Date: Mon, 9 Jan 2023 18:05:04 -0800 From: Gleb Smirnoff <glebius@freebsd.org> To: "Bjoern A. Zeeb" <bz@freebsd.org> Cc: Andrew Gallatin <gallatin@gmail.com>, "pjd@FreeBSD.org" <pjd@freebsd.org>, James Gritton <jamie@freebsd.org>, jail@freebsd.org Subject: Re: prison_flag() check in hot path of in_pcblookup() Message-ID: <Y7zH0K60jfHYYNVS@FreeBSD.org> In-Reply-To: <6r10qop4-7p83-qs6s-q3r0-64756n243rp5@serrofq.bet> References: <CADwhF6VuoPCNEqyBmt%2BdZgDwHdaGty2%2BsYU4eYg0_62CMHq-BA@mail.gmail.com> <e5ef5a4dfae8f7723c10dfb8db9b7d9a@freebsd.org> <CADwhF6XyxCdW_PGX5iGd_mX-MFZKCxt5xPhYHDkzgkkQ0kunMg@mail.gmail.com> <6on81os3-501-s5n2-8nos-p85n8op23232@serrofq.bet> <CADwhF6XSQE%2BLg5wOH8BG9G%2BjyBkb1fbArz3KmnQ1FaP_yTgDeg@mail.gmail.com> <6r10qop4-7p83-qs6s-q3r0-64756n243rp5@serrofq.bet>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 13, 2022 at 11:54:17PM +0000, Bjoern A. Zeeb wrote: B> On Tue, 13 Dec 2022, Andrew Gallatin wrote: B> B> > [ I added pjd, since the original patch came from him ] B> > B> > Just to make sure I understand, I have a simple yes/no question: B> > B> > Can jails and the host ever share the same (local) port and the same IP? B> B> Can they currently (I tested only for TCP)? B> B> - local binds can overlap like they can with just the base system. B> so bind(... {AF_INET, laddr, lport} ... ) works fine (REUSEPORT). B> B> - tcp connect of a 2nd socket to the same {faddr, fport} from the above B> bind will fail with 'Address already in use' [currently] B> [I believe that would mean your patch could go in? Where does the error come from [%]?] [*] My reading of code confirms your tests. The official way to insert a tuple is in_pcbconnect_setup() which branches into either its own check with in_pcblookup_hash_locked() and returns EADDRINUSE or runs in_pcb_lport_dest() which would also use in_pcblookup_hash_locked() to check for existing entries. Thus, with official KPI it is impossible to insert two completely identical 4-tuples. Alas, we have in_pcbinshash() exposed outside, as it is expected to be called after in_pcblookup_hash_locked(), so there is no 100% source code protection from having identical tuples. ... and I'm lost in researching all possible scenarios that edit the database. We need to tighten this KPI. Anyway, given tests that Bjoern did, given lack of official tests in src/tests/sys and overall agreement on this code looking strange, I'd suggest to go forward with Drew's suggestion: https://reviews.freebsd.org/D38015 What's your opinion? Given that code comes from Drew I'd suggest him to either commandeer the revision and commit himself, or let me commit & push with --author. Or I can commit with my name and be fully resposible for the fallout :) -- Gleb Smirnoff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Y7zH0K60jfHYYNVS>