net: tls, fix sk_write_space NULL write when tx disabled

[ Upstream commit d85f01775850a35eae47a0090839baf510c1ef12 ]

The ctx->sk_write_space pointer is only set when TLS tx mode is enabled.
When running without TX mode its a null pointer but we still set the
sk sk_write_space pointer on close().

Fix the close path to only overwrite sk->sk_write_space when the current
pointer is to the tls_write_space function indicating the tls module should
clean it up properly as well.

Reported-by: Hillf Danton <hdanton@sina.com>
Cc: Ying Xue <ying.xue@windriver.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Fixes: 57c722e932cfb ("net/tls: swap sk_write_space on close")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index f636aff11d51e53d03c5e9f34e3903dc0127a4f0..3288bdff9889457bf9c9caf5de6226c4ecd5a105 100644 (file)
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -301,7 +301,8 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
 #else
        {
 #endif
-               sk->sk_write_space = ctx->sk_write_space;
+               if (sk->sk_write_space == tls_write_space)
+                       sk->sk_write_space = ctx->sk_write_space;
                tls_ctx_free(ctx);
                ctx = NULL;
        }