| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3e3tptbbmznkwhmvgrtbi7jtybxchqoes32i5ddyk2qa5i2lfv@zsxx7x6sbytd>
Date: Wed, 6 Nov 2024 09:15:28 +0100
From: Stefano Garzarella <sgarzare@...hat.com>
To: zijianzhang@...edance.com
Cc: bpf@...r.kernel.org, martin.lau@...ux.dev, borisp@...dia.com,
john.fastabend@...il.com, kuba@...nel.org, davem@...emloft.net, edumazet@...gle.com,
pabeni@...hat.com, horms@...nel.org, mst@...hat.com, bobby.eshleman@...edance.com,
jakub@...udflare.com, andrii@...nel.org, cong.wang@...edance.com,
jiang.wang@...edance.com, netdev@...r.kernel.org, Stanislav Fomichev <sdf@...ichev.me>
Subject: Re: [PATCH v3 bpf] bpf: Add sk_is_inet and IS_ICSK check in
tls_sw_has_ctx_tx/rx
On Wed, Nov 06, 2024 at 12:37:42AM +0000, zijianzhang@...edance.com wrote:
>From: Zijian Zhang <zijianzhang@...edance.com>
>
>As the introduction of the support for vsock and unix sockets in sockmap,
>tls_sw_has_ctx_tx/rx cannot presume the socket passed in must be IS_ICSK.
>vsock and af_unix sockets have vsock_sock and unix_sock instead of
>inet_connection_sock. For these sockets, tls_get_ctx may return an invalid
>pointer and cause page fault in function tls_sw_ctx_rx.
>
>BUG: unable to handle page fault for address: 0000000000040030
>Workqueue: vsock-loopback vsock_loopback_work
>RIP: 0010:sk_psock_strp_data_ready+0x23/0x60
>Call Trace:
> ? __die+0x81/0xc3
> ? no_context+0x194/0x350
> ? do_page_fault+0x30/0x110
> ? async_page_fault+0x3e/0x50
> ? sk_psock_strp_data_ready+0x23/0x60
> virtio_transport_recv_pkt+0x750/0x800
> ? update_load_avg+0x7e/0x620
> vsock_loopback_work+0xd0/0x100
> process_one_work+0x1a7/0x360
> worker_thread+0x30/0x390
> ? create_worker+0x1a0/0x1a0
> kthread+0x112/0x130
> ? __kthread_cancel_work+0x40/0x40
> ret_from_fork+0x1f/0x40
>
>v2:
> - Add IS_ICSK check
>v3:
> - Update the commits in Fixes
>
>Fixes: 634f1a7110b4 ("vsock: support sockmap")
>Fixes: 94531cfcbe79 ("af_unix: Add unix_stream_proto for sockmap")
>
>Signed-off-by: Zijian Zhang <zijianzhang@...edance.com>
>Acked-by: Stanislav Fomichev <sdf@...ichev.me>
>Acked-by: Jakub Kicinski <kuba@...nel.org>
>Reviewed-by: Cong Wang <cong.wang@...edance.com>
>---
> include/net/tls.h | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
For the vsock point of view LGTM:
Acked-by: Stefano Garzarella <sgarzare@...hat.com>
Thanks,
Stefano
>
>diff --git a/include/net/tls.h b/include/net/tls.h
>index 3a33924db2bc..61fef2880114 100644
>--- a/include/net/tls.h
>+++ b/include/net/tls.h
>@@ -390,8 +390,12 @@ tls_offload_ctx_tx(const struct tls_context *tls_ctx)
>
> static inline bool tls_sw_has_ctx_tx(const struct sock *sk)
> {
>- struct tls_context *ctx = tls_get_ctx(sk);
>+ struct tls_context *ctx;
>+
>+ if (!sk_is_inet(sk) || !inet_test_bit(IS_ICSK, sk))
>+ return false;
>
>+ ctx = tls_get_ctx(sk);
> if (!ctx)
> return false;
> return !!tls_sw_ctx_tx(ctx);
>@@ -399,8 +403,12 @@ static inline bool tls_sw_has_ctx_tx(const struct sock *sk)
>
> static inline bool tls_sw_has_ctx_rx(const struct sock *sk)
> {
>- struct tls_context *ctx = tls_get_ctx(sk);
>+ struct tls_context *ctx;
>+
>+ if (!sk_is_inet(sk) || !inet_test_bit(IS_ICSK, sk))
>+ return false;
>
>+ ctx = tls_get_ctx(sk);
> if (!ctx)
> return false;
> return !!tls_sw_ctx_rx(ctx);
>--
>2.20.1
>
Powered by blists - more mailing lists