[net,0/7] net: tls: fix some issues with async encryption

Message ID	20240207011824.2609030-1-kuba@kernel.org (mailing list archive)
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F49D15E90 for <netdev@vger.kernel.org>; Wed, 7 Feb 2024 01:19:04 +0000 (UTC) From: Jakub Kicinski <kuba@kernel.org> To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, sd@queasysnail.net, vadim.fedorenko@linux.dev, Jakub Kicinski <kuba@kernel.org> Subject: [PATCH net 0/7] net: tls: fix some issues with async encryption Date: Tue, 6 Feb 2024 17:18:17 -0800 Message-ID: <20240207011824.2609030-1-kuba@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	net: tls: fix some issues with async encryption \| expand [net,0/7] net: tls: fix some issues with async encryption [net,1/7] net: tls: factor out tls_*crypt_async_wait() [net,2/7] tls: fix race between async notify and socket close [net,3/7] tls: fix race between tx work scheduling and socket close [net,4/7] net: tls: handle backlogging of crypto requests [net,5/7] net: tls: fix use-after-free with partial reads and async decrypt [net,6/7] selftests: tls: use exact comparison in recv_partial [net,7/7] net: tls: fix returned read length with async decrypt

Message ID

20240207011824.2609030-1-kuba@kernel.org (mailing list archive)

Headers

From: Jakub Kicinski <kuba@kernel.org>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org,
	edumazet@google.com,
	pabeni@redhat.com,
	sd@queasysnail.net,
	vadim.fedorenko@linux.dev,
	Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH net 0/7] net: tls: fix some issues with async encryption
Date: Tue,  6 Feb 2024 17:18:17 -0800
Message-ID: <20240207011824.2609030-1-kuba@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

net: tls: fix some issues with async encryption | expand

Message

Jakub Kicinski Feb. 7, 2024, 1:18 a.m. UTC

Hi!

valis was reporting a race on socket close so I sat down to try to fix it.
I used Sabrina's async crypto debug patch to test... and in the process
run into some of the same issues, and created very similar fixes :(
I didn't realize how many of those patches weren't applied. Once I found
Sabrina's code [1] it turned out to be so similar in fact that I added
her S-o-b's and Co-develop'eds in a semi-haphazard way.

With this series in place all expected tests pass with async crypto.
Sabrina had a few more fixes, but I'll leave those to her, things are
not crashing anymore.

[1] https://lore.kernel.org/netdev/cover.1694018970.git.sd@queasysnail.net/

Jakub Kicinski (6):
  net: tls: factor out tls_*crypt_async_wait()
  tls: fix race between async notify and socket close
  tls: fix race between tx work scheduling and socket close
  net: tls: handle backlogging of crypto requests
  selftests: tls: use exact comparison in recv_partial
  net: tls: fix returned read length with async decrypt

Sabrina Dubroca (1):
  net: tls: fix use-after-free with partial reads and async decrypt

 include/net/tls.h                 |   5 --
 net/tls/tls_sw.c                  | 135 ++++++++++++++----------------
 tools/testing/selftests/net/tls.c |   8 +-
 3 files changed, 66 insertions(+), 82 deletions(-)

Comments

Sabrina Dubroca Feb. 10, 2024, 9:05 a.m. UTC | #1

2024-02-06, 17:18:17 -0800, Jakub Kicinski wrote:
> Hi!
> 
> valis was reporting a race on socket close so I sat down to try to fix it.
> I used Sabrina's async crypto debug patch to test... and in the process
> run into some of the same issues, and created very similar fixes :(
> I didn't realize how many of those patches weren't applied. Once I found
> Sabrina's code [1] it turned out to be so similar in fact that I added
> her S-o-b's and Co-develop'eds in a semi-haphazard way.
> 
> With this series in place all expected tests pass with async crypto.
> Sabrina had a few more fixes, but I'll leave those to her, things are
> not crashing anymore.

Sorry :(
I got stuck trying to fix a race condition (probably one of those
you're fixing in this series, I tried something similar to patch 3 but
that wasn't enough), and then got distracted. I had a v2 ready and
never posted it :/

Thanks for taking over, and sorry for the duplicate effort. I'll go
back to my old series and see if anything is still relevant on top of
this.

patchwork-bot+netdevbpf@kernel.org Feb. 10, 2024, 9:40 p.m. UTC | #2

Hello:

This series was applied to netdev/net.git (main)
by David S. Miller <davem@davemloft.net>:

On Tue,  6 Feb 2024 17:18:17 -0800 you wrote:
> Hi!
> 
> valis was reporting a race on socket close so I sat down to try to fix it.
> I used Sabrina's async crypto debug patch to test... and in the process
> run into some of the same issues, and created very similar fixes :(
> I didn't realize how many of those patches weren't applied. Once I found
> Sabrina's code [1] it turned out to be so similar in fact that I added
> her S-o-b's and Co-develop'eds in a semi-haphazard way.
> 
> [...]

Here is the summary with links:
  - [net,1/7] net: tls: factor out tls_*crypt_async_wait()
    https://git.kernel.org/netdev/net/c/c57ca512f3b6
  - [net,2/7] tls: fix race between async notify and socket close
    https://git.kernel.org/netdev/net/c/aec7961916f3
  - [net,3/7] tls: fix race between tx work scheduling and socket close
    https://git.kernel.org/netdev/net/c/e01e3934a1b2
  - [net,4/7] net: tls: handle backlogging of crypto requests
    https://git.kernel.org/netdev/net/c/859054147318
  - [net,5/7] net: tls: fix use-after-free with partial reads and async decrypt
    https://git.kernel.org/netdev/net/c/32b55c5ff910
  - [net,6/7] selftests: tls: use exact comparison in recv_partial
    https://git.kernel.org/netdev/net/c/49d821064c44
  - [net,7/7] net: tls: fix returned read length with async decrypt
    https://git.kernel.org/netdev/net/c/ac437a51ce66

You are awesome, thank you!