From patchwork Wed Feb 7 01:18:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 13547969 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A610C8F62 for ; Wed, 7 Feb 2024 01:19:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268745; cv=none; b=EycxZ877sGk8TfHRmrICyH0DDHZy0XeolOav2u0DI6OPaKDJcUFNpBtvZSF8EYMoPNMrvMA7rOk74psuoMULPrvZp2eCYPMSdv4bxO+o+dH4FUX07tN9Ja7HkbkE/JNagaVgWFV+tIf/vvFmEin7FFXpVPmZhQ8alJF8M4O/HbA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268745; c=relaxed/simple; bh=0VTun5VltIPfeVGBTg1OI8hQN+H7G3s/UXi5rBhehdo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TfERiAeeEKtV5zuHSYgFLLZc29VNCvefEjmd7yYc+woBUUNg992BpBgHnWiQ/8VTeHY5vzv7TVsr7w9Ks27zKTXgOHwqUAHWDrBoX+iVy/6tzC4Ls86Tg0W6gss1/DHhSIiNhP9hFiGKIaLI0NLsH58SPUARY/hh70oSmgcgZJA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=qmVC/FUo; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="qmVC/FUo" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B55E7C433F1; Wed, 7 Feb 2024 01:19:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707268745; bh=0VTun5VltIPfeVGBTg1OI8hQN+H7G3s/UXi5rBhehdo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qmVC/FUoZ5bvKSqXIQOICB8BPUbMp1p4AOwogB6wytkdF/h9o1ZXLBcF9Z2Fdzn1I p+AUwZlQNTnqKlbZm51yU9hryV9R/UGHJqFtyX7dzluet3lm/mjNf2tmrz25vlCUc/ cNMcYCv6u5eWJ1F1b4ciazw92S7hp1rXRU42aZh9xAiec3R2XhQEPXTMQ4ljd16FlN 01uSnZu9OdW7g9tX2Oq2T4q4U82obIdaPq8/62tnTUv8ZCr4CJ8JF5+eGDhZBtISlg Ej1k77kSNcPT4NCelQPFALQEleuofUPxDO54oQ4TAiotuBugaN4ktafqf5l5KZsi3t 1aT7lQMVArRoA== From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, sd@queasysnail.net, vadim.fedorenko@linux.dev, Jakub Kicinski , borisp@nvidia.com, john.fastabend@gmail.com Subject: [PATCH net 1/7] net: tls: factor out tls_*crypt_async_wait() Date: Tue, 6 Feb 2024 17:18:18 -0800 Message-ID: <20240207011824.2609030-2-kuba@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207011824.2609030-1-kuba@kernel.org> References: <20240207011824.2609030-1-kuba@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Factor out waiting for async encrypt and decrypt to finish. There are already multiple copies and a subsequent fix will need more. No functional changes. Note that crypto_wait_req() returns wait->err Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman Reviewed-by: Sabrina Dubroca --- CC: borisp@nvidia.com CC: john.fastabend@gmail.com --- net/tls/tls_sw.c | 96 +++++++++++++++++++++++------------------------- 1 file changed, 45 insertions(+), 51 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 31e8a94dfc11..6a73714f34cc 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -230,6 +230,20 @@ static void tls_decrypt_done(void *data, int err) spin_unlock_bh(&ctx->decrypt_compl_lock); } +static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx) +{ + int pending; + + spin_lock_bh(&ctx->decrypt_compl_lock); + reinit_completion(&ctx->async_wait.completion); + pending = atomic_read(&ctx->decrypt_pending); + spin_unlock_bh(&ctx->decrypt_compl_lock); + if (pending) + crypto_wait_req(-EINPROGRESS, &ctx->async_wait); + + return ctx->async_wait.err; +} + static int tls_do_decryption(struct sock *sk, struct scatterlist *sgin, struct scatterlist *sgout, @@ -495,6 +509,28 @@ static void tls_encrypt_done(void *data, int err) schedule_delayed_work(&ctx->tx_work.work, 1); } +static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) +{ + int pending; + + spin_lock_bh(&ctx->encrypt_compl_lock); + ctx->async_notify = true; + + pending = atomic_read(&ctx->encrypt_pending); + spin_unlock_bh(&ctx->encrypt_compl_lock); + if (pending) + crypto_wait_req(-EINPROGRESS, &ctx->async_wait); + else + reinit_completion(&ctx->async_wait.completion); + + /* There can be no concurrent accesses, since we have no + * pending encrypt operations + */ + WRITE_ONCE(ctx->async_notify, false); + + return ctx->async_wait.err; +} + static