Commit 020e71a3 authored by Eric Dumazet's avatar Eric Dumazet Committed by Jakub Kicinski
Browse files

ipv4: guard IP_MINTTL with a static key 



RFC 5082 IP_MINTTL option is rarely used on hosts.

Add a static key to remove from TCP fast path useless code,
and potential cache line miss to fetch inet_sk(sk)->min_ttl

Note that once ip4_min_ttl static key has been enabled,
it stays enabled until next boot.

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 14834c4f

include/net/ip.h

+2 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ 
#include <linux/skbuff.h>

#include <linux/jhash.h>

#include <linux/sockptr.h>

#include <linux/static_key.h>



#include <net/inet_sock.h>

#include <net/route.h>
@@ -750,6 +751,7 @@ void ip_cmsg_recv_offset(struct msghdr *msg, struct sock *sk, 
			 struct sk_buff *skb, int tlen, int offset);

int ip_cmsg_send(struct sock *sk, struct msghdr *msg,

		 struct ipcm_cookie *ipc, bool allow_ipv6);

DECLARE_STATIC_KEY_FALSE(ip4_min_ttl);

int ip_setsockopt(struct sock *sk, int level, int optname, sockptr_t optval,

		  unsigned int optlen);

int ip_getsockopt(struct sock *sk, int level, int optname, char __user *optval,

net/ipv4/ip_sockglue.c

+6 −0
Original line number Diff line number Diff line
@@ -886,6 +886,8 @@ static int compat_ip_mcast_join_leave(struct sock *sk, int optname, 
	return ip_mc_leave_group(sk, &mreq);

}



DEFINE_STATIC_KEY_FALSE(ip4_min_ttl);



static int do_ip_setsockopt(struct sock *sk, int level, int optname,

		sockptr_t optval, unsigned int optlen)

{
@@ -1352,6 +1354,10 @@ static int do_ip_setsockopt(struct sock *sk, int level, int optname, 
			goto e_inval;

		if (val < 0 || val > 255)

			goto e_inval;



		if (val)

			static_branch_enable(&ip4_min_ttl);



		/* tcp_v4_err() and tcp_v4_rcv() might read min_ttl

		 * while we are changint it.

		 */

net/ipv4/tcp_ipv4.c

+12 −8
Original line number Diff line number Diff line
@@ -508,11 +508,13 @@ int tcp_v4_err(struct sk_buff *skb, u32 info) 
	if (sk->sk_state == TCP_CLOSE)

		goto out;



	if (static_branch_unlikely(&ip4_min_ttl)) {

		/* min_ttl can be changed concurrently from do_ip_setsockopt() */

		if (unlikely(iph->ttl < READ_ONCE(inet_sk(sk)->min_ttl))) {

			__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);

			goto out;

		}

	}



	tp = tcp_sk(sk);

	/* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
@@ -2070,11 +2072,13 @@ int tcp_v4_rcv(struct sk_buff *skb) 
		}

	}



	if (static_branch_unlikely(&ip4_min_ttl)) {

		/* min_ttl can be changed concurrently from do_ip_setsockopt() */

		if (unlikely(iph->ttl < READ_ONCE(inet_sk(sk)->min_ttl))) {

			__NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);

			goto discard_and_relse;

		}

	}



	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))

		goto discard_and_relse;