Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3918667pxv; Mon, 28 Jun 2021 16:38:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyAJFpbLCX/jgEbeKBswW2FSseVxr2Rs9Gf+sCeIgvFOw1+R7MQNnMXTI8DNq/LwoNq46yk X-Received: by 2002:a92:cdaf:: with SMTP id g15mr20108770ild.272.1624923538657; Mon, 28 Jun 2021 16:38:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624923538; cv=none; d=google.com; s=arc-20160816; b=C1+V+gRfX1MtZL0iXHYosBsxz8Akd6xB/KaitlcJhgfmqAxDknOEk4MuRR3zcHEFo9 Eoyk4c0EeVjQz7idw9PyG+IJqrK4oF6NcUJE6KyWTsiCXfnFmsUf5CYKk982yOf26whN iRRAOhoOKrSVAJzaJ2oQqpnekiA+JzMdsi0ubGrKqfr3jQDyeflRxNLmYqq6VO/ZEDh6 gl17511nZfGyZbTzMcTsJyvyUqJOXEFSfEAx7V5DpAkCJXm/EbdF0GtFweG+uvGJL6QO 4dTki+I14evbYhaR0CjIOVQW/FOmN48Ms+mnNtP83H83I+Q7NEtEsV6Q1+nnteyUrXfT e5AA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Mo3OdiLTZvGcXxBpncIESoNRczm8dPaHap71ZY+M2V0=; b=n5CuDlvf9cYOQrCOC3cjr+l7xIDdn3m/kO61pKmcPe0CKc3SZE9eAqaOq5e4EEuPcP FR04kmfXymIoLR3B88uc6YeQwWrzj8T1yyZoChxHJ2C5lq8lKseMlEyA61pvMLPy/rYf mLWynU7oUPDqthBS/1WbpYRpYoF0g1b2/w85Z4IcJ5e2qNy8hLT6MDHdx9zRK/9Fu1vQ CKINs4xEF01mwHsps52btp1v8nuZAt2OOQPoxilQCdC6EOuSf8vlLi4bxG4VaMP1DnfW cUvDQrqfBugkZdCTzltvr2jbt77NhCFDyzuYxzcNQf4dhdKzK/Ws8h3mNxj9imoSxaaZ YxMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vIIyxo7O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q11si6247709ilt.85.2021.06.28.16.38.46; Mon, 28 Jun 2021 16:38:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vIIyxo7O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232010AbhF1RMa (ORCPT + 99 others); Mon, 28 Jun 2021 13:12:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232999AbhF1RM2 (ORCPT ); Mon, 28 Jun 2021 13:12:28 -0400 Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AD2ECC061766 for ; Mon, 28 Jun 2021 10:10:01 -0700 (PDT) Received: by mail-vs1-xe35.google.com with SMTP id y25so5825850vsj.3 for ; Mon, 28 Jun 2021 10:10:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Mo3OdiLTZvGcXxBpncIESoNRczm8dPaHap71ZY+M2V0=; b=vIIyxo7OmqipykkX5c7TZY0dBl2DBO3LJAsvk6kupavZ/V87biwTFvAdI+3oiiDJX+ EzSvGXjyp22IIwsK7mBLNaYK555SXWp/BRJ0EhlU636KrVcvtIAssh5/qazVZqfrqcuF 92aIwWe3w8N96gfULh0Ql+FKm+XbNgVhqm0e/M2O3+0TR6w6FCUycRXn0Jw4F/JcKgUk LsF/f8FZNQLv+CpRz5a7Ruq6qCmvTmH/c5Fy8hb8bLFq18kpNQ74EBh7HGgcau3OuQoq XAiVrjqI5gMizAgWSksVHOLw/nOB4/PnbeLua3/N28XxnwCnK6rVI0SCLJ4q4CN3/5hk tr7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Mo3OdiLTZvGcXxBpncIESoNRczm8dPaHap71ZY+M2V0=; b=FbnNowDd74jbCdZqkHaipymgbQWwUpB3A4V0pv3Y4ypcdrcQb570tmBeBA/ImSUn9N rf3qUNvOzSSSeSPxe+mvQY/GJ5IwASwMlz7yrnFZD9uWbHaXCqzvFv2Be0c4xwIxiSiU GoIghYAYTVsmx3eslHCPZy25vqobNOWTJ7Nu+eJLQXCuTZlJEG0vg5kX6p5bskMFfMa/ hApEBWKdeExJlcMSK+P7FsKpOFd5QubtREVYj6FX6hiIyJLwx15i3glEzI/+sQ2w6yil j0raGKXWjjA0tzcTjmoB116P6sA3r3f0pDalqT5dYk+bq2kZl7D4S0StsJgU/5P5r7cf 