lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190424200757.0978cbd2@cakuba.netronome.com>
Date:   Wed, 24 Apr 2019 20:07:57 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     John Fastabend <john.fastabend@...il.com>
Cc:     ast@...nel.org, daniel@...earbox.net, netdev@...r.kernel.org,
        bpf@...r.kernel.org
Subject: Re: [bpf PATCH 1/3] bpf: tls, implement unhash to avoid transition
 out of ESTABLISHED

On Wed, 24 Apr 2019 12:21:03 -0700, John Fastabend wrote:
> It is possible (via shutdown()) for TCP socks to go through TCP_CLOSE
> state via tcp_disconnect() without calling into close callback. This
> would allow a kTLS enabled socket to exist outside of ESTABLISHED
> state which is not supported.
> 
> Solve this the same way we solved the sock{map|hash} case by adding
> an unhash hook to remove tear down the TLS state.
> 
> In the process we also make the close hook more robust. We add a put
> call into the close path, also in the unhash path, to remove the
> reference to ulp data after free. Its no longer valid and may confuse
> things later if the socket (re)enters kTLS code paths. Second we add
> an 'if(ctx)' check to ensure the ctx is still valid and not released
> from a previous unhash/close path.
> 
> Fixes: d91c3e17f75f2 ("net/tls: Only attach to sockets in ESTABLISHED state")
> Reported-by: Eric Dumazet <edumazet@...gle.com>
> Signed-off-by: John Fastabend <john.fastabend@...il.com>

Ah, EDOESNTBUILD, now I get to nitpick too? :)

> diff --git a/include/net/tls.h b/include/net/tls.h
> index d9d0ac66f040..ae13ea19b375 100644
> --- a/include/net/tls.h
> +++ b/include/net/tls.h
> @@ -266,6 +266,8 @@ struct tls_context {
>  	void (*sk_write_space)(struct sock *sk);
>  	void (*sk_destruct)(struct sock *sk);
>  	void (*sk_proto_close)(struct sock *sk, long timeout);
> +	void (*sk_proto_unhash)(struct sock *sk);
> +	struct proto *sk_proto;
>  
>  	int  (*setsockopt)(struct sock *sk, int level,
>  			   int optname, char __user *optval,
> @@ -303,7 +305,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);
>  int tls_sw_sendpage(struct sock *sk, struct page *page,
>  		    int offset, size_t size, int flags);
>  void tls_sw_close(struct sock *sk, long timeout);
> -void tls_sw_free_resources_tx(struct sock *sk);
> +void tls_sw_free_resources_tx(struct sock *sk, bool locked);
>  void tls_sw_free_resources_rx(struct sock *sk);
>  void tls_sw_release_resources_rx(struct sock *sk);
>  int tls_sw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
> @@ -504,6 +506,16 @@ static inline void xor_iv_with_seq(int version, char *iv, char *seq)
>  	}
>  }
>  
> +static inline void tls_put_ctx(struct sock *sk)
> +{
> +	struct inet_connection_sock *icsk = inet_csk(sk);
> +	struct tls_context *ctx = icsk->icsk_ulp_data;
> +
> +	if (!ctx)
> +		return;
> +	sk->sk_prot = ctx->sk_proto;
> +	icsk->icsk_ulp_data = NULL;
> +}
>  
>  static inline struct tls_sw_context_rx *tls_sw_ctx_rx(
>  		const struct tls_context *tls_ctx)
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index 7e546b8ec000..2973048957bd 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -261,23 +261,16 @@ static void tls_ctx_free(struct tls_context *ctx)
>  	kfree(ctx);
>  }
>  
> -static void tls_sk_proto_close(struct sock *sk, long timeout)
> +static bool tls_sk_proto_destroy(struct sock *sk,
> +				 struct tls_context *ctx, bool destroy)

perhaps this destroy should rather be called locked?  It doesn't really
control destroying AFACT..

>  {
> -	struct tls_context *ctx = tls_get_ctx(sk);
>  	long timeo = sock_sndtimeo(sk, 0);
> -	void (*sk_proto_close)(struct sock *sk, long timeout);
> -	bool free_ctx = false;
> -
> -	lock_sock(sk);
> -	sk_proto_close = ctx->sk_proto_close;
>  
>  	if (ctx->tx_conf == TLS_HW_RECORD && ctx->rx_conf == TLS_HW_RECORD)
> -		goto skip_tx_cleanup;
> +		return false;
>  
> -	if (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE) {
> -		free_ctx = true;
> -		goto skip_tx_cleanup;
> -	}
> +	if (ctx->tx_conf == TLS_BASE && ctx->rx_conf == TLS_BASE)
> +		return true;
>  
>  	if (!tls_complete_pending_work(sk, ctx, 0, &timeo))
>  		tls_handle_open_record(sk, 0);
> @@ -286,10 +279,10 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
>  	if (ctx->tx_conf == TLS_SW) {
>  		kfree(ctx->tx.rec_seq);
>  		kfree(ctx->tx.iv);
> -		tls_sw_free_resources_tx(sk);
> +		tls_sw_free_resources_tx(sk, destroy);
>  #ifdef CONFIG_TLS_DEVICE
>  	} else if (ctx->tx_conf == TLS_HW) {
> -		tls_device_free_resources_tx(sk);
> +		tls_device_free_resources_tx(sk, destroy);

this part breaks the build tls_device_free_resources_tx() doesn't need
changes.  tls_device_offload_cleanup_rx() will though, cause it sleeps.

