netdev - Re: [PATCH net 1/2] net: tls: explicitly disallow disconnect

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <e0ea9f710fde34bdce42515f8c68722015403ab9@linux.dev>
Date: Tue, 15 Apr 2025 03:16:25 +0000
From: "Ihor Solodrai" <ihor.solodrai@...ux.dev>
To: "Jakub Kicinski" <kuba@...nel.org>, davem@...emloft.net
Cc: netdev@...r.kernel.org, edumazet@...gle.com, pabeni@...hat.com,
 andrew+netdev@...n.ch, horms@...nel.org, borisp@...dia.com,
 john.fastabend@...il.com, sd@...asysnail.net, "Jakub Kicinski"
 <kuba@...nel.org>, syzbot+b4cd76826045a1eb93c1@...kaller.appspotmail.com,
 bpf@...r.kernel.org, jiayuan.chen@...ux.dev, "Alexei Starovoitov"
 <ast@...nel.org>
Subject: Re: [PATCH net 1/2] net: tls: explicitly disallow disconnect

On 4/4/25 11:03 AM, Jakub Kicinski wrote:
> syzbot discovered that it can disconnect a TLS socket and then
> run into all sort of unexpected corner cases. I have a vague
> recollection of Eric pointing this out to us a long time ago.
> Supporting disconnect is really hard, for one thing if offload
> is enabled we'd need to wait for all packets to be _acked_.
> Disconnect is not commonly used, disallow it.
>
> The immediate problem syzbot run into is the warning in the strp,
> but that's just the easiest bug to trigger:
>
>   WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486
>   RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486
>   Call Trace:
>    <TASK>
>    tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363
>    tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043
>    inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678
>    sock_recvmsg_nosec net/socket.c:1023 [inline]
>    sock_recvmsg+0x109/0x280 net/socket.c:1045
>    __sys_recvfrom+0x202/0x380 net/socket.c:2237
>
> Fixes: 3c4d7559159b ("tls: kernel TLS support")
> Reported-by: syzbot+b4cd76826045a1eb93c1@...kaller.appspotmail.com
> Signed-off-by: Jakub Kicinski <kuba@...nel.org>

Hi everyone.

This patch has broken a BPF selftest and as a result BPF CI:
* https://github.com/kernel-patches/bpf/actions/runs/14458537639
* https://github.com/kernel-patches/bpf/actions/runs/14457178732

The test in question is test_sockmap_ktls_disconnect_after_delete
(tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c) [1].

Since the test is about disconnect use-case, and the patch disallows
it, I assume it's appropriate to simply remove the test?

Please let me know. Thanks.

[1] https://web.git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/tree/tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c#n28

> ---
>  net/tls/tls_main.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index cb86b0bf9a53..a3ccb3135e51 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -852,6 +852,11 @@ static int tls_setsockopt(struct sock *sk, int level, int optname,
>  	return do_tls_setsockopt(sk, optname, optval, optlen);
>  }
>  
> +static int tls_disconnect(struct sock *sk, int flags)
> +{
> +	return -EOPNOTSUPP;
> +}
> +
>  struct tls_context *tls_ctx_create(struct sock *sk)
>  {
>  	struct inet_connection_sock *icsk = inet_csk(sk);
> @@ -947,6 +952,7 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
>  	prot[TLS_BASE][TLS_BASE] = *base;
>  	prot[TLS_BASE][TLS_BASE].setsockopt	= tls_setsockopt;
>  	prot[TLS_BASE][TLS_BASE].getsockopt	= tls_getsockopt;
> +	prot[TLS_BASE][TLS_BASE].disconnect	= tls_disconnect;
>  	prot[TLS_BASE][TLS_BASE].close		= tls_sk_proto_close;
>  
>  	prot[TLS_SW][TLS_BASE] = prot[TLS_BASE][TLS_BASE];