From patchwork Mon Mar 25 10:32:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 1915508 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V38RS5l8xz1yWy for ; Mon, 25 Mar 2024 21:33:40 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rohdw-0000W5-DQ; Mon, 25 Mar 2024 10:33:28 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rohdd-0000L2-EM for kernel-team@lists.ubuntu.com; Mon, 25 Mar 2024 10:33:12 +0000 Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 745163F284 for ; Mon, 25 Mar 2024 10:33:08 +0000 (UTC) Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-33ec604d3b3so2628614f8f.1 for ; Mon, 25 Mar 2024 03:33:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711362788; x=1711967588; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NCisMCFDnLhVuzq/Mme7XY2v1AkAXi3NDjW9IqQpaGM=; b=hhdh5so7LAoccf+WZM9kdWN2Nbf0tFF+bZ7hlT9R4VJ5G2Tlu/rVyxwmmOEOW0sKiX 9f/cieUVG+DjeMip7G7eUJs7WkwtuHaiEsrRk2CVaeq9cPEbFlzAqiPAj3l3JFWMOKsl fd4PUX2qZnVC793MKH6gdOBo6rdv9p+NkV/YqeOS1wlbleD01XqGEShrR5Dxcjy7Bz7E HPExSo2upFWibt1xDX4ONR3gGSp4SoQyJgHMFHHjL2mCIGzVL5bb+yl1gVXssPRbQlqU 94B+0Nu7AuCb1mmyyj44crWK5x75EoBWw90ak1k6kHkNXiQMn0JD9ZEunMelBDU1PK3F 4ZZw== X-Gm-Message-State: AOJu0YwzB+OHPelWNPAITg/tqT55/U+7hECIEc4fmaVGePObzdLXH1nH mPjQbaLatsTtvablqWPDkfr5NFiWHBeqhRUr5VgJueh0SaPotvg88miwXJpz1cxCE8C/axAqKi1 8dF2TwIiWKw5p/SqDonMzXLJl/dmdDTihzKqF5H/nlxacvY2LbuM6VmF2eGlqGP/+jrpRzGpUee kdygCKrANomw== X-Received: by 2002:a5d:5603:0:b0:33e:a29d:9672 with SMTP id l3-20020a5d5603000000b0033ea29d9672mr4527099wrv.51.1711362788166; Mon, 25 Mar 2024 03:33:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFXXx69wlZZC28JFBhvBlloGQyDf+iaw4Ir0n0aGklcQHUkBLQEyrnCmRGATNRsjIkNXlw2HQ== X-Received: by 2002:a5d:5603:0:b0:33e:a29d:9672 with SMTP id l3-20020a5d5603000000b0033ea29d9672mr4527087wrv.51.1711362787872; Mon, 25 Mar 2024 03:33:07 -0700 (PDT) Received: from localhost ([81.221.247.52]) by smtp.gmail.com with ESMTPSA id s8-20020a5d69c8000000b0033e206a0a7asm9126698wrw.26.2024.03.25.03.33.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 03:33:07 -0700 (PDT) From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [SRU][M][PATCH 5/8] tls: fix race between tx work scheduling and socket close Date: Mon, 25 Mar 2024 11:32:57 +0100 Message-Id: <20240325103300.494141-6-juerg.haefliger@canonical.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20240325103300.494141-1-juerg.haefliger@canonical.com> References: <20240325103300.494141-1-juerg.haefliger@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Jakub Kicinski CVE-2024-26585 [ Upstream commit e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb ] Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do. Reported-by: valis Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption of records for performance") Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman Reviewed-by: Sabrina Dubroca Signed-off-by: David S. Miller Signed-off-by: Sasha Levin (cherry picked from commit 6db22d6c7a6dc914b12c0469b94eb639b6a8a146 linux-6.6.y) Signed-off-by: Juerg Haefliger --- net/tls/tls_sw.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index aaa97be47387..53f618e47907 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -447,7 +447,6 @@ static void tls_encrypt_done(void *data, int err) struct tls_rec *rec = data; struct scatterlist *sge; struct sk_msg *msg_en; - bool ready = false; struct sock *sk; msg_en = &rec->msg_encrypted; @@ -483,19 +482,16 @@ static void tls_encrypt_done(void *data, int err) /* If received record is at head of tx_list, schedule tx */ first_rec = list_first_entry(&ctx->tx_list, struct tls_rec, list); - if (rec == first_rec) - ready = true; + if (rec == first_rec) { + /* Schedule the transmission */ + if (!test_and_set_bit(BIT_TX_SCHEDULED, + &ctx->tx_bitmask)) + schedule_delayed_work(&ctx->tx_work.work, 1); + } } if (atomic_dec_and_test(&ctx->encrypt_pending)) complete(&ctx->async_wait.completion); - - if (!ready) - return; - - /* Schedule the transmission */ - if (!test_and_set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) - schedule_delayed_work(&ctx->tx_work.work, 1); } static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx)