From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH] tcp, flow: Fix some error paths which didn't clean up flows properly
Date: Fri, 7 Jun 2024 11:55:24 +1000 [thread overview]
Message-ID: <20240607015524.1633407-1-david@gibson.dropbear.id.au> (raw)
Flow table entries need to be fully initialised before returning to the
main epoll loop. Commit 0060acd1 ("flow: Clarify and enforce flow state
transitions") now enforces that: once a flow is allocated we must either
cancel it, or activate it before returning to the main loop, or we will hit
an ASSERT().
Some error paths in tcp_conn_from_tap() weren't correctly updated for this
requirement - we can exit with a flow entry incompletely initialised.
Correct that by cancelling the flows in those situations.
I don't have enough information to be certain if this is the cause for
podman bug 22925, but it plausibly could be.
Fixes: 0060acd1 ("flow: Clarify and enforce flow state transitions")
Link: https://github.com/containers/podman/issues/22925
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
tcp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tcp.c b/tcp.c
index 0dccde9c..cb613cf3 100644
--- a/tcp.c
+++ b/tcp.c
@@ -2067,7 +2067,7 @@ static void tcp_conn_from_tap(struct ctx *c, sa_family_t af,
if (!bind(s, sa, sl)) {
tcp_rst(c, conn); /* Nobody is listening then */
- return;
+ goto cancel;
}
if (errno != EADDRNOTAVAIL && errno != EACCES)
conn_flag(c, conn, LOCAL);
@@ -2080,7 +2080,7 @@ static void tcp_conn_from_tap(struct ctx *c, sa_family_t af,
if (connect(s, sa, sl)) {
if (errno != EINPROGRESS) {
tcp_rst(c, conn);
- return;
+ goto cancel;
}
tcp_get_sndbuf(conn);
@@ -2088,7 +2088,7 @@ static void tcp_conn_from_tap(struct ctx *c, sa_family_t af,
tcp_get_sndbuf(conn);
if (tcp_send_flag(c, conn, SYN | ACK))
- return;
+ goto cancel;
conn_event(c, conn, TAP_SYN_ACK_SENT);
}
--
@@ -2067,7 +2067,7 @@ static void tcp_conn_from_tap(struct ctx *c, sa_family_t af,
if (!bind(s, sa, sl)) {
tcp_rst(c, conn); /* Nobody is listening then */
- return;
+ goto cancel;
}
if (errno != EADDRNOTAVAIL && errno != EACCES)
conn_flag(c, conn, LOCAL);
@@ -2080,7 +2080,7 @@ static void tcp_conn_from_tap(struct ctx *c, sa_family_t af,
if (connect(s, sa, sl)) {
if (errno != EINPROGRESS) {
tcp_rst(c, conn);
- return;
+ goto cancel;
}
tcp_get_sndbuf(conn);
@@ -2088,7 +2088,7 @@ static void tcp_conn_from_tap(struct ctx *c, sa_family_t af,
tcp_get_sndbuf(conn);
if (tcp_send_flag(c, conn, SYN | ACK))
- return;
+ goto cancel;
conn_event(c, conn, TAP_SYN_ACK_SENT);
}
--
2.45.2
next reply other threads:[~2024-06-07 1:57 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-07 1:55 David Gibson [this message]
2024-06-07 18:49 ` [PATCH] tcp, flow: Fix some error paths which didn't clean up flows properly Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240607015524.1633407-1-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).