2025-02-27, 02:21:37 +0100, Antonio Quartulli wrote:
@@ -94,11 +96,23 @@ void ovpn_socket_release(struct ovpn_peer *peer) * detached before it can be picked by a concurrent reader. */ lock_sock(sock->sock->sk);
- ovpn_socket_put(peer, sock);
- released = ovpn_socket_put(peer, sock); release_sock(sock->sock->sk);
/* align all readers with sk_user_data being NULL */ synchronize_rcu();
- /* following cleanup should happen with lock released */
- if (released) {
if (sock->sock->sk->sk_protocol == IPPROTO_UDP) {netdev_put(sock->ovpn->dev, &sock->dev_tracker);} else if (sock->sock->sk->sk_protocol == IPPROTO_TCP) {/* wait for TCP jobs to terminate */ovpn_tcp_socket_wait_finish(sock);ovpn_peer_put(sock->peer);}kfree_rcu(sock, rcu);
kfree_rcu after synchronize_rcu is a bit unexpected. Do we still need to wait before we free sock, now that we have synchronize_rcu before?
- }
}
+static int ovpn_tcp_parse(struct strparser *strp, struct sk_buff *skb) +{
- struct strp_msg *rxm = strp_msg(skb);
- __be16 blen;
- u16 len;
- int err;
- /* when packets are written to the TCP stream, they are prepended with
* two bytes indicating the actual packet size.* Here we read those two bytes and move the skb data pointer to the* beginning of the packet
There's no update to skb->data being done in ovpn_tcp_parse AFAICT.
[...]
+static void ovpn_tcp_rcv(struct strparser *strp, struct sk_buff *skb) +{
- struct ovpn_peer *peer = container_of(strp, struct ovpn_peer, tcp.strp);
- struct strp_msg *msg = strp_msg(skb);
- size_t pkt_len = msg->full_len - 2;
- size_t off = msg->offset + 2;
- u8 opcode;
- /* ensure skb->data points to the beginning of the openvpn packet */
- if (!pskb_pull(skb, off)) {
Is that the one you mean in the previous comment?
net_warn_ratelimited("%s: packet too small for peer %u\n",netdev_name(peer->ovpn->dev), peer->id);goto err;- }
[some checks]
- /* DATA_V2 packets are handled in kernel, the rest goes to user space */
- opcode = ovpn_opcode_from_skb(skb, 0);
- if (unlikely(opcode != OVPN_DATA_V2)) {
if (opcode == OVPN_DATA_V1) {net_warn_ratelimited("%s: DATA_V1 detected on the TCP stream\n",netdev_name(peer->ovpn->dev));goto err;
In TCP encap, receiving OVPN_DATA_V1 packets is going to kill the peer:
+err:
- dev_core_stats_rx_dropped_inc(peer->ovpn->dev);
- kfree_skb(skb);
- ovpn_peer_del(peer, OVPN_DEL_PEER_REASON_TRANSPORT_ERROR);
+}
but that's not the case with the UDP encap (ovpn_udp_encap_recv simply drops those packets). Should the TCP/UDP behavior be consistent?
+void ovpn_tcp_send_skb(struct ovpn_peer *peer, struct socket *sock,
struct sk_buff *skb)+{
- u16 len = skb->len;
- *(__be16 *)__skb_push(skb, sizeof(u16)) = htons(len);
- spin_lock_nested(&sock->sk->sk_lock.slock, OVPN_TCP_DEPTH_NESTING);
With this, lockdep is still going to complain in the unlikely case that ovpn-TCP traffic is carried over another ovpn-TCP socket, right? (probably fine to leave it like that)
[...]
+static int ovpn_tcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) +{
- struct ovpn_socket *sock;
- int ret, linear = PAGE_SIZE;
- struct ovpn_peer *peer;
- struct sk_buff *skb;
- lock_sock(sk);
- rcu_read_lock();
- sock = rcu_dereference_sk_user_data(sk);
- if (unlikely(!sock || !sock->peer || !ovpn_peer_hold(sock->peer))) {
rcu_read_unlock();release_sock(sk);return -EIO;- }
- rcu_read_unlock();
- peer = sock->peer;
This used to be done under RCU in previous versions of the series. Why is it after rcu_read_unlock now? (likely safe since we're under lock_sock so detach can't happen)
- if (msg->msg_flags & ~MSG_DONTWAIT) {
ret = -EOPNOTSUPP;goto peer_free;- }