int tls_do_encryption(struct sock *sk, struct tls_context *tls_ctx, struct tls_sw_context_tx *ctx, @@ -984,7 +1020,6 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg, int num_zc = 0; int orig_size; int ret = 0; - int pending; if (!eor && (msg->msg_flags & MSG_EOR)) return -EINVAL; @@ -1163,24 +1198,12 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg, if (!num_async) { goto send_end; } else if (num_zc) { + int err; + /* Wait for pending encryptions to get completed */ - spin_lock_bh(&ctx->encrypt_compl_lock); - ctx->async_notify = true; - - pending = atomic_read(&ctx->encrypt_pending); - spin_unlock_bh(&ctx->encrypt_compl_lock); - if (pending) - crypto_wait_req(-EINPROGRESS, &ctx->async_wait); - else - reinit_completion(&ctx->async_wait.completion); - - /* There can be no concurrent accesses, since we have no - * pending encrypt operations - */ - WRITE_ONCE(ctx->async_notify, false); - - if (ctx->async_wait.err) { - ret = ctx->async_wait.err; + err = tls_encrypt_async_wait(ctx); + if (err) { + ret = err; copied = 0; } } @@ -1229,7 +1252,6 @@ void tls_sw_splice_eof(struct socket *sock) ssize_t copied = 0; bool retrying = false; int ret = 0; - int pending; if (!ctx->open_rec) return; @@ -1264,22 +1286,7 @@ void tls_sw_splice_eof(struct socket *sock) } /* Wait for pending encryptions to get completed */ - spin_lock_bh(&ctx->encrypt_compl_lock); - ctx->async_notify = true; - - pending = atomic_read(&ctx->encrypt_pending); - spin_unlock_bh(&ctx->encrypt_compl_lock); - if (pending) - crypto_wait_req(-EINPROGRESS, &ctx->async_wait); - else - reinit_completion(&ctx->async_wait.completion); - - /* There can be no concurrent accesses, since we have no pending - * encrypt operations - */ - WRITE_ONCE(ctx->async_notify, false); - - if (ctx->async_wait.err) + if (tls_encrypt_async_wait(ctx)) goto unlock; /* Transmit if any encryptions have completed */ @@ -2109,16 +2116,10 @@ int tls_sw_recvmsg(struct sock *sk, recv_end: if (async) { - int ret, pending; + int ret; /* Wait for all previously submitted records to be decrypted */ - spin_lock_bh(&ctx->decrypt_compl_lock); - reinit_completion(&ctx->async_wait.completion); - pending = atomic_read(&ctx->decrypt_pending); - spin_unlock_bh(&ctx->decrypt_compl_lock); - ret = 0; - if (pending) - ret = crypto_wait_req(-EINPROGRESS, &ctx->async_wait); + ret = tls_decrypt_async_wait(ctx); __skb_queue_purge(&ctx->async_hold); if (ret) { @@ -2435,16 +2436,9 @@ void tls_sw_release_resources_tx(struct sock *sk) struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); struct tls_rec *rec, *tmp; - int pending; /* Wait for any pending async encryptions to complete */ - spin_lock_bh(&ctx->encrypt_compl_lock); - ctx->async_notify = true; - pending = atomic_read(&ctx->encrypt_pending); - spin_unlock_bh(&ctx->encrypt_compl_lock); - - if (pending) - crypto_wait_req(-EINPROGRESS, &ctx->async_wait); + tls_encrypt_async_wait(ctx); tls_tx_records(sk, -1); From patchwork Wed Feb 7 01:18:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 13547970 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2AD43C157 for ; Wed, 7 Feb 2024 01:19:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268746; cv=none; b=mfuAihMC8YtJ33ourUsXq+5WNXNmV6XZ+WfrTm9iZ+FIGC+dNDPBsO6Sidxax8GmsU1x0A0pNgIOWj3Do3JzOkWfSg/uSZOg+tfnUIaa7szrpHwSIst2RC2nvc+ovdloZJeJSJc4NjA3JCVic+bgUysR8i+TA7/HEapju0cBnjc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268746; c=relaxed/simple; bh=JPUDzo8igKrxNhC4kU7JFFyAUdL8xcA3JampbCc2ZOM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=k5OUE+BZ/I+Czwub+pxvmoBqQJNsxSVx+HO4D7EEUVUFamMx3LghKQvk3A1xLC/8/TS7aD3ooEum8Iq025w3YGskW/gZrQzvgdK1LJuAT2dKcPktUYTqgT5s//SLNwDnePx+fTowtkfwsWdU+lhZWPpYmLNEnse56Slsn3JHHuM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iuj+DnaT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iuj+DnaT" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 