| Message ID | 20201125221810.69870-1-saeedm@nvidia.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [V2,net] net/tls: Protect from calling tls_dev_del for TLS RX twice | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net |
| netdev/subject_prefix | success | Link |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 87 this patch: 87 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | warning | WARNING: Do not use whitespace before Signed-off-by: WARNING: line length of 88 exceeds 80 columns |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 87 this patch: 87 |
| netdev/header_inline | success | Link |
| netdev/stable | success | Stable not CCed |
On Wed, 25 Nov 2020 14:18:10 -0800 Saeed Mahameed wrote: > From: Maxim Mikityanskiy <maximmi@mellanox.com> > > tls_device_offload_cleanup_rx doesn't clear tls_ctx->netdev after > calling tls_dev_del if TLX TX offload is also enabled. Clearing > tls_ctx->netdev gets postponed until tls_device_gc_task. It leaves a > time frame when tls_device_down may get called and call tls_dev_del for > RX one extra time, confusing the driver, which may lead to a crash. > > This patch corrects this racy behavior by adding a flag to prevent > tls_device_down from calling tls_dev_del the second time. > > Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure") > Signed-off-by: Maxim Mikityanskiy <maximmi@mellanox.com> > Signed-off-by: Saeed Mahameed <saeedm@nvidia.com> Applied, thanks!
diff --git a/include/net/tls.h b/include/net/tls.h index cf1473099453..2bdd802212fe 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -199,6 +199,12 @@ enum tls_context_flags { * to be atomic. */ TLS_TX_SYNC_SCHED = 1, + /* tls_dev_del was called for the RX side, device state was released, + * but tls_ctx->netdev might still be kept, because TX-side driver + * resources might not be released yet. Used to prevent the second + * tls_dev_del call in tls_device_down if it happens simultaneously. + */ + TLS_RX_DEV_CLOSED = 2, }; struct cipher_context { diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 54d3e161d198..8c2125caeb8a 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1262,6 +1262,8 @@ void tls_device_offload_cleanup_rx(struct sock *sk) if (tls_ctx->tx_conf != TLS_HW) { dev_put(netdev); tls_ctx->netdev = NULL; + } else { + set_bit(TLS_RX_DEV_CLOSED, &tls_ctx->flags); } out: up_read(&device_offload_lock); @@ -1291,7 +1293,7 @@ static int tls_device_down(struct net_device *netdev) if (ctx->tx_conf == TLS_HW) netdev->tlsdev_ops->tls_dev_del(netdev, ctx, TLS_OFFLOAD_CTX_DIR_TX); - if (ctx->rx_conf == TLS_HW) + if (ctx->rx_conf == TLS_HW && !test_bit(TLS_RX_DEV_CLOSED, &ctx->flags)) netdev->tlsdev_ops->tls_dev_del(netdev, ctx, TLS_OFFLOAD_CTX_DIR_RX); WRITE_ONCE(ctx->netdev, NULL);