Re: general protection fault in sctp_ulpevent_notify_peer_addr_change
On Mon, Aug 10, 2020 at 8:31 PM Marcelo Ricardo Leitner
wrote:
>
> On Mon, Aug 10, 2020 at 08:37:18AM -0700, syzbot wrote:
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit:fffe3ae0 Merge tag 'for-linus-hmm' of git://git.kernel.org..
> > git tree: upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=12f34d3a90
> > kernel config: https://syzkaller.appspot.com/x/.config?x=50463ec6729f9706
> > dashboard link: https://syzkaller.appspot.com/bug?extid=8f2165a7b1f2820feffc
> > compiler: gcc (GCC) 10.1.0-syz 20200507
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1517701c90
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11b7e0e290
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+8f2165a7b1f2820fe...@syzkaller.appspotmail.com
> >
> > general protection fault, probably for non-canonical address
> > 0xdc4c: [#1] PREEMPT SMP KASAN
> > KASAN: null-ptr-deref in range [0x0260-0x0267]
> > CPU: 0 PID: 12765 Comm: syz-executor391 Not tainted 5.8.0-syzkaller #0
> > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
> > rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
> > RIP: 0010:sctp_ulpevent_notify_peer_addr_change+0xa9/0xad0
> > net/sctp/ulpevent.c:346
>
> Crashed in code added by 45ebf73ebcec ("sctp: check assoc before
> SCTP_ADDR_{MADE_PRIM, ADDED} event"), but it would have crashed a
> couple of instructions later on already anyway.
>
> I can't reproduce this crash, with the same commit and kernel config.
> I'm not seeing how transport->asoc can be null at there.
>
I haven't been able to reproduce this yet either.
Doesn't this report have similarities with "general protection fault
in sctp_ulpevent_nofity_peer_addr_change" from 19 March 2020?
https://syzkaller.appspot.com/bug?extid=3950016bd95c2ca0377b
[PATCH v2] sctp: check assoc before SCTP_ADDR_{MADE_PRIM,ADDED} event
Make sure SCTP_ADDR_{MADE_PRIM,ADDED} are sent only for associations
that have been established.
These events are described in rfc6458#section-6.1
SCTP_PEER_ADDR_CHANGE:
This tag indicates that an address that is
part of an existing association has experienced a change of
state (e.g., a failure or return to service of the reachability
of an endpoint via a specific transport address).
Signed-off-by: Jonas Falkevik
---
Changes in v2:
- Check asoc state to be at least established.
Instead of associd being SCTP_FUTURE_ASSOC.
- Common check for all peer addr change event
net/sctp/ulpevent.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index c82dbdcf13f2..77d5c36a8991 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -343,6 +343,9 @@ void sctp_ulpevent_nofity_peer_addr_change(struct
sctp_transport *transport,
struct sockaddr_storage addr;
struct sctp_ulpevent *event;
+ if (asoc->state < SCTP_STATE_ESTABLISHED)
+ return;
+
memset(&addr, 0, sizeof(struct sockaddr_storage));
memcpy(&addr, &transport->ipaddr, transport->af_specific->sockaddr_len);
--
2.25.4
[PATCH] sctp: fix typo sctp_ulpevent_nofity_peer_addr_change
change typo in function name "nofity" to "notify"
sctp_ulpevent_nofity_peer_addr_change ->
sctp_ulpevent_notify_peer_addr_change
Signed-off-by: Jonas Falkevik
---
include/net/sctp/ulpevent.h | 2 +-
net/sctp/associola.c| 8
net/sctp/ulpevent.c | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/net/sctp/ulpevent.h b/include/net/sctp/ulpevent.h
index 0b032b92da0b..994e984eef32 100644
--- a/include/net/sctp/ulpevent.h
+++ b/include/net/sctp/ulpevent.h
@@ -80,7 +80,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_assoc_change(
struct sctp_chunk *chunk,
gfp_t gfp);
-void sctp_ulpevent_nofity_peer_addr_change(struct sctp_transport *transport,
+void sctp_ulpevent_notify_peer_addr_change(struct sctp_transport *transport,
int state, int error);
struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 437079a4883d..72315137d7e7 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -432,7 +432,7 @@ void sctp_assoc_set_primary(struct sctp_association *asoc,
changeover = 1 ;
asoc->peer.primary_path = transport;
- sctp_ulpevent_nofity_peer_addr_change(transport,
+ sctp_ulpevent_notify_peer_addr_change(transport,
SCTP_ADDR_MADE_PRIM, 0);
/* Set a default msg_name for events. */
@@ -574,7 +574,7 @@ void sctp_assoc_rm_peer(struct sctp_association *asoc,
asoc->peer.transport_count--;
- sctp_ulpevent_nofity_peer_addr_change(peer, SCTP_ADDR_REMOVED, 0);
+ sctp_ulpevent_notify_peer_addr_change(peer, SCTP_ADDR_REMOVED, 0);
sctp_transport_free(peer);
}
@@ -714,7 +714,7 @@ struct sctp_transport *sctp_assoc_add_peer(struct
sctp_association *asoc,
list_add_tail_rcu(&peer->transports, &asoc->peer.transport_addr_list);
asoc->peer.transport_count++;
- sctp_ulpevent_nofity_peer_addr_change(peer, SCTP_ADDR_ADDED, 0);
+ sctp_ulpevent_notify_peer_addr_change(peer, SCTP_ADDR_ADDED, 0);
/* If we do not yet have a primary path, set one. */
if (!asoc->peer.primary_path) {
@@ -840,7 +840,7 @@ void sctp_assoc_control_transport(struct sctp_association
*asoc,
* to the user.
