Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1678683pxu; Sun, 6 Dec 2020 03:47:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJxLqP1H/fkbJEoH89U2yjg1T+S1v5slEXvkeytL4ySKeKKXDi2ol5rkEfbKiYUG3z241+MA X-Received: by 2002:a17:906:38c8:: with SMTP id r8mr15184245ejd.39.1607255279226; Sun, 06 Dec 2020 03:47:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607255279; cv=none; d=google.com; s=arc-20160816; b=jqPNDNQ+/DhjN5JcnNAUKCmzIEX2J2WBFWwDWFpP7hAAk8qU+rPRa7yh2tqETSEzzt 8kXRByOUZxnePLnwWDy7asbBGy/dzoxPKWwlBkcNXouzZ1nhJ4vz5t30YDZDprJUn6t7 Be3o/xe78Q8yQANhba07pu1RAvlX4DOR4xRdOOtQVh5oKUYgjJBJLt+akofUMTUqR1+E 88dzgodwmEGbu3IeollXcZ7yydq3gcAaiv2DwQ32D7yE7ieoOOvZJxJeNV+8Lnax2Yix b+2pF6aljqmXyFcKXFqDKYE2pjrSh9pg5TNMpDVIP65jyFtcsvL8piA6fDhIcqfrBXcq MmWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=On8q3g9fkAOD9pKaZ31iNDE91GQIHS9YTllE+5c3evM=; b=qCtvXVENb1z8IXAxYxfClf59XnYi02ylFsTpFxbsPEDCUrnc7lli9NNrrcYUGRkmR9 8XOB/fW15m4vJCnWsK0WEzLuBkWrglOdyzSR5zwqYWf6a00/iSBFv79kHZFKO/nvpWUT jmYw5GcgyDJAPf0H37yYSycdA8RsVmzXy+LjfbF4uMbuH8nN9LmN3PSIAMYdyi+sLz1i pTnmg1vjyleFB/s/CRrYyxYQmdF160SUogpsufCSDNe1kkqmRiLEJsfb6C8zKANlT67J 8rJ/qJaky0+i5BgKVEvxJDEbAWkpYY/eXdau0YTjiMqbqRbjEScd7IEqXnhP/K4if3PX 0Gkw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a13si6638734edq.317.2020.12.06.03.47.36; Sun, 06 Dec 2020 03:47:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729141AbgLFLqE (ORCPT + 99 others); Sun, 6 Dec 2020 06:46:04 -0500 Received: from mail.kernel.org ([198.145.29.99]:46284 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728854AbgLFLqB (ORCPT ); Sun, 6 Dec 2020 06:46:01 -0500 From: Greg Kroah-Hartman Authentication-Results: mail.kernel.org; dkim=permerror (bad message/signature format) To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Maxim Mikityanskiy , Saeed Mahameed , Jakub Kicinski Subject: [PATCH 5.9 07/46] net/tls: Protect from calling tls_dev_del for TLS RX twice Date: Sun, 6 Dec 2020 12:17:15 +0100 Message-Id: <20201206111556.806726701@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201206111556.455533723@linuxfoundation.org> References: <20201206111556.455533723@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Maxim Mikityanskiy [ Upstream commit 025cc2fb6a4e84e9a0552c0017dcd1c24b7ac7da ] tls_device_offload_cleanup_rx doesn't clear tls_ctx->netdev after calling tls_dev_del if TLX TX offload is also enabled. Clearing tls_ctx->netdev gets postponed until tls_device_gc_task. It leaves a time frame when tls_device_down may get called and call tls_dev_del for RX one extra time, confusing the driver, which may lead to a crash. This patch corrects this racy behavior by adding a flag to prevent tls_device_down from calling tls_dev_del the second time. Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure") Signed-off-by: Maxim Mikityanskiy Signed-off-by: Saeed Mahameed Link: https://lore.kernel.org/r/20201125221810.69870-1-saeedm@nvidia.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- include/net/tls.h | 6 ++++++ net/tls/tls_device.c | 5 ++++- 2 files changed, 10 insertions(+), 1 deletion(-) --- a/include/net/tls.h +++ b/include/net/tls.h @@ -199,6 +199,12 @@ enum tls_context_flags { * to be atomic. */ TLS_TX_SYNC_SCHED = 1, + /* tls_dev_del was called for the RX side, device state was released, + * but tls_ctx->netdev might still be kept, because TX-side driver + * resources might not be released yet. Used to prevent the second + * tls_dev_del call in tls_device_down if it happens simultaneously. + */ + TLS_RX_DEV_CLOSED = 2, }; struct cipher_context { --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -1262,6 +1262,8 @@ void tls_device_offload_cleanup_rx(struc if (tls_ctx->tx_conf != TLS_HW) { dev_put(netdev); tls_ctx->netdev = NULL; + } else { + set_bit(TLS_RX_DEV_CLOSED, &tls_ctx->flags); } out: up_read(&device_offload_lock); @@ -1291,7 +1293,8 @@ static int tls_device_down(struct net_de if (ctx->tx_conf == TLS_HW) netdev->tlsdev_ops->tls_dev_del(netdev, ctx, TLS_OFFLOAD_CTX_DIR_TX); - if (ctx->rx_conf == TLS_HW) + if (ctx->rx_conf == TLS_HW && + !test_bit(TLS_RX_DEV_CLOSED, &ctx->flags)) netdev->tlsdev_ops->tls_dev_del(netdev, ctx, TLS_OFFLOAD_CTX_DIR_RX); WRITE_ONCE(ctx->netdev, NULL);