition > can lead to a situation where we add two child sockets to the > established connections hashtable and deliver two sockets to the > userspace program to the same client. > > This patch fixes the race condition by checking if an existing child > socket exists for the same client when we are adding the second child > socket to the established connections socket. If an existing child > socket exists, we return that socket and use it to process the TCP > packet received, and discard the second child socket to the same client. > > Signed-off-by: Ricardo Dias > --- > v7 (2020-11-19): > * Changed the approach to re-use the first (existing) socket created > from thge syncookie. Instead of returning the existing socket in > tcp_(v4|v6)_syn_recv_sock and continue the protocol state machine > execution, tcp_(v4|v6)_syn_recv_sock signals that already exists a > socket, and tells tcp_(v4|v6)_rcv to lookup the socket again in the > established connections table. > This new approach fixes the errors reported by Eric for the previous > version of the patch. > * Also fixes the memory leaks by making sure that the newly created > socket in syn_recv_sock is destroyed in case an already existing > socket exists. I think this is going too far. Your patch is too complex/risky, and will be hard to backport to old kernels, because TCP stack has changed a lot. Alternative approach would be to detect the race and simply drop the packet that lost the battle.