*/
if (ulp_notify)
- sctp_ulpevent_nofity_peer_addr_change(transport,
+ sctp_ulpevent_notify_peer_addr_change(transport,
spc_state, error);
/* Select new active and retran paths. */
diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
index 77d5c36a8991..0c3d2b4d7321 100644
--- a/net/sctp/ulpevent.c
+++ b/net/sctp/ulpevent.c
@@ -336,7 +336,7 @@ static struct sctp_ulpevent
*sctp_ulpevent_make_peer_addr_change(
return NULL;
}
-void sctp_ulpevent_nofity_peer_addr_change(struct sctp_transport *transport,
+void sctp_ulpevent_notify_peer_addr_change(struct sctp_transport *transport,
int state, int error)
{
struct sctp_association *asoc = transport->asoc;
--
2.25.4
Re: [PATCH] sctp: check assoc before SCTP_ADDR_{MADE_PRIM,ADDED} event
On Mon, May 25, 2020 at 6:10 PM Xin Long wrote:
>
> On Mon, May 25, 2020 at 9:10 PM Marcelo Ricardo Leitner
> wrote:
> >
> > On Mon, May 25, 2020 at 04:42:16PM +0800, Xin Long wrote:
> > > On Sat, May 23, 2020 at 8:04 PM Jonas Falkevik
> > > wrote:
> > > >
> > > > On Tue, May 19, 2020 at 10:42 PM Marcelo Ricardo Leitner
> > > > wrote:
> > > > >
> > > > > On Fri, May 15, 2020 at 10:30:29AM +0200, Jonas Falkevik wrote:
> > > > > > On Wed, May 13, 2020 at 11:32 PM Marcelo Ricardo Leitner
> > > > > > wrote:
> > > > > > >
> > > > > > > On Wed, May 13, 2020 at 10:11:05PM +0200, Jonas Falkevik wrote:
> > > > > > > > On Wed, May 13, 2020 at 6:01 PM Marcelo Ricardo Leitner
> > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > On Wed, May 13, 2020 at 04:52:16PM +0200, Jonas Falkevik
> > > > > > > > > wrote:
> > > > > > > > > > Do not generate SCTP_ADDR_{MADE_PRIM,ADDED} events for
> > > > > > > > > > SCTP_FUTURE_ASSOC assocs.
> > > > > > > > >
> > > > > > > > > How did you get them?
> > > > > > > > >
> > > > > > > >
> > > > > > > > I think one case is when receiving INIT chunk in
> > > > > > > > sctp_sf_do_5_1B_init().
> > > > > > > > Here a closed association is created, sctp_make_temp_assoc().
> > > > > > > > Which is later used when calling sctp_process_init().
> > > > > > > > In sctp_process_init() one of the first things are to call
> > > > > > > > sctp_assoc_add_peer()
> > > > > > > > on the closed / temp assoc.
> > > > > > > >
> > > > > > > > sctp_assoc_add_peer() are generating the SCTP_ADDR_ADDED event
> > > > > > > > on the socket
> > > > > > > > for the potentially new association.
> > > > > > >
> > > > > > > I see, thanks. The SCTP_FUTURE_ASSOC means something different.
> > > > > > > It is
> > > > > > > for setting/getting socket options that will be used for new
> > > > > > > asocs. In
> > > > > > > this case, it is just a coincidence that asoc_id is not set (but
> > > > > > > initialized to 0) and SCTP_FUTURE_ASSOC is also 0.
