| Message ID | 156165697019.32598.7171757081688035707.stgit@john-XPS-13-9370 |
|---|---|
| Headers | show |
| Series | tls, add unhash callback | expand |
John Fastabend wrote: > Resolve a series of splats discovered by syzbot and noted by > Eric Dumazet. The primary problem here is we resolved an issue on > the BPF sockmap side by adding an unhash callback. This is > required to ensure sockmap sockets do not transition out of > ESTABLISHED state into a LISTEN state. When we did this it > created a case where the interaction between callbacks in TLS > and sockmap when used together could break. This resulted in > leaking TLS memory and potential to build loops of callbacks > where sockmap called into TLS and TLS called back into BPF. > > Additionally, TLS was releasing the sock lock and then > reaquiring it during the tear down process which could hang > if another sock operation happened while the lock was not > held. > > To fix this first refactor TLS code so lock is held for the > entire teardown operation. Then add an unhash callback to ensure > TLS can not transition from ESTABLISHED to LISTEN state. This > transition is a similar bug to the one found and fixed previously > in sockmap. And cleans up the callbacks to fix the syzbot > errors. > > --- > Jakub, If you could test this for the offload case that would be helpful. I don't have any hardware here. We will still need a few fixes in the unhash/hardware case but would be good to know we don't cause any regressions here. Thanks, John
Resolve a series of splats discovered by syzbot and noted by Eric Dumazet. The primary problem here is we resolved an issue on the BPF sockmap side by adding an unhash callback. This is required to ensure sockmap sockets do not transition out of ESTABLISHED state into a LISTEN state. When we did this it created a case where the interaction between callbacks in TLS and sockmap when used together could break. This resulted in leaking TLS memory and potential to build loops of callbacks where sockmap called into TLS and TLS called back into BPF. Additionally, TLS was releasing the sock lock and then reaquiring it during the tear down process which could hang if another sock operation happened while the lock was not held. To fix this first refactor TLS code so lock is held for the entire teardown operation. Then add an unhash callback to ensure TLS can not transition from ESTABLISHED to LISTEN state. This transition is a similar bug to the one found and fixed previously in sockmap. And cleans up the callbacks to fix the syzbot errors. --- John Fastabend (2): tls: remove close callback sock unlock/lock and flush_sync bpf: tls, implement unhash to avoid transition out of ESTABLISHED include/net/tls.h | 6 ++- net/tls/tls_main.c | 96 ++++++++++++++++++++++++++++++++++++---------------- net/tls/tls_sw.c | 50 ++++++++++++++++++--------- 3 files changed, 103 insertions(+), 49 deletions(-) -- Signature