Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1423658ybl; Tue, 13 Aug 2019 12:18:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqyGSmeeqvJ57J7fFRv/7NRJ8cJYj6zVSv9jSz3DnpTgZT4MGoqbAeyImpLPNOZPROXffltb X-Received: by 2002:a62:5883:: with SMTP id m125mr42272996pfb.248.1565723923821; Tue, 13 Aug 2019 12:18:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565723923; cv=none; d=google.com; s=arc-20160816; b=kcG4V0IhFPYz/vya8PxR0/SPluY/E4SyXDnwS4/FnZuRiovpLYbNSR+e9eIQKEJqhV W0KDoSFAx0vHDnRqrZLW4T/R5/nIiAZD+/+l0AU5BB7akEQVfaVyhVO48Wyd0+so9DKT B9EzDoPncwUZ1+TXbA+B5Ek6E4/NFrvSQK2Ar3kAWrTIMIt5s+btPo9NNx36WWRMLx84 rGi1Lhvxad0CvcZ17zHJvADn9nnnQaMJYAMbzpMw5c4Dn3TQLu/2mlBttrHCYDT2sqtL WnOGlweLqQRC5/iKsKfgy6OSJ56CaQpnHOpykbuupbbG1EyuwK/uuTnHf6I2eaTM1aaD qEIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=hWnpwsctAkFfJ/Y7Dx2168l4gTaV9/DNkw70UP5BSgg=; b=kh8r7X2Dt9Xmb6PzLmhex0+tKX4ehzu/RUs3LyWok2MIS9L1CW55/QrZoExGWyq+cL FVXfbPLw+6ik0qTM3daFPf4jisV/E5ITkMPM8isVdNqdgrMHYXxcqrg2WsgEw7VrnZ3t iXMBWCAYEgbWg5CJ00JUz1K57kzLQnDhYFoWhpE7jpRP2BEWHuq/nmmbSCLpNgd6jGiV BHEsjjdMJXgNVfKVA97Hoc5h91wHhdOnp8Lge/MRi0GNZpmhTxUErDOX6cKwb1RgkVy9 9XBeRHK7/+QamfdOwzw+WMwEXqZzAXHmjkfu/xzGfNcSAcpucoCvKrm+NjVf0z6FvcAs XPgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=e3XYEfdK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x18si62469179plm.292.2019.08.13.12.18.27; Tue, 13 Aug 2019 12:18:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@netronome-com.20150623.gappssmtp.com header.s=20150623 header.b=e3XYEfdK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725944AbfHMTAB (ORCPT + 99 others); Tue, 13 Aug 2019 15:00:01 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:36203 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726126AbfHMTAA (ORCPT ); Tue, 13 Aug 2019 15:00:00 -0400 Received: by mail-qt1-f194.google.com with SMTP id z4so107526192qtc.3 for ; Tue, 13 Aug 2019 12:00:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :organization:mime-version:content-transfer-encoding; bh=hWnpwsctAkFfJ/Y7Dx2168l4gTaV9/DNkw70UP5BSgg=; b=e3XYEfdK4qDqWEnJOy0jPQS2R+UFWXoFCTPxaoXbWHwcOV21V6gfctNchibdH84Coc Viw1Qgk6JAbr5WFBDmEHsrg9pscOS3cbZQpuCZMSZRAzObO4nRVdK6PpWy83VAQNVEeu g5NR0Ap9osg/313yfIg4rUfyp4j3C6Y2CJtUJgQdWl1ETgTXLt9QyQa0hZa3wwH5Sh2L p0sRusV1zNDElhXu6jqG2CswSE3ekDPJdpTak81BW4MdktcRCrQENpeiruIRr1WLbmI0 X3+LbO2l+XzNSAfdO7WindmzMkCUkduFIWtZX0kXYo1cQtw5A+tainNkPP1v2W3vay0X ULpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:organization:mime-version:content-transfer-encoding; bh=hWnpwsctAkFfJ/Y7Dx2168l4gTaV9/DNkw70UP5BSgg=; b=dIoNp3AJhaYXeVemY40khmVtpCHs0xQkvC02dKmy9JT0JgA8mtpreUnyGR4Zv7xAlW Ndc2oISeiPbEe0tAc1xW4UVRnPJAvBvU3xY3IafTyL/chAS4zWf7g2c15lGI1+0CuijE Ir3+VXU2rDYYZetfimjKl1xBw9z6YMnrnwUXE7j8Gj8EcjC5vfgiUOi6jcAzVJ7SG/j/ z1Vhhn2b4bywXxiSfYi0RbLmNXsyQ0t75DnIEugZIdPPta8dReq9x0sVJ6FEXZ+HQZmx ZbQdJTPkcjAQBzSRLcq5uEziCn0ByBQiml0ybb54hnJBFlzqU0rFpdd7VQaXK1vNbPAz 3FAQ== X-Gm-Message-State: APjAAAWV1feJfMfbmMITpy/eDfNdKHipzFVPedD44tQNt7GgBpQuv5uQ 8ls8YtqVpPbdf2ta9Yrihb0UTw== X-Received: by 2002:ad4:4373:: with SMTP id u19mr3060qvt.202.1565722799686; Tue, 13 Aug 2019 11:59:59 -0700 (PDT) Received: from cakuba.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id i5sm4773269qti.0.2019.08.13.11.59.