Received: by 2002:a05:6358:111d:b0:dc:6189:e246 with SMTP id f29csp1943384rwi; Thu, 3 Nov 2022 10:45:25 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5BWTr9mI2OQScpyXs5INDhk3ll1BfEZp6ixbj8bNCWr5QhHJJmz5aH87Y9KTJJwfvt9vn7 X-Received: by 2002:a05:6a00:140d:b0:528:5a5a:d846 with SMTP id l13-20020a056a00140d00b005285a5ad846mr32090974pfu.9.1667497524851; Thu, 03 Nov 2022 10:45:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667497524; cv=none; d=google.com; s=arc-20160816; b=WjdBqbmuATj8nK3GS4LUE9NsrKqR6I6PjAz/TRDQbHad6yeyf2qcLMv419bmqS4YzY oJRIXj21oCxqxF+1b0oXCzRGv3VXpyTWTrK0zLWUIrDp5ISR2OXx4Tal4ZwuCR/9DkEB YJ63JgpjMsAYgkxjIg74bCGSfNsVKqwoNUQwaRxJoCC27iRXr7Il1uQqonAj9OW4mfl9 anFf2JB8V7BpiiVpzDQjVlbs1BhhcvlWj3WfnYJmA/FYyhCb9i5jfZYEm8Yo43F8rHJS a/PIYEMoPUwxfOuhY1e/7gVe7FkmdVVLIavIe9dHOZIc4WVdT/l1o400N3wY75325k20 p/SA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=NZv2dY0yFJqMLdVk2KmNZo3zHTpFU9k8HiT7lLkRxNw=; b=HxV7GNW0mSTPwySIR07Z0IWVuPBV8ItY3+5Hw47JuL3fWCGLmQTAUjFHMVnEebsSId lzdEqCeY0T1KrQ6PkmCOK0TLRZ6cT/za4YOI+XgIOBsgYpkbtLPYxQYEdITKYKuElpNH FfRi0Q2F0DiO6eLQfrUm1IJAfkyJH2qSX8IXi2oOIFEfBtJ4mO4dA/l4bC9eUHdkzhZv 55czMlrAW4AzY3j22f7bsA/eSR3QotXqd0dG/a0WYxlphruO7LMnP6U8M8OslW7kyb/Z +1I9XYDZ9zEwCr2eWkDVcImzmpU5CF19+8c0xM23TK7YBGNfdWs6S1zPeO/H6fNet1Go kudQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EHzFTNrm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 10-20020a630f4a000000b0046ebaf1821bsi1717840pgp.113.2022.11.03.10.45.11; Thu, 03 Nov 2022 10:45:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EHzFTNrm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231313AbiKCRFd (ORCPT + 97 others); Thu, 3 Nov 2022 13:05:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230408AbiKCRFL (ORCPT ); Thu, 3 Nov 2022 13:05:11 -0400 Received: from mail-yb1-xb29.google.com (mail-yb1-xb29.google.com [IPv6:2607:f8b0:4864:20::b29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 554D31AF2A for ; Thu, 3 Nov 2022 10:04:31 -0700 (PDT) Received: by mail-yb1-xb29.google.com with SMTP id 129so2948726ybb.12 for ; Thu, 03 Nov 2022 10:04:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=NZv2dY0yFJqMLdVk2KmNZo3zHTpFU9k8HiT7lLkRxNw=; b=EHzFTNrmtlwDQ8zm75RvzwKMMrfRIx1GTZbsMP2AfoYM6+q1PViM+DzZCyYY7XF/Eq bQydB+nvfdgrA1ZI9AjnMHmpQ5F55HFUO6s3HZ3UBZJe5aHIK7NJG1T9XhEr3GJCDVNt AoNCDYew3A7FbcqMTIFeJrkTjpfidEUTn3r36ufp5o0VPoWwpxvke4wVIlRkdIP2yQDZ aSWubCjXkidUZ+N3Tf534tVusucLWZZZNbwxoXqHA6MQVlRVmGaRULB/c2TWkFx24XMk YXlVIfxQtvZaaw403A0YCMtGbXAoJeGGUlbfFVrYTbA3yfxQcTbwhNJXzV1kBG8mFLLt