lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5e4cd422daa81_404b2ac01efba5b4c8@john-XPS-13-9370.notmuch>
Date:   Tue, 18 Feb 2020 22:22:26 -0800
From:   John Fastabend <john.fastabend@...il.com>
To:     Jakub Sitnicki <jakub@...udflare.com>, bpf@...r.kernel.org
Cc:     netdev@...r.kernel.org, kernel-team@...udflare.com,
        Daniel Borkmann <daniel@...earbox.net>,
        John Fastabend <john.fastabend@...il.com>
Subject: RE: [PATCH bpf-next 3/3] selftests/bpf: Test unhashing kTLS socket
 after removing from map

Jakub Sitnicki wrote:
> When a TCP socket gets inserted into a sockmap, its sk_prot callbacks get
> replaced with tcp_bpf callbacks built from regular tcp callbacks. If TLS
> gets enabled on the same socket, sk_prot callbacks get replaced once again,
> this time with kTLS callbacks built from tcp_bpf callbacks.
> 
> Now, we allow removing a socket from a sockmap that has kTLS enabled. After
> removal, socket remains with kTLS configured. This is where things things
> get tricky.
> 
> Since the socket has a set of sk_prot callbacks that are a mix of kTLS and
> tcp_bpf callbacks, we need to restore just the tcp_bpf callbacks to the
> original ones. At the moment, it comes down to the the unhash operation.
> 
> We had a regression recently because tcp_bpf callbacks were not cleared in
> this particular scenario of removing a kTLS socket from a sockmap. It got
> fixed in commit 4da6a196f93b ("bpf: Sockmap/tls, during free we may call
> tcp_bpf_unhash() in loop").
> 
> Add a test that triggers the regression so that we don't reintroduce it in
> the future.
> 
> Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
> ---
>  .../selftests/bpf/prog_tests/sockmap_ktls.c   | 123 ++++++++++++++++++
>  1 file changed, 123 insertions(+)
>  create mode 100644 tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c
> 

I'll push the patches I have on my stack to run some more of the
sockmap tests with ktls this week as well to get our coverage up.

Acked-by: John Fastabend <john.fastabend@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