> > > > > >
> > > > > > yes, you are right, I overlooked that.
> > > > > >
> > > > > > > Moreso, if I didn't
> > > > > > > miss anything, it would block valid events, such as those from
> > > > > > > sctp_sf_do_5_1D_ce
> > > > > > >sctp_process_init
> > > > > > > because sctp_process_init will only call sctp_assoc_set_id() by
> > > > > > > its
> > > > > > > end.
> > > > > >
> > > > > > Do we want these events at this stage?
> > > > > > Since the association is a newly established one, have the peer
> > > > > > address changed?
> > > > > > Should we enqueue these messages with sm commands instead?
> > > > > > And drop them if we don't have state SCTP_STATE_ESTABLISHED?
> > > > > >
> > > > > > >
> > > > > > > I can't see a good reason for generating any event on temp
> > > > > > > assocs. So
> > > > > > > I'm thinking the checks on this patch should be on whether the
> > > > > > > asoc is
> > > > > > > a temporary one instead. WDYT?
> > > > > > >
> > > > > >
> > > > > > Agree, we shouldn't rely on coincidence.
> > > > > > Either check temp instead or the above mentioned state?
> > > > > >
> > > > > > > Then, considering the socket is locked, both code points should be
> > > > > > > allocating the IDR earlier. It's expensive, yes (point being, it
> > > > > > > could
> > > > > > > be avoided in case of other failures), but it should be generating
> > > > > > > events with the right assoc id. Are you interes
[PATCH] sctp: check assoc before SCTP_ADDR_{MADE_PRIM,ADDED} event
Do not generate SCTP_ADDR_{MADE_PRIM,ADDED} events for SCTP_FUTURE_ASSOC assocs.
These events are described in rfc6458#section-6.1
SCTP_PEER_ADDR_CHANGE:
This tag indicates that an address that is
part of an existing association has experienced a change of
state (e.g., a failure or return to service of the reachability
of an endpoint via a specific transport address).
Signed-off-by: Jonas Falkevik
---
net/sctp/associola.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 437079a4883d..0c5dd295f9b8 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -432,8 +432,10 @@ void sctp_assoc_set_primary(struct sctp_association *asoc,
changeover = 1 ;
asoc->peer.primary_path = transport;
-sctp_ulpevent_nofity_peer_addr_change(transport,
- SCTP_ADDR_MADE_PRIM, 0);
+if (sctp_assoc2id(asoc) != SCTP_FUTURE_ASSOC)
+sctp_ulpevent_nofity_peer_addr_change(transport,
+ SCTP_ADDR_MADE_PRIM,
+ 0);
/* Set a default msg_name for events. */
memcpy(&asoc->peer.primary_addr, &transport->ipaddr,
@@ -714,7 +716,10 @@ struct sctp_transport *sctp_assoc_add_peer(struct
sctp_association *asoc,
list_add_tail_rcu(&peer->transports, &asoc->peer.transport_addr_list);
asoc->peer.transport_count++;
-sctp_ulpevent_nofity_peer_addr_change(peer, SCTP_ADDR_ADDED, 0);
+if (sctp_assoc2id(asoc) != SCTP_FUTURE_ASSOC)
+sctp_ulpevent_nofity_peer_addr_change(peer,
+ SCTP_ADDR_ADDED,
+ 0);
/* If we do not yet have a primary path, set one. */
if (!asoc->peer.primary_path) {
--
2.25.3
Re: [PATCH] sctp: check assoc before SCTP_ADDR_{MADE_PRIM,ADDED} event
On Wed, May 13, 2020 at 6:01 PM Marcelo Ricardo Leitner
wrote:
>
> On Wed, May 13, 2020 at 04:52:16PM +0200, Jonas Falkevik wrote:
> > Do not generate SCTP_ADDR_{MADE_PRIM,ADDED} events for SCTP_FUTURE_ASSOC
> > assocs.
>
> How did you get them?
>
I think one case is when receiving INIT chunk in sctp_sf_do_5_1B_init().
Here a closed association is created, sctp_make_temp_assoc().
Which is later used when calling sctp_process_init().
In sctp_process_init() one of the first things are to call
sctp_assoc_add_peer()
on the closed / temp assoc.
sctp_assoc_add_peer() are generating the SCTP_ADDR_ADDED event on the socket
for the potentially new association.