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 13 Aug 2019 11:59:59 -0700 (PDT) Date: Tue, 13 Aug 2019 11:59:48 -0700 From: Jakub Kicinski To: John Fastabend Cc: Hillf Danton , syzbot , aviadye@mellanox.com, borisp@mellanox.com, daniel@iogearbox.net, davejwatson@fb.com, davem@davemloft.net, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, oss-drivers@netronome.com, syzkaller-bugs@googlegroups.com, willemb@google.com Subject: Re: general protection fault in tls_write_space Message-ID: <20190813115948.5f57b272@cakuba.netronome.com> In-Reply-To: <5d5301a82578_268d2b12c8efa5b470@john-XPS-13-9370.notmuch> References: <000000000000f5d619058faea744@google.com> <20190810135900.2820-1-hdanton@sina.com> <5d52f09299e91_40c72adb748b25c0d3@john-XPS-13-9370.notmuch> <20190813102705.1f312b67@cakuba.netronome.com> <5d5301a82578_268d2b12c8efa5b470@john-XPS-13-9370.notmuch> Organization: Netronome Systems, Ltd. MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 13 Aug 2019 11:30:00 -0700, John Fastabend wrote: > Jakub Kicinski wrote: > > On Tue, 13 Aug 2019 10:17:06 -0700, John Fastabend wrote: > > > > Followup of commit 95fa145479fb > > > > ("bpf: sockmap/tls, close can race with map free") > > > > > > > > --- a/net/tls/tls_main.c > > > > +++ b/net/tls/tls_main.c > > > > @@ -308,6 +308,9 @@ static void tls_sk_proto_close(struct so > > > > if (free_ctx) > > > > icsk->icsk_ulp_data = NULL; > > > > sk->sk_prot = ctx->sk_proto; > > > > + /* tls will go; restore sock callback before enabling bh */ > > > > + if (sk->sk_write_space == tls_write_space) > > > > + sk->sk_write_space = ctx->sk_write_space; > > > > write_unlock_bh(&sk->sk_callback_lock); > > > > release_sock(sk); > > > > if (ctx->tx_conf == TLS_SW) > > > > > > Hi Hillf, > > > > > > We need this patch (although slightly updated for bpf tree) do > > > you want to send it? Otherwise I can. We should only set this if > > > TX path was enabled otherwise we null it. Checking against > > > tls_write_space seems best to me as well. > > > > > > Against bpf this patch should fix it. > > > > > > diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c > > > index ce6ef56a65ef..43252a801c3f 100644 > > > --- a/net/tls/tls_main.c > > > +++ b/net/tls/tls_main.c > > > @@ -308,7 +308,8 @@ static void tls_sk_proto_close(struct sock *sk, long timeout) > > > if (free_ctx) > > > icsk->icsk_ulp_data = NULL; > > > sk->sk_prot = ctx->sk_proto; > > > - sk->sk_write_space = ctx->sk_write_space; > > > + if (sk->sk_write_space == tls_write_space) > > > + sk->sk_write_space = ctx->sk_write_space; > > > write_unlock_bh(&sk->sk_callback_lock); > > > release_sock(sk); > > > if (ctx->tx_conf == TLS_SW) > > > > This is already in net since Friday: > > Don't we need to guard that with an > > if (sk->sk_write_space == tls_write_space) > > or something similar? Where is ctx->sk_write_space set in the rx only > case? In do_tls_setsockop_conf() we have this block > > if (tx) { > ctx->sk_write_space = sk->sk_write_space; > sk->sk_write_space = tls_write_space; > } else { > sk->sk_socket->ops = &tls_sw_proto_ops; > } > > which makes me think ctx->sk_write_space may not be set correctly in > all cases. Ah damn, you're right I remember looking at that but then I went down the rabbit hole of trying to repro and forgot :/ Do you want to send an incremental change?