inet_diag: fix access to tcp cc information
Two different problems are fixed here : 1) inet_sk_diag_fill() might be called without socket lock held. icsk->icsk_ca_ops can change under us and module be unloaded. -> Access to freed memory. Fix this using rcu_read_lock() to prevent module unload. 2) Some TCP Congestion Control modules provide information but again this is not safe against icsk->icsk_ca_ops change and nla_put() errors were ignored. Some sockets could not get the additional info if skb was almost full. Fix this by returning a status from get_info() handlers and using rcu protection as well. Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
fad9dfefea
commit
521f1cf1db
|
@ -829,7 +829,7 @@ struct tcp_congestion_ops {
|
||||||
/* hook for packet ack accounting (optional) */
|
/* hook for packet ack accounting (optional) */
|
||||||
void (*pkts_acked)(struct sock *sk, u32 num_acked, s32 rtt_us);
|
void (*pkts_acked)(struct sock *sk, u32 num_acked, s32 rtt_us);
|
||||||
/* get info for inet_diag (optional) */
|
/* get info for inet_diag (optional) */
|
||||||
void (*get_info)(struct sock *sk, u32 ext, struct sk_buff *skb);
|
int (*get_info)(struct sock *sk, u32 ext, struct sk_buff *skb);
|
||||||
|
|
||||||
char name[TCP_CA_NAME_MAX];
|
char name[TCP_CA_NAME_MAX];
|
||||||
struct module *owner;
|
struct module *owner;
|
||||||
|
|
|
@ -111,6 +111,7 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
|
||||||
const struct nlmsghdr *unlh)
|
const struct nlmsghdr *unlh)
|
||||||
{
|
{
|
||||||
const struct inet_sock *inet = inet_sk(sk);
|
const struct inet_sock *inet = inet_sk(sk);
|
||||||
|
const struct tcp_congestion_ops *ca_ops;
|
||||||
const struct inet_diag_handler *handler;
|
const struct inet_diag_handler *handler;
|
||||||
int ext = req->idiag_ext;
|
int ext = req->idiag_ext;
|
||||||
struct inet_diag_msg *r;
|
struct inet_diag_msg *r;
|
||||||
|
@ -208,16 +209,31 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
|
||||||
info = nla_data(attr);
|
info = nla_data(attr);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ext & (1 << (INET_DIAG_CONG - 1))) && icsk->icsk_ca_ops)
|
if (ext & (1 << (INET_DIAG_CONG - 1))) {
|
||||||
if (nla_put_string(skb, INET_DIAG_CONG,
|
int err = 0;
|
||||||
icsk->icsk_ca_ops->name) < 0)
|
|
||||||
|
rcu_read_lock();
|
||||||
|
ca_ops = READ_ONCE(icsk->icsk_ca_ops);
|
||||||
|
if (ca_ops)
|
||||||
|
err = nla_put_string(skb, INET_DIAG_CONG, ca_ops->name);
|
||||||
|
rcu_read_unlock();
|
||||||
|
if (err < 0)
|
||||||
goto errout;
|
goto errout;
|
||||||
|
}
|
||||||
|
|
||||||
handler->idiag_get_info(sk, r, info);
|
handler->idiag_get_info(sk, r, info);
|
||||||
|
|
||||||
if (sk->sk_state < TCP_TIME_WAIT &&
|
if (sk->sk_state < TCP_TIME_WAIT) {
|
||||||
icsk->icsk_ca_ops && icsk->icsk_ca_ops->get_info)
|
int err = 0;
|
||||||
icsk->icsk_ca_ops->get_info(sk, ext, skb);
|
|
||||||
|
rcu_read_lock();
|
||||||
|
ca_ops = READ_ONCE(icsk->icsk_ca_ops);
|
||||||
|
if (ca_ops && ca_ops->get_info)
|
||||||
|
err = ca_ops->get_info(sk, ext, skb);
|
||||||
|
rcu_read_unlock();
|
||||||
|
if (err < 0)
|
||||||
|
goto errout;
|
||||||
|
}
|
||||||
|
|
||||||
out:
|
out:
|
||||||
nlmsg_end(skb, nlh);
|
nlmsg_end(skb, nlh);
|
||||||
|
|
|
@ -277,7 +277,7 @@ static void dctcp_cwnd_event(struct sock *sk, enum tcp_ca_event ev)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void dctcp_get_info(struct sock *sk, u32 ext, struct sk_buff *skb)
|
static int dctcp_get_info(struct sock *sk, u32 ext, struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
const struct dctcp *ca = inet_csk_ca(sk);
|
const struct dctcp *ca = inet_csk_ca(sk);
|
||||||
|
|
||||||
|
@ -297,8 +297,9 @@ static void dctcp_get_info(struct sock *sk, u32 ext, struct sk_buff *skb)
|
||||||
info.dctcp_ab_tot = ca->acked_bytes_total;
|
info.dctcp_ab_tot = ca->acked_bytes_total;
|
||||||
}
|
}
|
||||||
|
|
||||||
nla_put(skb, INET_DIAG_DCTCPINFO, sizeof(info), &info);
|
return nla_put(skb, INET_DIAG_DCTCPINFO, sizeof(info), &info);
|
||||||
}
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct tcp_congestion_ops dctcp __read_mostly = {
|