$ cat sctp.bpftrace
#!/usr/local/bin/bpftrace
BEGIN
{
printf("Tracing sctp_assoc_add_peer\n");
printf("Hit Ctrl-C to end.\n");
}
kprobe:sctp_assoc_add_peer
{
@[kstack]=count();
}
$ sudo bpftrace sctp.bpftrace
Attaching 2 probes...
Tracing sctp_assoc_add_peer
Hit Ctrl-C to end.
^C
@[
sctp_assoc_add_peer+1
sctp_process_init+77
sctp_sf_do_5_1B_init+615
sctp_do_sm+132
sctp_endpoint_bh_rcv+256
sctp_rcv+2379
ip_protocol_deliver_rcu+393
ip_local_deliver_finish+68
ip_local_deliver+203
ip_rcv+156
__netif_receive_skb_one_core+96
process_backlog+164
net_rx_action+312
__softirqentry_text_start+238
do_softirq_own_stack+42
do_softirq.part.0+65
__local_bh_enable_ip+75
ip_finish_output2+415
ip_output+102
__ip_queue_xmit+364
sctp_packet_transmit+1814
sctp_outq_flush_ctrl.constprop.0+394
sctp_outq_flush+86
sctp_do_sm+3914
sctp_primitive_ASSOCIATE+44
__sctp_connect+707
sctp_inet_connect+98
__sys_connect+156
__x64_sys_connect+22
do_syscall_64+91
entry_SYSCALL_64_after_hwframe+68
]: 1
...
> I'm thinking you're fixing a side-effect of another issue here. For
> example, in sctp_assoc_update(), it first calls sctp_assoc_add_peer()
> to only then call sctp_assoc_set_id(), which would generate the event
> you might have seen. In this case, it should be allocating IDR before,
> so that the event can be sent with the right assoc_id already.
>
> >
> > These events are described in rfc6458#section-6.1
> > SCTP_PEER_ADDR_CHANGE:
> > This tag indicates that an address that is
> > part of an existing association has experienced a change of
> > state (e.g., a failure or return to service of the reachability
> > of an endpoint via a specific transport address).
> >
> > Signed-off-by: Jonas Falkevik
> > ---
> > net/sctp/associola.c | 11 ---
> > 1 file changed, 8 insertions(+), 3 deletions(-)
> >
> > diff --git a/net/sctp/associola.c b/net/sctp/associola.c
> > index 437079a4883d..0c5dd295f9b8 100644
> > --- a/net/sctp/associola.c
> > +++ b/net/sctp/associola.c
> > @@ -432,8 +432,10 @@ void sctp_assoc_set_primary(struct sctp_association
> > *asoc,
> > changeover = 1 ;
> >
> > asoc->peer.primary_path = transport;
> > -sctp_ulpevent_nofity_peer_addr_change(transport,
> > - SCTP_ADDR_MADE_PRIM, 0);
> > +if (sctp_assoc2id(asoc) != SCTP_FUTURE_ASSOC)
> > +sctp_ulpevent_nofity_peer_addr_change(transport,
> > + SCTP_ADDR_MADE_PRIM,
> > + 0);
> >
> > /* Set a default msg_name for events. */
> > memcpy(&asoc->peer.primary_addr, &transport->ipaddr,
> > @@ -714,7 +716,10 @@ struct sctp_transport *sctp_assoc_add_peer(struct
> > sctp_association *asoc,
> > list_add_tail_rcu(&peer->transports, &asoc->peer.transport_addr_list);
> > asoc->peer.transport_count++;
> >
> > -sctp_ulpevent_nofity_peer_addr_change(peer, SCTP_ADDR_ADDED, 0);
> > +if (sctp_assoc2id(asoc) != SCTP_FUTURE_ASSOC)
> > +sctp_ulpevent_nofity_peer_addr_change(peer,
> > + SCTP_ADDR_ADDED,
> > + 0);
> >
> > /* If we do not yet have a primary path, set one. */
> > if (!asoc->peer.primary_path) {
> > --
> > 2.25.3
Re: [PATCH] sctp: check assoc before SCTP_ADDR_{MADE_PRIM,ADDED} event
On Tue, May 19, 2020 at 10:42 PM Marcelo Ricardo Leitner
wrote:
>
> On Fri, May 15, 2020 at 10:30:29AM +0200, Jonas Falkevik wrote:
> > On Wed, May 13, 2020 at 11:32 PM Marcelo Ricardo Leitner
> > wrote:
> > >
> > > On Wed, May 13, 2020 at 10:11:05PM +0200, Jonas Falkevik wrote:
> > > > On Wed, May 13, 2020 at 6:01 PM Marcelo Ricardo Leitner
> > > > wrote:
> > > > >
> > > > > On Wed, May 13, 2020 at 04:52:16PM +0200, Jonas Falkevik wrote:
> > > > > > Do not generate SCTP_ADDR_{MADE_PRIM,ADDED} events for
> > > > > > SCTP_FUTURE_ASSOC assocs.
