WSL2-Linux-Kernel/net/ipv4
Eric Dumazet 0a375c8224 tcp: tcp_rtx_synack() can be called from process context
Laurent reported the enclosed report [1]

This bug triggers with following coditions:

0) Kernel built with CONFIG_DEBUG_PREEMPT=y

1) A new passive FastOpen TCP socket is created.
   This FO socket waits for an ACK coming from client to be a complete
   ESTABLISHED one.
2) A socket operation on this socket goes through lock_sock()
   release_sock() dance.
3) While the socket is owned by the user in step 2),
   a retransmit of the SYN is received and stored in socket backlog.
4) At release_sock() time, the socket backlog is processed while
   in process context.
5) A SYNACK packet is cooked in response of the SYN retransmit.
6) -> tcp_rtx_synack() is called in process context.

Before blamed commit, tcp_rtx_synack() was always called from BH handler,
from a timer handler.

Fix this by using TCP_INC_STATS() & NET_INC_STATS()
which do not assume caller is in non preemptible context.

[1]
BUG: using __this_cpu_add() in preemptible [00000000] code: epollpep/2180
caller is tcp_rtx_synack.part.0+0x36/0xc0
CPU: 10 PID: 2180 Comm: epollpep Tainted: G           OE     5.16.0-0.bpo.4-amd64 #1  Debian 5.16.12-1~bpo11+1
Hardware name: Supermicro SYS-5039MC-H8TRF/X11SCD-F, BIOS 1.7 11/23/2021
Call Trace:
 <TASK>
 dump_stack_lvl+0x48/0x5e
 check_preemption_disabled+0xde/0xe0
 tcp_rtx_synack.part.0+0x36/0xc0
 tcp_rtx_synack+0x8d/0xa0
 ? kmem_cache_alloc+0x2e0/0x3e0
 ? apparmor_file_alloc_security+0x3b/0x1f0
 inet_rtx_syn_ack+0x16/0x30
 tcp_check_req+0x367/0x610
 tcp_rcv_state_process+0x91/0xf60
 ? get_nohz_timer_target+0x18/0x1a0
 ? lock_timer_base+0x61/0x80
 ? preempt_count_add+0x68/0xa0
 tcp_v4_do_rcv+0xbd/0x270
 __release_sock+0x6d/0xb0
 release_sock+0x2b/0x90
 sock_setsockopt+0x138/0x1140
 ? __sys_getsockname+0x7e/0xc0
 ? aa_sk_perm+0x3e/0x1a0
 __sys_setsockopt+0x198/0x1e0
 __x64_sys_setsockopt+0x21/0x30
 do_syscall_64+0x38/0xc0
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Fixes: 168a8f5805 ("tcp: TCP Fast Open Server - main code path")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Laurent Fasnacht <laurent.fasnacht@proton.ch>
Acked-by: Neal Cardwell <ncardwell@google.com>
Link: https://lore.kernel.org/r/20220530213713.601888-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-05-31 21:40:10 -07:00
..
bpfilter
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next 2022-05-16 10:10:37 +01:00
Kconfig
Makefile
af_inet.c ipv4: Avoid using RTO_ONLINK with ip_route_connect(). 2022-04-22 13:06:03 +01:00
ah4.c
arp.c arp: fix unused variable warnning when CONFIG_PROC_FS=n 2022-04-25 11:50:18 +01:00
bpf_tcp_ca.c
cipso_ipv4.c
datagram.c ipv4: Avoid using RTO_ONLINK with ip_route_connect(). 2022-04-22 13:06:03 +01:00
devinet.c Networking changes for 5.19. 2022-05-25 12:22:58 -07:00
esp4.c xfrm: free not used XFRM_ESP_NO_TRAILER flag 2022-05-06 08:24:20 +02:00
esp4_offload.c
fib_frontend.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
fib_lookup.h
fib_notifier.c
fib_rules.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
fib_semantics.c
fib_trie.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
fou.c
gre_demux.c
gre_offload.c
icmp.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
igmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-05 13:03:18 -07:00
inet_connection_sock.c net: Add a second bind table hashed by port and address 2022-05-20 18:16:24 -07:00
inet_diag.c net: inet: Retire port only listening_hash 2022-05-12 16:52:18 -07:00
inet_fragment.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
inet_hashtables.c net: Add a second bind table hashed by port and address 2022-05-20 18:16:24 -07:00
inet_timewait_sock.c Revert "tcp/dccp: get rid of inet_twsk_purge()" 2022-05-13 12:24:12 +01:00
inetpeer.c
ip_forward.c
ip_fragment.c
ip_gre.c ip_gre: Make GRE and GRETAP devices always NETIF_F_LLTX 2022-05-02 10:30:33 +02:00
ip_input.c
ip_options.c
ip_output.c
ip_sockglue.c
ip_tunnel.c
ip_tunnel_core.c
ip_vti.c
ipcomp.c
ipconfig.c
ipip.c
ipmr.c ipv4: remove unnecessary type castings 2022-04-30 15:12:58 +01:00
ipmr_base.c
metrics.c
netfilter.c netfilter: Use l3mdev flow key when re-routing mangled packets 2022-05-16 13:03:29 +02:00
netlink.c
nexthop.c
ping.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-12 16:15:30 -07:00
proc.c
protocol.c
raw.c net: SO_RCVMARK socket option for SO_MARK with recvmsg() 2022-04-28 13:08:15 -07:00
raw_diag.c
route.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-05-19 11:23:59 -07:00
syncookies.c tcp: make sure treq->af_specific is initialized 2022-04-25 12:10:11 +01:00
sysctl_net_ipv4.c net: sysctl: introduce sysctl SYSCTL_THREE 2022-05-03 10:15:06 +02:00
tcp.c net: Add a second bind table hashed by port and address 2022-05-20 18:16:24 -07:00
tcp_bbr.c net: allow gso_max_size to exceed 65536 2022-05-16 10:18:55 +01:00
tcp_bic.c
tcp_bpf.c
tcp_cdg.c
tcp_cong.c
tcp_cubic.c tcp_cubic: make hystart_ack_delay() aware of BIG TCP 2022-05-16 10:18:56 +01:00
tcp_dctcp.c
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd 2022-05-28 12:42:08 +01:00
tcp_ipv4.c net: ipv4: Avoid bounds check warning 2022-05-30 21:21:12 -07:00
tcp_lp.c
tcp_metrics.c
tcp_minisocks.c tcp: md5: incorrect tcp_header_len for incoming connections 2022-04-22 15:05:59 -07:00
tcp_nv.c
tcp_offload.c
tcp_output.c tcp: tcp_rtx_synack() can be called from process context 2022-05-31 21:40:10 -07:00
tcp_rate.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-04-28 13:02:01 -07:00
tcp_recovery.c tcp: use tcp_skb_sent_after() instead in RACK 2022-04-30 13:56:46 +01:00
tcp_scalable.c
tcp_timer.c
tcp_ulp.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c
udp.c inet: rename INET_MATCH() 2022-05-16 10:31:06 +01:00
udp_bpf.c
udp_diag.c
udp_impl.h
udp_offload.c
udp_tunnel_core.c
udp_tunnel_nic.c
udp_tunnel_stub.c
udplite.c
xfrm4_input.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c