Re: [PATCH net-next 1/2] tcp: conditionally call ip_icmp_error() from tcp_v4_err()

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Xing <kerneljasonxing@gmail.com>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S . Miller" <davem@davemloft.net>,
	"Jakub Kicinski" <kuba@kernel.org>,
	"Paolo Abeni" <pabeni@redhat.com>,
	netdev@vger.kernel.org, "Neal Cardwell" <ncardwell@google.com>,
	"Dragos Tatulea" <dtatulea@nvidia.com>,
	eric.dumazet@gmail.com, "Maciej Żenczykowski" <maze@google.com>,
	"Willem de Bruijn" <willemb@google.com>,
	"Shachar Kagan" <skagan@nvidia.com>
Subject: Re: [PATCH net-next 1/2] tcp: conditionally call ip_icmp_error() from tcp_v4_err()
Date: Thu, 18 Apr 2024 11:22:58 +0800	[thread overview]
Message-ID: <CAL+tcoB0SzgtG-3mAYrG6ROGbK2HwqXCTo21-0FxfOzKQc397A@mail.gmail.com> (raw)
In-Reply-To: <20240417165756.2531620-2-edumazet@google.com>

On Thu, Apr 18, 2024 at 12:59 AM Eric Dumazet <edumazet@google.com> wrote:
>
> Blamed commit claimed in its changelog that the new functionality
> was guarded by IP_RECVERR/IPV6_RECVERR :
>
>     Note that applications need to set IP_RECVERR/IPV6_RECVERR option to
>     enable this feature, and that the error message is only queued
>     while in SYN_SNT state.
>
> This was true only for IPv6, because ipv6_icmp_error() has
> the following check:
>
> if (!inet6_test_bit(RECVERR6, sk))
>     return;
>
> Other callers check IP_RECVERR by themselves, it is unclear
> if we could factorize these checks in ip_icmp_error()
>
> For stable backports, I chose to add the missing check in tcp_v4_err()
>
> We think this missing check was the root cause for commit
> 0a8de364ff7a ("tcp: no longer abort SYN_SENT when receiving
> some ICMP") breakage, leading to a revert.
>
> Many thanks to Dragos Tatulea for conducting the investigations.
>
> As Jakub said :
>
>     The suspicion is that SSH sees the ICMP report on the socket error queue
>     and tries to connect() again, but due to the patch the socket isn't
>     disconnected, so it gets EALREADY, and throws its hands up...
>
>     The error bubbles up to Vagrant which also becomes unhappy.
>
>     Can we skip the call to ip_icmp_error() for non-fatal ICMP errors?
>
> Fixes: 45af29ca761c ("tcp: allow traceroute -Mtcp for unpriv users")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Tested-by: Dragos Tatulea <dtatulea@nvidia.com>
> Cc: Dragos Tatulea <dtatulea@nvidia.com>
> Cc: Maciej Żenczykowski <maze@google.com>
> Cc: Willem de Bruijn <willemb@google.com>
> Cc: Neal Cardwell <ncardwell@google.com>
> Cc: Shachar Kagan <skagan@nvidia.com>

Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>

I wonder if we're supposed to move this check into ip_icmp_error()
like ipv6_icmp_error() does, because I notice one caller
rxrpc_encap_err_rcv() without checking RECVERR  bit reuses the ICMP
error logic which is introduced in commit b6c66c4324e7 ("rxrpc: Use
the core ICMP/ICMP6 parsers'')?

Or should it be a follow-up patch (moving it inside of
ip_icmp_error()) to handle the rxrpc case and also prevent future
misuse for other people?

Thanks,
Jason

next prev parent reply	other threads:[~2024-04-18  3:23 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-17 16:57 [PATCH net-next 0/2] tcp: tcp_v4_err() changes Eric Dumazet
2024-04-17 16:57 ` [PATCH net-next 1/2] tcp: conditionally call ip_icmp_error() from tcp_v4_err() Eric Dumazet
2024-04-17 17:08   ` Maciej Żenczykowski
2024-04-18  3:22   ` Jason Xing [this message]
2024-04-18  6:45     ` Eric Dumazet
2024-04-18  6:53       ` Jason Xing
2024-04-18  8:02   ` Paolo Abeni
2024-04-18  8:03     ` Eric Dumazet
2024-04-18  9:26       ` Eric Dumazet
2024-04-18  9:58         ` Paolo Abeni
2024-04-18 10:15           ` Eric Dumazet
2024-04-18 10:22             ` Eric Dumazet
2024-04-18 10:36               ` Eric Dumazet
2024-04-18 17:46             ` David Ahern
2024-04-18 17:47               ` Eric Dumazet
2024-04-18 18:02                 ` David Ahern
2024-04-18 18:09                   ` Eric Dumazet
2024-04-18 18:09                 ` Jakub Kicinski
2024-04-18 18:14                   ` Eric Dumazet
2024-04-18 20:20                   ` David Ahern
2024-04-18 17:56         ` David Ahern
2024-04-17 16:57 ` [PATCH net-next 2/2] tcp: no longer abort SYN_SENT when receiving some ICMP (II) Eric Dumazet
2024-04-18  3:24   ` Jason Xing

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAL+tcoB0SzgtG-3mAYrG6ROGbK2HwqXCTo21-0FxfOzKQc397A@mail.gmail.com \
    --to=kerneljasonxing@gmail.com \
    --cc=davem@davemloft.net \
    --cc=dtatulea@nvidia.com \
    --cc=edumazet@google.com \
    --cc=eric.dumazet@gmail.com \
    --cc=kuba@kernel.org \
    --cc=maze@google.com \
    --cc=ncardwell@google.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=skagan@nvidia.com \
    --cc=willemb@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.