> > > > >
> > > > > How did you get them?
> > > > >
> > > >
> > > > I think one case is when receiving INIT chunk in sctp_sf_do_5_1B_init().
> > > > Here a closed association is created, sctp_make_temp_assoc().
> > > > Which is later used when calling sctp_process_init().
> > > > In sctp_process_init() one of the first things are to call
> > > > sctp_assoc_add_peer()
> > > > on the closed / temp assoc.
> > > >
> > > > sctp_assoc_add_peer() are generating the SCTP_ADDR_ADDED event on the
> > > > socket
> > > > for the potentially new association.
> > >
> > > I see, thanks. The SCTP_FUTURE_ASSOC means something different. It is
> > > for setting/getting socket options that will be used for new asocs. In
> > > this case, it is just a coincidence that asoc_id is not set (but
> > > initialized to 0) and SCTP_FUTURE_ASSOC is also 0.
> >
> > yes, you are right, I overlooked that.
> >
> > > Moreso, if I didn't
> > > miss anything, it would block valid events, such as those from
> > > sctp_sf_do_5_1D_ce
> > >sctp_process_init
> > > because sctp_process_init will only call sctp_assoc_set_id() by its
> > > end.
> >
> > Do we want these events at this stage?
> > Since the association is a newly established one, have the peer address
> > changed?
> > Should we enqueue these messages with sm commands instead?
> > And drop them if we don't have state SCTP_STATE_ESTABLISHED?
> >
> > >
> > > I can't see a good reason for generating any event on temp assocs. So
> > > I'm thinking the checks on this patch should be on whether the asoc is
> > > a temporary one instead. WDYT?
> > >
> >
> > Agree, we shouldn't rely on coincidence.
> > Either check temp instead or the above mentioned state?
> >
> > > Then, considering the socket is locked, both code points should be
> > > allocating the IDR earlier. It's expensive, yes (point being, it could
> > > be avoided in case of other failures), but it should be generating
> > > events with the right assoc id. Are you interested in pursuing this
> > > fix as well?
> >
> > Sure.
> >
> > If we check temp status instead, we would need to allocate IDR earlier,
> > as you mention. So that we send the notification with correct assoc id.
> >
> > But shouldn't the SCTP_COMM_UP, for a newly established association, be the
> > first notification event sent?
> > The SCTP_COMM_UP notification is enqueued later in sctp_sf_do_5_1D_ce().
>
> The RFC doesn't mention any specific ordering for them, but it would
> make sense. Reading the FreeBSD code now (which I consider a reference
> implementation), it doesn't raise these notifications from
> INIT_ACK/COOKIE_ECHO at all. The only trigger for SCTP_ADDR_ADDED
> event is ASCONF ADD command itself. So these are extra in Linux, and
> I'm afraid we got to stick with them.
>
> Considering the error handling it already has, looks like the
> reordering is feasible and welcomed. I'm thinking the temp check and
> reordering is the best way forward here.
>
> Thoughts? Neil? Xin? The assoc_id change might be considered an UAPI
> breakage.
Some order is mentioned in RFC 6458 Chapter 6.1.1.
SCTP_COMM_UP: A new association is now ready, and data may be
exchanged with this peer. When an association has been
established successfully, this notification should be the
first one.
I can make a patch with a check on temp and make COMM_UP event first.
Currently the COMM_UP event is enqueued via commands
while the SCTP_ADDR_ADDED event is enqueued directly.
sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
vs.
asoc->stream.si->enqueue_event(&asoc->ulpq, event);
Do you want me to change to use commands instead of enqueing?
Or should we enqueue the COMM_UP event directly?
-Jonas
Re: [PATCH] sctp: check assoc before SCTP_ADDR_{MADE_PRIM,ADDED} event
On Wed, May 13, 2020 at 11:32 PM Marcelo Ricardo Leitner
wrote:
>
> On Wed, May 13, 2020 at 10:11:05PM +0200, Jonas Falkevik wrote:
> > On Wed, May 13, 2020 at 6:01 PM Marcelo Ricardo Leitner
> > wrote:
> > >
> > > On Wed, May 13, 2020 at 04:52:16PM +0200, Jonas Falkevik wrote:
> > > > Do not generate SCTP_ADDR_{MADE_PRIM,ADDED} events for
> > > > SCTP_FUTURE_ASSOC assocs.
