]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
net/tls: free ctx in sock destruct
authorAtul Gupta <atul.gupta@chelsio.com>
Fri, 18 Jan 2019 04:56:21 +0000 (20:56 -0800)
committerDavid S. Miller <davem@davemloft.net>
Tue, 22 Jan 2019 19:30:54 +0000 (11:30 -0800)
free tls context in sock destruct. close may not be the last
call to free sock but force releasing the ctx in close
will result in GPF when ctx referred again in tcp_done

[  515.330477] general protection fault: 0000 [#1] SMP PTI
[  515.330539] CPU: 5 PID: 0 Comm: swapper/5 Not tainted 4.20.0-rc7+ #10
[  515.330657] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0b
11/07/2013
[  515.330844] RIP: 0010:tls_hw_unhash+0xbf/0xd0
[
[  515.332220] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  515.332340] CR2: 00007fab32c55000 CR3: 000000009261e000 CR4:
00000000000006e0
[  515.332519] Call Trace:
[  515.332632]  <IRQ>
[  515.332793]  tcp_set_state+0x5a/0x190
[  515.332907]  ? tcp_update_metrics+0xe3/0x350
[  515.333023]  tcp_done+0x31/0xd0
[  515.333130]  tcp_rcv_state_process+0xc27/0x111a
[  515.333242]  ? __lock_is_held+0x4f/0x90
[  515.333350]  ? tcp_v4_do_rcv+0xaf/0x1e0
[  515.333456]  tcp_v4_do_rcv+0xaf/0x1e0

Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/crypto/chelsio/chtls/chtls_cm.c
net/tls/tls_main.c

index 59b75299fcbca290777299b97de2ce51071a2640..2e11b0d6a9bbdc0634d5f13fbdaf3034435ed18b 100644 (file)
@@ -24,6 +24,7 @@
 #include <net/inet_common.h>
 #include <net/tcp.h>
 #include <net/dst.h>
+#include <net/tls.h>
 
 #include "chtls.h"
 #include "chtls_cm.h"
@@ -1015,6 +1016,7 @@ static struct sock *chtls_recv_sock(struct sock *lsk,
 {
        struct inet_sock *newinet;
        const struct iphdr *iph;
+       struct tls_context *ctx;
        struct net_device *ndev;
        struct chtls_sock *csk;
        struct dst_entry *dst;
@@ -1063,6 +1065,8 @@ static struct sock *chtls_recv_sock(struct sock *lsk,
 
        oreq->ts_recent = PASS_OPEN_TID_G(ntohl(req->tos_stid));
        sk_setup_caps(newsk, dst);
+       ctx = tls_get_ctx(lsk);
+       newsk->sk_destruct = ctx->sk_destruct;
        csk->sk = newsk;
        csk->passive_reap_next = oreq;
        csk->tx_chan = cxgb4_port_chan(ndev);
index fc97a105ebc21cf904bd0fbc65660b4e74db9a66..d36d095cbcf02557d7daa03e1f097551c60ca432 100644 (file)
@@ -266,8 +266,10 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
        lock_sock(sk);
        sk_proto_close = ctx->sk_proto_close;
 
-       if ((ctx->tx_conf == TLS_HW_RECORD && ctx->rx_conf == TLS_HW_RECORD) ||
-           (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE)) {
+       if (ctx->tx_conf == TLS_HW_RECORD && ctx->rx_conf == TLS_HW_RECORD)
+               goto skip_tx_cleanup;
+
+       if (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE) {
                free_ctx = true;
                goto skip_tx_cleanup;
        }
@@ -579,6 +581,17 @@ static void tls_build_proto(struct sock *sk)
        }
 }
 
+static void tls_hw_sk_destruct(struct sock *sk)
+{
+       struct tls_context *ctx = tls_get_ctx(sk);
+       struct inet_connection_sock *icsk = inet_csk(sk);
+
+       ctx->sk_destruct(sk);
+       /* Free ctx */
+       kfree(ctx);
+       icsk->icsk_ulp_data = NULL;
+}
+
 static int tls_hw_prot(struct sock *sk)
 {
        struct tls_context *ctx;
@@ -597,6 +610,8 @@ static int tls_hw_prot(struct sock *sk)
                        ctx->hash = sk->sk_prot->hash;
                        ctx->unhash = sk->sk_prot->unhash;
                        ctx->sk_proto_close = sk->sk_prot->close;
+                       ctx->sk_destruct = sk->sk_destruct;
+                       sk->sk_destruct = tls_hw_sk_destruct;
                        ctx->rx_conf = TLS_HW_RECORD;
                        ctx->tx_conf = TLS_HW_RECORD;
                        update_sk_prot(sk, ctx);