418EAC43399; Wed, 7 Feb 2024 01:19:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707268745; bh=JPUDzo8igKrxNhC4kU7JFFyAUdL8xcA3JampbCc2ZOM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iuj+DnaTiWk7F/REPWytQSLUKV/ygLKzqikEHTCwwBw/WQnmWMYQwoPCFmt7wuUmy V+wUrL/Iq1rBbU/P/0NPXOIiqbGmw/QJpEgk2I5M8NmwVS0cbE9vI+9ZmCpmQsTbNw fx3AjgmrR/QlKmSJKiN7dX515ZMkm4Sx5h3sBXJ/UrK/Z1di0FZKCjtVV9rbpn4Pkk nuNc7BWyl2ziyrcELSBwzTmt3oRSH+Dbi018N+xsdfC3akZ0smJ11wJOt2S2k+5OAh 89JUUEPa06xlgFdgy588JzYluPT0rXvQ1gS61VOIwDkYm2Ys0B2UAx4s9YqQBAQMXj SiAEfGvKvoDCg== From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, sd@queasysnail.net, vadim.fedorenko@linux.dev, Jakub Kicinski , valis , borisp@nvidia.com, john.fastabend@gmail.com, vinay.yadav@chelsio.com Subject: [PATCH net 2/7] tls: fix race between async notify and socket close Date: Tue, 6 Feb 2024 17:18:19 -0800 Message-ID: <20240207011824.2609030-3-kuba@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207011824.2609030-1-kuba@kernel.org> References: <20240207011824.2609030-1-kuba@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires. Reported-by: valis Fixes: 0cada33241d9 ("net/tls: fix race condition causing kernel panic") Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman Reviewed-by: Eric Dumazet Reviewed-by: Sabrina Dubroca --- CC: borisp@nvidia.com CC: john.fastabend@gmail.com CC: vinay.yadav@chelsio.com --- include/net/tls.h | 5 ----- net/tls/tls_sw.c | 43 ++++++++++--------------------------------- 2 files changed, 10 insertions(+), 38 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index 962f0c501111..340ad43971e4 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -97,9 +97,6 @@ struct tls_sw_context_tx { struct tls_rec *open_rec; struct list_head tx_list; atomic_t encrypt_pending; - /* protect crypto_wait with encrypt_pending */ - spinlock_t encrypt_compl_lock; - int async_notify; u8 async_capable:1; #define BIT_TX_SCHEDULED 0 @@ -136,8 +133,6 @@ struct tls_sw_context_rx { struct tls_strparser strp; atomic_t decrypt_pending; - /* protect crypto_wait with decrypt_pending*/ - spinlock_t decrypt_compl_lock; struct sk_buff_head async_hold; struct wait_queue_head wq; }; diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 6a73714f34cc..635305bebfef 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -224,22 +224,15 @@ static void tls_decrypt_done(void *data, int err) kfree(aead_req); - spin_lock_bh(&ctx->decrypt_compl_lock); - if (!atomic_dec_return(&ctx->decrypt_pending)) + if (atomic_dec_and_test(&ctx->decrypt_pending)) complete(&ctx->async_wait.completion); - spin_unlock_bh(&ctx->decrypt_compl_lock); } static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx) { - int pending; - - spin_lock_bh(&ctx->decrypt_compl_lock); - reinit_completion(&ctx->async_wait.completion); - pending = atomic_read(&ctx->decrypt_pending); - spin_unlock_bh(&ctx->decrypt_compl_lock); - if (pending) + if (!atomic_dec_and_test(&ctx->decrypt_pending)) crypto_wait_req(-EINPROGRESS, &ctx->async_wait); + atomic_inc(&ctx->decrypt_pending); return ctx->async_wait.err; } @@ -267,6 +260,7 @@ static int tls_do_decryption(struct sock *sk, aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG, tls_decrypt_done, aead_req); + DEBUG_NET_WARN_ON_ONCE(atomic_read(&ctx->decrypt_pending) < 1); atomic_inc(&ctx->decrypt_pending); } else { aead_request_set_callback(aead_req, @@ -455,7 +449,6 @@ static void tls_encrypt_done(void *data, int err) struct sk_msg *msg_en; bool ready = false; struct sock *sk; - int pending; msg_en = &rec->msg_encrypted; @@ -494,12 +487,8 @@ static void tls_encrypt_done(void *data, int err) ready = true; } - spin_lock_bh(&ctx->encrypt_compl_lock); - pending = atomic_dec_return(&ctx->encrypt_pending); - - if (!pending && ctx->async_notify) + if (atomic_dec_and_test(&ctx->encrypt_pending)) complete(&ctx->async_wait.completion); - spin_unlock_bh(&ctx->encrypt_compl_lock); if (!ready) return; @@ -511,22 +500,9 @@ static void tls_encrypt_done(void *data, int err) static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) { - int pending; - - spin_lock_bh(&ctx->encrypt_compl_lock); - ctx->async_notify = true; - - pending = atomic_read(&ctx->encrypt_pending); - spin_unlock_bh(&ctx->encrypt_compl_lock); - if (pending) + if (!atomic_dec_and_test(&ctx->encrypt_pending)) crypto_wait_req(-EINPROGRESS, &ctx->async_wait); - else - reinit_completion(&ctx->async_wait.completion); - - /* There can be no concurrent accesses, since we have no - * pending encrypt operations - */ - WRITE_ONCE(ctx->async_notify, false); + atomic_inc(&ctx->encrypt_pending); return ctx->async_wait.err; } @@ -577,6 +553,7 @@ static int tls_do_encryption(struct sock *sk, /* Add the record in tx_list */ list_add_tail((struct list_head *)&rec->list, &ctx->tx_list); + DEBUG_NET_WARN_ON_ONCE(atomic_read(&ctx->encrypt_pending) < 1); atomic_inc(&ctx->encrypt_pending); rc = crypto_aead_encrypt(aead_req); @@ -2601,7 +2578,7 @@ static struct tls_sw_context_tx *init_ctx_tx(struct tls_context *ctx, struct soc } crypto_init_wait(&sw_ctx_tx->async_wait); - spin_lock_init(&sw_ctx_tx->encrypt_compl_lock); + atomic_set(&sw_ctx_tx->encrypt_pending, 1); INIT_LIST_HEAD(&sw_ctx_tx->tx_list); INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler); sw_ctx_tx->tx_work.sk = sk; @@ -2622,7 +2599,7 @@ static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx) } crypto_init_wait(&sw_ctx_rx->async_wait); - spin_lock_init(&sw_ctx_rx->decrypt_compl_lock); + atomic_set(&sw_ctx_rx->decrypt_pending, 1); init_waitqueue_head(&sw_ctx_rx->wq); skb_queue_head_init(&sw_ctx_rx->rx_list); skb_queue_head_init(&sw_ctx_rx->async_hold); From patchwork Wed Feb 7 01:18:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 13547971 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6E20D2E5 for ; Wed, 7 Feb 2024 01:19:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268746; cv=none; b=RLqiKuXuuEelK649gcLKB9X4Dgk42svVn1akDHRn8u/vG7/x4sRT/9Lw3uO84bGE6aHVO3OIEHZsTxBSwmHi+CsIhSYdnJbwSRRIchIhHMbyFboA9qT8UPs4g56YwzPOlxpGgcYnK6MPBLraFOaQ1r7RTn5MDV8Ry1IjE3ykLDA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268746; c=relaxed/simple; bh=MPAMZ+2JRFlZpMeM+oDUWePVo6iLChJIqlSKP75cyNc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aA41klEL7N7jNivN7t4jbW16rx3jbXLvMOeKTksy7SFbLM/NkctxVglGSynbpxaBrQcKLN2dLy5YSzZAskf9fMDcm7eRH5jhEqyoJmzXTWz2rWLMqlrVUFHIFrONuNWHGUKmRxPf6UpFNfsGj58obasfEZO5gBVQevi4TdglR0Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lf3weUAP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lf3weUAP" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D503CC43394; Wed, 7 Feb 2024 01:19:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707268746; bh=MPAMZ+2JRFlZpMeM+oDUWePVo6iLChJIqlSKP75cyNc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lf3weUAPkmhw9R+bWvgbVXtz81KtMfxZsMGaEgBoDg15nCtNdX9HSPVqgrLYxjA3K 7ABMzxB7kgWvSUqbG1AVijpEwMfmLFE0FXzitY/JnHH4IXXBGVCJNpYDoWeY9fiaM3 PzIqrdjkWmYFfwQ9zpfYydnMiJkv7CffLpk23Kd3AygTlQY/12K4yyv/NrqoXbdD3k 0xjGIVfvSvzLp33+Dul0gOFIPJ5LNiZC7zvDz+d9Ow0tB7W/y69OoRaT9YTee0J/0k w2het3AswdVxbi3vNYpIlDTAJXRLkvqfeF43oK6aKr0gkgj3GktpUoNhlEdYsSjMaE 5VWWBbUfiDxKQ== From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, sd@queasysnail.net, vadim.fedorenko@linux.dev, Jakub Kicinski , valis , borisp@nvidia.com, john.fastabend@gmail.com, vakul.garg@nxp.com Subject: [PATCH net 3/7] tls: fix race between tx work scheduling and socket close Date: Tue, 6 Feb 2024 17:18:20 -0800 Message-ID: <20240207011824.2609030-4-kuba@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207011824.2609030-1-kuba@kernel.org> References: <20240207011824.2609030-1-kuba@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do. Reported-by: valis Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption of records for performance") Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman Reviewed-by: Sabrina Dubroca --- CC: borisp@nvidia.com CC: john.fastabend@gmail.com CC: vakul.garg@nxp.com --- net/tls/tls_sw.