vafw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=NZv2dY0yFJqMLdVk2KmNZo3zHTpFU9k8HiT7lLkRxNw=; b=8QnPsASqSLdAx7RlCZRiLkHm7T4KT8wBmExbo2/QkqTfk6XlPRRDLEteNuA49uPlIt 3k5bqpJzzusKzsIwh+gl8jKbK99RBwSTQBciwvtj5XIZ2pqAMA0feS9G0OF4QKmsbznB glOjJdxqD9Fp9agutmgkcFnJIOzNeHdAf8qE92eFie76OQZkQHvimbvSlZmCBqj3WJN2 5V0MSdnapnWnOzsdjZaVAYeNlNt3n/vXbN6xhilY1svurtpOqGWwMO6m4LxTEmlhv0GG TdR21HtRdT9KoSDNU3WuVmy/vhcwq3PhZj3Uwcrh+23TqVn0nV6RitfWWy6+RAvaLQ99 m7lQ== X-Gm-Message-State: ACrzQf39GV9+Lak8JJM+26vK1bais5EItfmSQpCpITI7jCqvvWLrksYy f3lp6+HEGFEZEerl4rdguYWcd5GaXHnpit/C9cE/Dg== X-Received: by 2002:a25:7a01:0:b0:6b0:820:dd44 with SMTP id v1-20020a257a01000000b006b00820dd44mr28183106ybc.387.1667495070348; Thu, 03 Nov 2022 10:04:30 -0700 (PDT) MIME-Version: 1.0 References: <20221102211350.625011-1-dima@arista.com> <20221102211350.625011-3-dima@arista.com> In-Reply-To: From: Eric Dumazet Date: Thu, 3 Nov 2022 10:04:19 -0700 Message-ID: Subject: Re: [PATCH 2/2] net/tcp: Disable TCP-MD5 static key on tcp_md5sig_info destruction To: Dmitry Safonov Cc: linux-kernel@vger.kernel.org, David Ahern , Bob Gilligan , "David S. Miller" , Dmitry Safonov <0x7f454c46@gmail.com>, Francesco Ruggeri , Hideaki YOSHIFUJI , Jakub Kicinski , Paolo Abeni , Salam Noureddine , netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 3, 2022 at 9:53 AM Dmitry Safonov wrote: > > On 11/2/22 21:25, Eric Dumazet wrote: > > On Wed, Nov 2, 2022 at 2:14 PM Dmitry Safonov wrote: > [..] > >> @@ -337,11 +338,13 @@ EXPORT_SYMBOL(tcp_time_wait); > >> void tcp_twsk_destructor(struct sock *sk) > >> { > >> #ifdef CONFIG_TCP_MD5SIG > >> - if (static_branch_unlikely(&tcp_md5_needed)) { > >> + if (static_branch_unlikely(&tcp_md5_needed.key)) { > >> struct tcp_timewait_sock *twsk = tcp_twsk(sk); > >> > >> - if (twsk->tw_md5_key) > >> + if (twsk->tw_md5_key) { > > > > Orthogonal to this patch, but I wonder why we do not clear > > twsk->tw_md5_key before kfree_rcu() > > > > It seems a lookup could catch the invalid pointer. > > > >> kfree_rcu(twsk->tw_md5_key, rcu); > >> + static_branch_slow_dec_deferred(&tcp_md5_needed); > >> + } > >> } > > I looked into that, it seems tcp_twsk_destructor() is called from > inet_twsk_free(), which is either called from: > 1. inet_twsk_put(), protected by tw->tw_refcnt > 2. sock_gen_put(), protected by the same sk->sk_refcnt > > So, in result, if I understand correctly, lookups should fail on ref > counter check. Maybe I'm missing something, but clearing here seems not > necessary? > > I can add rcu_assign_pointer() just in case the destruction path changes > in v2 if you think it's worth it :-) Agree, this seems fine.