>  #endif
>  	}
>  
> @@ -310,8 +303,39 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
>  		tls_ctx_free(ctx);
>  		ctx = NULL;
>  	}
> +	return false;
> +}
> +
> +static void tls_sk_proto_unhash(struct sock *sk)
> +{
> +	struct tls_context *ctx = tls_get_ctx(sk);
> +	void (*sk_proto_unhash)(struct sock *sk);
> +	bool free_ctx;
> +
> +	if (!ctx)
> +		return sk->sk_prot->unhash(sk);
> +	sk_proto_unhash = ctx->sk_proto_unhash;
> +	free_ctx = tls_sk_proto_destroy(sk, ctx, false);
> +	tls_put_ctx(sk);
> +	if (sk_proto_unhash)
> +		sk_proto_unhash(sk);
> +	if (free_ctx)
> +		tls_ctx_free(ctx);
> +}
>  
> -skip_tx_cleanup:
> +static void tls_sk_proto_close(struct sock *sk, long timeout)
> +{
> +	struct tls_context *ctx = tls_get_ctx(sk);
> +	void (*sk_proto_close)(struct sock *sk, long timeout);

reverse xmas tree

> +	bool free_ctx;
> +
> +	if (!ctx)
> +		return sk->sk_prot->destroy(sk);
> +
> +	lock_sock(sk);
> +	sk_proto_close = ctx->sk_proto_close;
> +	free_ctx = tls_sk_proto_destroy(sk, ctx, true);
> +	tls_put_ctx(sk);
>  	release_sock(sk);
>  	sk_proto_close(sk, timeout);
>  	/* free ctx for TLS_HW_RECORD, used by tcp_set_state
> @@ -609,6 +633,8 @@ static struct tls_context *create_ctx(struct sock *sk)
>  	ctx->setsockopt = sk->sk_prot->setsockopt;
>  	ctx->getsockopt = sk->sk_prot->getsockopt;
>  	ctx->sk_proto_close = sk->sk_prot->close;
> +	ctx->sk_proto_unhash = sk->sk_prot->unhash;
> +	ctx->sk_proto = sk->sk_prot;
>  	return ctx;
>  }
>  
> @@ -732,6 +758,7 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
>  	prot[TLS_BASE][TLS_BASE].setsockopt	= tls_setsockopt;
>  	prot[TLS_BASE][TLS_BASE].getsockopt	= tls_getsockopt;
>  	prot[TLS_BASE][TLS_BASE].close		= tls_sk_proto_close;
> +	prot[TLS_BASE][TLS_BASE].unhash		= tls_sk_proto_unhash;
>  
>  	prot[TLS_SW][TLS_BASE] = prot[TLS_BASE][TLS_BASE];
>  	prot[TLS_SW][TLS_BASE].sendmsg		= tls_sw_sendmsg;
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
> index f780b473827b..0577633c319b 100644
> --- a/net/tls/tls_sw.c
> +++ b/net/tls/tls_sw.c
> @@ -2044,7 +2044,7 @@ static void tls_data_ready(struct sock *sk)
>  	}
>  }
>  
> -void tls_sw_free_resources_tx(struct sock *sk)
> +void tls_sw_free_resources_tx(struct sock *sk, bool locked)
>  {
>  	struct tls_context *tls_ctx = tls_get_ctx(sk);
>  	struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
> @@ -2055,9 +2055,11 @@ void tls_sw_free_resources_tx(struct sock *sk)
>  	if (atomic_read(&ctx->encrypt_pending))
>  		crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
>  
> -	release_sock(sk);
> +	if (locked)
> +		release_sock(sk);
>  	cancel_delayed_work_sync(&ctx->tx_work.work);
> -	lock_sock(sk);
> +	if (locked)
> +		lock_sock(sk);
>  
>  	/* Tx whatever records we can transmit and abandon the rest */
>  	tls_tx_records(sk, -1);
> @@ -2080,7 +2082,10 @@ void tls_sw_free_resources_tx(struct sock *sk)
>  		kfree(rec);
>  	}
>  
> -	crypto_free_aead(ctx->aead_send);
> +	if (ctx->aead_send) {
> +		crypto_free_aead(ctx->aead_send);
> +		ctx->aead_send = NULL;
> +	}
>  	tls_free_open_rec(sk);
>  
>  	kfree(ctx);
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