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 635305bebfef..9374a61cef00 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -447,7 +447,6 @@ static void tls_encrypt_done(void *data, int err) struct tls_rec *rec = data; struct scatterlist *sge; struct sk_msg *msg_en; - bool ready = false; struct sock *sk; msg_en = &rec->msg_encrypted; @@ -483,19 +482,16 @@ static void tls_encrypt_done(void *data, int err) /* If received record is at head of tx_list, schedule tx */ first_rec = list_first_entry(&ctx->tx_list, struct tls_rec, list); - if (rec == first_rec) - ready = true; + if (rec == first_rec) { + /* Schedule the transmission */ + if (!test_and_set_bit(BIT_TX_SCHEDULED, + &ctx->tx_bitmask)) + schedule_delayed_work(&ctx->tx_work.work, 1); + } } if (atomic_dec_and_test(&ctx->encrypt_pending)) complete(&ctx->async_wait.completion); - - if (!ready) - return; - - /* Schedule the transmission */ - if (!test_and_set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) - schedule_delayed_work(&ctx->tx_work.work, 1); } static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) From patchwork Wed Feb 7 01:18:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 13547972 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62D83DDC1 for ; Wed, 7 Feb 2024 01:19:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268747; cv=none; b=WydlZVP/Ib5lgEu9vK4NeEUzAvK8S9NEzY5GLZVEM+1FdxEPf/yQlWBxypvNj/trGlj2XU9PnhaOhHmNIQNbmjuGPjWXmyLQjIOnZn/qOcZSOyd5m8cO6iCwq3mE1iEIzQ1GnJtsX3UxFaITVB+9n+WtTcNW0Fja+Bx2E1wfsF0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268747; c=relaxed/simple; bh=lF/mdvlKkje8no8Kd9f9/LDGoqiM26kXocIW3GBIqA4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KP05N1ZPtfLHuAqZurjpbfwNcNi0KXDLhLZaEfvf89X19UVrLmHPg7bNk5FQ2EBLY1iQloHxEDewXLoJh/EpbkA/Vn1CKaaTbq+yVNeuNNsUgkDC6qctC2Y0hGtkHPMoSZJnpYEFlwiSDmnQFPWBEr6OYPBagwig0vXgrL+N2HM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bvZrZx1N; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bvZrZx1N" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 72790C433A6; Wed, 7 Feb 2024 01:19:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707268746; bh=lF/mdvlKkje8no8Kd9f9/LDGoqiM26kXocIW3GBIqA4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bvZrZx1NkjzdneXULJhchkovfsmN/0ZBepMSnZaWCbbgx9jtHA5/8R6EQRNW0EJZD w5nJnCZ4AV+OtedOxPHZzOu2sjeQ0jNSS/SYRnOga+UISaywgEhPBzVWr39MJdtzvt pgMfU6Ua8RFwHbPR5E785dNYVgKHeqiSqZey3NG1DC/NZFJuCM47rF/bsJuR6wBGow O8KmI+ZK42a8u5h9Gcw6RWJk4gf6uV9waPyvGKRQPD4RVed03gIqaU6gb7I1h+7/EL EUefNyb43VUITEd6DH/ugumxqdzVj+YJ6HJMpYKiwNz5rHwBjf9tEdDCRA38s5iNbz WTBxnFVQYAsng== From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, sd@queasysnail.net, vadim.fedorenko@linux.dev, Jakub Kicinski , borisp@nvidia.com, john.fastabend@gmail.com, vakul.garg@nxp.com, davejwatson@fb.com Subject: [PATCH net 4/7] net: tls: handle backlogging of crypto requests Date: Tue, 6 Feb 2024 17:18:21 -0800 Message-ID: <20240207011824.2609030-5-kuba@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207011824.2609030-1-kuba@kernel.org> References: <20240207011824.2609030-1-kuba@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical. Fixes: a54667f6728c ("tls: Add support for encryption using async offload accelerator") Fixes: 94524d8fc965 ("net/tls: Add support for async decryption of tls records") Co-developed-by: Sabrina Dubroca Signed-off-by: Sabrina Dubroca Link: https://lore.kernel.org/netdev/9681d1febfec295449a62300938ed2ae66983f28.1694018970.git.sd@queasysnail.net/ Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman --- CC: borisp@nvidia.com CC: john.fastabend@gmail.com CC: vakul.garg@nxp.com CC: davejwatson@fb.com --- net/tls/tls_sw.