8m8w== X-Gm-Message-State: AOAM530adJ7iwV2Of6vQvrrhMMUPI8FFjHG4Dz+yf76C27k5bppXikdv wJoOAW4bUDWXMorhaLXR47NbMgfPeDrb1DDve+j88g== X-Received: by 2002:a67:f244:: with SMTP id y4mr20182870vsm.52.1624900200466; Mon, 28 Jun 2021 10:10:00 -0700 (PDT) MIME-Version: 1.0 References: <20210628144908.881499-1-phind.uet@gmail.com> In-Reply-To: <20210628144908.881499-1-phind.uet@gmail.com> From: Neal Cardwell Date: Mon, 28 Jun 2021 13:09:43 -0400 Message-ID: Subject: Re: [PATCH] tcp: Do not reset the icsk_ca_initialized in tcp_init_transfer. To: Nguyen Dinh Phi Cc: edumazet@google.com, davem@davemloft.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org, kuba@kernel.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, kafai@fb.com, songliubraving@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org, linux-kernel-mentees@lists.linuxfoundation.org, syzbot+f1e24a0594d4e3a895d3@syzkaller.appspotmail.com, Yuchung Cheng , Kevin Yang Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 28, 2021 at 11:39 AM Nguyen Dinh Phi wrote: > > icsk_ca_initialized be always set to zero before we examine it in if > block, this makes the congestion control module's initialization be > called even if the CC module was initialized already. > In case the CC module allocates and setups its dynamically allocated > private data in its init() function, e.g, CDG, the memory leak may occur. > > Reported-by: syzbot+f1e24a0594d4e3a895d3@syzkaller.appspotmail.com > > Signed-off-by: Nguyen Dinh Phi > --- > net/ipv4/tcp_input.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c > index 7d5e59f688de..855ada2be25e 100644 > --- a/net/ipv4/tcp_input.c > +++ b/net/ipv4/tcp_input.c > @@ -5922,7 +5922,6 @@ void tcp_init_transfer(struct sock *sk, int bpf_op, struct sk_buff *skb) > tp->snd_cwnd = tcp_init_cwnd(tp, __sk_dst_get(sk)); > tp->snd_cwnd_stamp = tcp_jiffies32; > > - icsk->icsk_ca_initialized = 0; If this patch removes that line, then AFAICT the patch should also insert a corresponding: icsk->icsk_ca_initialized = 0; in tcp_ca_openreq_child(), so that any non-zero icsk_ca_initialized value in a listener socket (on which setsockopt(TCP_CONGESTION) was called) is not erroneously inherited by a child socket due to the tcp_create_openreq_child() -> inet_csk_clone_lock() -> sock_copy() call chain. Something like: diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index c48d8336f26d..4d6a76dfa1c4 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -446,6 +446,7 @@ void tcp_ca_openreq_child(struct sock *sk, const struct dst_entry *dst) } /* If no valid choice made yet, assign current system default ca. */ + icsk->icsk_ca_initialized = 0; if (!ca_got_dst && (!icsk->icsk_ca_setsockopt || !bpf_try_module_get(icsk->icsk_ca_ops, icsk->icsk_ca_ops->owner))) thanks, neal