> > >
> > > How did you get them?
> > >
> >
> > I think one case is when receiving INIT chunk in sctp_sf_do_5_1B_init().
> > Here a closed association is created, sctp_make_temp_assoc().
> > Which is later used when calling sctp_process_init().
> > In sctp_process_init() one of the first things are to call
> > sctp_assoc_add_peer()
> > on the closed / temp assoc.
> >
> > sctp_assoc_add_peer() are generating the SCTP_ADDR_ADDED event on the socket
> > for the potentially new association.
>
> I see, thanks. The SCTP_FUTURE_ASSOC means something different. It is
> for setting/getting socket options that will be used for new asocs. In
> this case, it is just a coincidence that asoc_id is not set (but
> initialized to 0) and SCTP_FUTURE_ASSOC is also 0.
yes, you are right, I overlooked that.
> Moreso, if I didn't
> miss anything, it would block valid events, such as those from
> sctp_sf_do_5_1D_ce
>sctp_process_init
> because sctp_process_init will only call sctp_assoc_set_id() by its
> end.
Do we want these events at this stage?
Since the association is a newly established one, have the peer address changed?
Should we enqueue these messages with sm commands instead?
And drop them if we don't have state SCTP_STATE_ESTABLISHED?
>
> I can't see a good reason for generating any event on temp assocs. So
> I'm thinking the checks on this patch should be on whether the asoc is
> a temporary one instead. WDYT?
>
Agree, we shouldn't rely on coincidence.
Either check temp instead or the above mentioned state?
> Then, considering the socket is locked, both code points should be
> allocating the IDR earlier. It's expensive, yes (point being, it could
> be avoided in case of other failures), but it should be generating
> events with the right assoc id. Are you interested in pursuing this
> fix as well?
Sure.
If we check temp status instead, we would need to allocate IDR earlier,
as you mention. So that we send the notification with correct assoc id.
But shouldn't the SCTP_COMM_UP, for a newly established association, be the
first notification event sent?
The SCTP_COMM_UP notification is enqueued later in sctp_sf_do_5_1D_ce().
>
> >
> > $ cat sctp.bpftrace
> > #!/usr/local/bin/bpftrace
> >
> > BEGIN
> > {
> >printf("Tracing sctp_assoc_add_peer\n");
> >printf("Hit Ctrl-C to end.\n");
> > }
> >
> > kprobe:sctp_assoc_add_peer
> > {
> >@[kstack]=count();
> > }
> >
> > $ sudo bpftrace sctp.bpftrace
> > Attaching 2 probes...
> > Tracing sctp_assoc_add_peer
> > Hit Ctrl-C to end.
> > ^C
> >
> > @[
> >sctp_assoc_add_peer+1
> >sctp_process_init+77
> >sctp_sf_do_5_1B_init+615
> >sctp_do_sm+132
> >sctp_endpoint_bh_rcv+256
> >sctp_rcv+2379
> >ip_protocol_deliver_rcu+393
> >ip_local_deliver_finish+68
> >ip_local_deliver+203
> >ip_rcv+156
> >__netif_receive_skb_one_core+96
> >process_backlog+164
> >net_rx_action+312
> >__softirqentry_text_start+238
> >do_softirq_own_stack+42
> >do_softirq.part.0+65
> >__local_bh_enable_ip+75
> >ip_finish_output2+415
> >ip_output+102
> >__ip_queue_xmit+364
> >sctp_packet_transmit+1814
> >sctp_outq_flush_ctrl.constprop.0+394
> >sctp_outq_flush+86
> >sctp_do_sm+3914
> >sctp_primitive_ASSOCIATE+44
> >__sctp_connect+707
> >sctp_inet_connect+98
> >__sys_connect+156
> >__x64_sys_connect+22
> >do_syscall_64+91
> >entry_SYSCALL_64_after_hwframe+68
> > ]: 1
> > ...
> >
> > > I'm thinking you're fixing a side-effect of another issue here. For
> > > example, in sctp_assoc_update(), it first calls sctp_assoc_add_peer()
> > > to only then call sctp_assoc_set_id(), which would generate the event
> > > you might have seen. In this case, it should be allocating IDR before,
> > > so that the event can be sent with the right assoc_id already.
> > >
> > > >
> > > > These events are described in rfc6458#section-6.1
>