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 9374a61cef00..63bef5666e36 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -196,6 +196,17 @@ static void tls_decrypt_done(void *data, int err) struct sock *sk; int aead_size; + /* If requests get too backlogged crypto API returns -EBUSY and calls + * ->complete(-EINPROGRESS) immediately followed by ->complete(0) + * to make waiting for backlog to flush with crypto_wait_req() easier. + * First wait converts -EBUSY -> -EINPROGRESS, and the second one + * -EINPROGRESS -> 0. + * We have a single struct crypto_async_request per direction, this + * scheme doesn't help us, so just ignore the first ->complete(). + */ + if (err == -EINPROGRESS) + return; + aead_size = sizeof(*aead_req) + crypto_aead_reqsize(aead); aead_size = ALIGN(aead_size, __alignof__(*dctx)); dctx = (void *)((u8 *)aead_req + aead_size); @@ -269,6 +280,10 @@ static int tls_do_decryption(struct sock *sk, } ret = crypto_aead_decrypt(aead_req); + if (ret == -EBUSY) { + ret = tls_decrypt_async_wait(ctx); + ret = ret ?: -EINPROGRESS; + } if (ret == -EINPROGRESS) { if (darg->async) return 0; @@ -449,6 +464,9 @@ static void tls_encrypt_done(void *data, int err) struct sk_msg *msg_en; struct sock *sk; + if (err == -EINPROGRESS) /* see the comment in tls_decrypt_done() */ + return; + msg_en = &rec->msg_encrypted; sk = rec->sk; @@ -553,6 +571,10 @@ static int tls_do_encryption(struct sock *sk, atomic_inc(&ctx->encrypt_pending); rc = crypto_aead_encrypt(aead_req); + if (rc == -EBUSY) { + rc = tls_encrypt_async_wait(ctx); + rc = rc ?: -EINPROGRESS; + } if (!rc || rc != -EINPROGRESS) { atomic_dec(&ctx->encrypt_pending); sge->offset -= prot->prepend_size; From patchwork Wed Feb 7 01:18:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 13547973 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C2EC6DDD5 for ; Wed, 7 Feb 2024 01:19:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268747; cv=none; b=R19ytxxUJPvOCfdyxGaqfl8A90N8Q3+f3CAx/vbXnfkPaCaV3qCJLYKvC7pGP37pXKR9eWUCmO+2ZiN2CYB8DnDUBmFFlLf7s3pu52EgKHUAlqZX5i5AOwqR6wUgYd5UHJBg8ajMULKojcXK5nRFEWpeI0S9EqThGuDXvU8cz4I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268747; c=relaxed/simple; bh=mncymzkQD0sxqMMAFIiUe9EF8JYqlrDLeGl45urf5/w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IZh9oodebK2e0C90YlTVm3+QB1Y6Xx4H4tH40SG4ayg1mosHfkra+pUlKEy3fBpVlcfcY+JHzRkYEigJLaACY4R/DXWg91S04sZcMlr3H/7hRk11wsSTb4zg/bkPl85Rm6wGrgFWHLphCFNVQ2Knyahp5C4Wo9X5pbByjnH5ypg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fwMcOu3b; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fwMcOu3b" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 11B35C43390; Wed, 7 Feb 2024 01:19:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707268747; bh=mncymzkQD0sxqMMAFIiUe9EF8JYqlrDLeGl45urf5/w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fwMcOu3bdH4CLkkGYoSt7DOuAzsoCuG9S4E+LJL0cOYKz4jKjE+N2FjWrABfOZgbF lD2oo9dEUBM6I5PiUrLqOKGYbw1lKcB1D3Z6Zn3Oj0DNfRVwv5G7Z+oPPGD47wOrHN 5PEsl1fXNAOVjC1+Nbz6xhC9INSDM86KioWXlCWkEgBEDNZjqEmz70hHMAxo8hIbdl anBwxG3z9uNNMOOS6+fe8hZ/jjkgNj83+0jTmvT/14xPZ4px6rjG18XHaMRL3/Cc0J klVeBRLn9LlPb9Vb1qBZYKL8jDKVun+7zAJBXPryq2NorNGHRV3SyVKoCsIIivmXlZ 9FNfTqazyPR0Q== From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, sd@queasysnail.net, vadim.fedorenko@linux.dev, Jakub Kicinski , borisp@nvidia.com, john.fastabend@gmail.com Subject: [PATCH net 5/7] net: tls: fix use-after-free with partial reads and async decrypt Date: Tue, 6 Feb 2024 17:18:22 -0800 Message-ID: <20240207011824.2609030-6-kuba@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207011824.2609030-1-kuba@kernel.org> References: <20240207011824.2609030-1-kuba@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Sabrina Dubroca tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb. Fixes: fd31f3996af2 ("tls: rx: decrypt into a fresh skb") Signed-off-by: Sabrina Dubroca Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman --- This is pretty much Sabrina's patch just addressing my own feedback, so I'm keeping her as the author. --- CC: borisp@nvidia.com CC: john.fastabend@gmail.com --- net/tls/tls_sw.