static struct tcp_congestion_ops dctcp __read_mostly = {
|
||||||
|
|
|
@ -300,8 +300,7 @@ static u32 tcp_illinois_ssthresh(struct sock *sk)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Extract info for Tcp socket info provided via netlink. */
|
/* Extract info for Tcp socket info provided via netlink. */
|
||||||
static void tcp_illinois_info(struct sock *sk, u32 ext,
|
static int tcp_illinois_info(struct sock *sk, u32 ext, struct sk_buff *skb)
|
||||||
struct sk_buff *skb)
|
|
||||||
{
|
{
|
||||||
const struct illinois *ca = inet_csk_ca(sk);
|
const struct illinois *ca = inet_csk_ca(sk);
|
||||||
|
|
||||||
|
@ -318,8 +317,9 @@ static void tcp_illinois_info(struct sock *sk, u32 ext,
|
||||||
do_div(t, info.tcpv_rttcnt);
|
do_div(t, info.tcpv_rttcnt);
|
||||||
info.tcpv_rtt = t;
|
info.tcpv_rtt = t;
|
||||||
}
|
}
|
||||||
nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info);
|
return nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info);
|
||||||
}
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct tcp_congestion_ops tcp_illinois __read_mostly = {
|
static struct tcp_congestion_ops tcp_illinois __read_mostly = {
|
||||||
|
|
|
@ -286,7 +286,7 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 acked)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Extract info for Tcp socket info provided via netlink. */
|
/* Extract info for Tcp socket info provided via netlink. */
|
||||||
void tcp_vegas_get_info(struct sock *sk, u32 ext, struct sk_buff *skb)
|
int tcp_vegas_get_info(struct sock *sk, u32 ext, struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
const struct vegas *ca = inet_csk_ca(sk);
|
const struct vegas *ca = inet_csk_ca(sk);
|
||||||
if (ext & (1 << (INET_DIAG_VEGASINFO - 1))) {
|
if (ext & (1 << (INET_DIAG_VEGASINFO - 1))) {
|
||||||
|
@ -297,8 +297,9 @@ void tcp_vegas_get_info(struct sock *sk, u32 ext, struct sk_buff *skb)
|
||||||
.tcpv_minrtt = ca->minRTT,
|
.tcpv_minrtt = ca->minRTT,
|
||||||
};
|
};
|
||||||
|
|
||||||
nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info);
|
return nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info);
|
||||||
}
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(tcp_vegas_get_info);
|
EXPORT_SYMBOL_GPL(tcp_vegas_get_info);
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,6 @@ void tcp_vegas_init(struct sock *sk);
|
||||||
void tcp_vegas_state(struct sock *sk, u8 ca_state);
|
void tcp_vegas_state(struct sock *sk, u8 ca_state);
|
||||||
void tcp_vegas_pkts_acked(struct sock *sk, u32 cnt, s32 rtt_us);
|
void tcp_vegas_pkts_acked(struct sock *sk, u32 cnt, s32 rtt_us);
|
||||||
void tcp_vegas_cwnd_event(struct sock *sk, enum tcp_ca_event event);
|
void tcp_vegas_cwnd_event(struct sock *sk, enum tcp_ca_event event);
|
||||||
void tcp_vegas_get_info(struct sock *sk, u32 ext, struct sk_buff *skb);
|
int tcp_vegas_get_info(struct sock *sk, u32 ext, struct sk_buff *skb);
|
||||||
|
|
||||||
#endif /* __TCP_VEGAS_H */
|
#endif /* __TCP_VEGAS_H */
|
||||||
|
|
|
@ -256,8 +256,7 @@ static void tcp_westwood_event(struct sock *sk, enum tcp_ca_event event)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Extract info for Tcp socket info provided via netlink. */
|
/* Extract info for Tcp socket info provided via netlink. */
|
||||||
static void tcp_westwood_info(struct sock *sk, u32 ext,
|
static int tcp_westwood_info(struct sock *sk, u32 ext, struct sk_buff *skb)
|
||||||
struct sk_buff *skb)
|
|
||||||
{
|
{
|
||||||
const struct westwood *ca = inet_csk_ca(sk);
|
const struct westwood *ca = inet_csk_ca(sk);
|
||||||
|
|
||||||
|
@ -268,8 +267,9 @@ static void tcp_westwood_info(struct sock *sk, u32 ext,
|
||||||
.tcpv_minrtt = jiffies_to_usecs(ca->rtt_min),
|
.tcpv_minrtt = jiffies_to_usecs(ca->rtt_min),
|
||||||
};
|
};
|
||||||
|
|
||||||
nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info);
|
return nla_put(skb, INET_DIAG_VEGASINFO, sizeof(info), &info);
|
||||||
}
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct tcp_congestion_ops tcp_westwood __read_mostly = {
|
static struct tcp_congestion_ops tcp_westwood __read_mostly = {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user