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 63bef5666e36..a6eff21ade23 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -63,6 +63,7 @@ struct tls_decrypt_ctx { u8 iv[TLS_MAX_IV_SIZE]; u8 aad[TLS_MAX_AAD_SIZE]; u8 tail; + bool free_sgout; struct scatterlist sg[]; }; @@ -187,7 +188,6 @@ static void tls_decrypt_done(void *data, int err) struct aead_request *aead_req = data; struct crypto_aead *aead = crypto_aead_reqtfm(aead_req); struct scatterlist *sgout = aead_req->dst; - struct scatterlist *sgin = aead_req->src; struct tls_sw_context_rx *ctx; struct tls_decrypt_ctx *dctx; struct tls_context *tls_ctx; @@ -224,7 +224,7 @@ static void tls_decrypt_done(void *data, int err) } /* Free the destination pages if skb was not decrypted inplace */ - if (sgout != sgin) { + if (dctx->free_sgout) { /* Skip the first S/G entry as it points to AAD */ for_each_sg(sg_next(sgout), sg, UINT_MAX, pages) { if (!sg) @@ -1583,6 +1583,7 @@ static int tls_decrypt_sg(struct sock *sk, struct iov_iter *out_iov, } else if (out_sg) { memcpy(sgout, out_sg, n_sgout * sizeof(*sgout)); } + dctx->free_sgout = !!pages; /* Prepare and submit AEAD request */ err = tls_do_decryption(sk, sgin, sgout, dctx->iv, From patchwork Wed Feb 7 01:18:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 13547974 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63F65EAE5; Wed, 7 Feb 2024 01:19:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268748; cv=none; b=bud5KMOocDzSusdXEKaHsiEffm3bpyZX7KM8lannzu0fsQAXdwUckWSyeaBClwT7wdKRH6WHZraQCT3HGDcAH6CSCt83srOYeAXX9dCY3XFuNXCKFQhy5p55qrC/2xaTtUsKjXRtTDYz/pmjmyZ7kW5XA3kYFiYsiuLlsQ0QYg0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268748; c=relaxed/simple; bh=4zHvcNLO8nhN2HhFBDnOjS+sNUCpLa5Ivz+U4ynv3gQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sF9FjjeHs7pTdYGoNwEte4fbd9xbW6NM0dSe26AOWWw4ZZ2cVz54wCEdroGQpk/R1kbPWIK3FYX9EhCuQaUM1hjrplXOZCWly8JdZYeBTGYTPqJyuxEMKOGQptBnH7TSeP6Etv1yRKIzIma2n9NSrSDy+ax2rp1UhWrOQVXYKCA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VrXY3kvO; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VrXY3kvO" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 92025C433C7; Wed, 7 Feb 2024 01:19:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707268747; bh=4zHvcNLO8nhN2HhFBDnOjS+sNUCpLa5Ivz+U4ynv3gQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VrXY3kvOu5K/fiQ7s8upDC1Mt0fB+2wmxFNFLU8VJ+pWcItW8ta46wCavuCEETC81 RHza5cCOx9NK5whftsTr0NvcxDw+xjFeIOlif/un9cFTKlq/3FAtQkNRSY/fUxJoq4 TD3Rl9OSRdxzYd+iFgekKMwyFdA9oYOgJi2RdGPBE5ad7QJ+GnmaQRSVy/4dbquj0B Ux40A2lFs7moogMRm0ZWEPIy/KY1ScelQaWWGHie7vuO+yNxtt2Jj+ZCejjqwXaFmk FFUTuHU+4YXrQ783P/rNWSmLpEt1FAR/ErCxLGlhjQsGGjelP+Ed6VbfEkh+vgTs+l UECEQ6VJk104A== From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, sd@queasysnail.net, vadim.fedorenko@linux.dev, Jakub Kicinski , shuah@kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH net 6/7] selftests: tls: use exact comparison in recv_partial Date: Tue, 6 Feb 2024 17:18:23 -0800 Message-ID: <20240207011824.2609030-7-kuba@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207011824.2609030-1-kuba@kernel.org> References: <20240207011824.2609030-1-kuba@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This exact case was fail for async crypto and we weren't catching it. Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman --- CC: shuah@kernel.org CC: linux-kselftest@vger.kernel.org --- tools/testing/selftests/net/tls.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 7799e042a971..bc36c91c4480 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -1002,12 +1002,12 @@ TEST_F(tls, recv_partial) memset(recv_mem, 0, sizeof(recv_mem)); EXPECT_EQ(send(self->fd, test_str, send_len, 0), send_len); - EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_first), - MSG_WAITALL), -1); + EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_first), + MSG_WAITALL), strlen(test_str_first)); EXPECT_EQ(memcmp(test_str_first, recv_mem, strlen(test_str_first)), 0); memset(recv_mem, 0, sizeof(recv_mem)); - EXPECT_NE(recv(self->cfd, recv_mem, strlen(test_str_second), - MSG_WAITALL), -1); + EXPECT_EQ(recv(self->cfd, recv_mem, strlen(test_str_second), + MSG_WAITALL), strlen(test_str_second)); EXPECT_EQ(memcmp(test_str_second, recv_mem, strlen(test_str_second)), 0); } From patchwork Wed Feb 7 01:18:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 13547975 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D623FF515 for ; Wed, 7 Feb 2024 01:19:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268748; cv=none; b=Jud3K+Cy4MGLYs0r2pxqnYlXxXBvgFxFsJjMAQP/xSTX/GATFcCMxaJvSzwx93HsakBlKTUUBVkgC+PDuk3HUtvXaeFx3Y4TUIVAO/vH9KvKG4xe9MuDGzTNSUGi8oVBaqs4kx591GyAcFHcfsNr46bkk9zKEOcyYW9lEe6N+RI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707268748; c=relaxed/simple; bh=Hn7M+gCNHAwT2ZLvh6V2W8JdKJvn1FMCXXww+lcCBPs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=F2Tay1D3O7ryGh8hDQVh71KzMWipsz4rzkIg8OwXClARoowc7etRQgVFEDLL0j6P5YpxJQ4av+ClJYJw2JVN1prm5a0ha/WRGjxfSiBPnFn9mNtuA74fRRwhtN0Dmd28rmHZHKvtdVRh0ehWHJxdqGhglmvpkrSty1Y2DZFrX8A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TSrlzwp8; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TSrlzwp8" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C7B6C433A6; Wed, 7 Feb 2024 01:19:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707268748; bh=Hn7M+gCNHAwT2ZLvh6V2W8JdKJvn1FMCXXww+lcCBPs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TSrlzwp81LlIuW2kyh1tAdES3mSL4DPXkO81SigYYlBi6dnlJerdJ9LplI612y5nC rMQy2q4S1WS9vj8XPPUDoHzrwCLMBfqh5lg9hHvAHuqHkwU5TOTRrFOaVNdqdzQqO7 ogfTdGObKk3aYGu9mSVjTgtjJoZApWlbVGpa2VqcB/D8x+t2Is382D0jzxSkjACjuR CKqv4Uz6/dlGCN8OO9Dpbk6ahYKSfpF5cbAtDiXT5suBTs2PYB0seM/Hz3RaVdSJXN epc4M8ifOyuPRbSq1PAbsBhFK9uh1QRtwwYaP95TigBu92coBJvtEBV5vXaO07tjT3 XMKKVw88yI9MQ== From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, sd@queasysnail.net, vadim.fedorenko@linux.dev, Jakub Kicinski , borisp@nvidia.com, john.fastabend@gmail.com, horms@kernel.org Subject: [PATCH net 7/7] net: tls: fix returned read length with async decrypt Date: Tue, 6 Feb 2024 17:18:24 -0800 Message-ID: <20240207011824.2609030-8-kuba@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240207011824.2609030-1-kuba@kernel.org> References: <20240207011824.2609030-1-kuba@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org We double count async, non-zc rx data. The previous fix was lucky because if we fully zc async_copy_bytes is 0 so we add 0. Decrypted already has all the bytes we handled, in all cases. We don't have to adjust anything, delete the erroneous line. Fixes: 4d42cd6bc2ac ("tls: rx: fix return value for async crypto") Co-developed-by: Sabrina Dubroca Signed-off-by: Sabrina Dubroca Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman --- CC: borisp@nvidia.com CC: john.fastabend@gmail.com CC: horms@kernel.org --- net/tls/tls_sw.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index a6eff21ade23..9fbc70200cd0 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2132,7 +2132,6 @@ int tls_sw_recvmsg(struct sock *sk, else err = process_rx_list(ctx, msg, &control, 0, async_copy_bytes, is_peek); - decrypted += max(err, 0); } copied += decrypted;