Re: [bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

On Wed, 22 May 2019 14:57:33 -0700, John Fastabend wrote: > Jakub Kicinski wrote: > > On Thu, 09 May 2019 21:57:49 -0700, John Fastabend wrote: > > [...] > > > > > Looks like David Beckett managed to trigger another nasty on the > > release path :/ > > > > BUG: kernel NULL pointer derefer

Re: [bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

Jakub Kicinski wrote: > On Thu, 09 May 2019 21:57:49 -0700, John Fastabend wrote: [...] > > Looks like David Beckett managed to trigger another nasty on the > release path :/ > > BUG: kernel NULL pointer dereference, address: 0012 > PGD 0 P4D 0 > Oops: [#1] SMP PTI

Re: [bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

On Thu, 09 May 2019 21:57:49 -0700, John Fastabend wrote: > It is possible (via shutdown()) for TCP socks to go through TCP_CLOSE > state via tcp_disconnect() without calling into close callback. This > would allow a kTLS enabled socket to exist outside of ESTABLISHED > state which is not supported

Re: [bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

Jakub Kicinski wrote: > On Tue, 14 May 2019 15:34:55 -0700, John Fastabend wrote: > > John Fastabend wrote: > > > Jakub Kicinski wrote: > > > > On Thu, 09 May 2019 21:57:49 -0700, John Fastabend wrote: > > > > > @@ -2042,12 +2060,14 @@ void tls_sw_free_resources_tx(struct sock *sk) > > > > >

Re: [bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

On Tue, 14 May 2019 15:34:55 -0700, John Fastabend wrote: > John Fastabend wrote: > > Jakub Kicinski wrote: > > > On Thu, 09 May 2019 21:57:49 -0700, John Fastabend wrote: > > > > @@ -2042,12 +2060,14 @@ void tls_sw_free_resources_tx(struct sock *sk) > > > > if (atomic_read(&ctx->encryp

Re: [bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

John Fastabend wrote: > Jakub Kicinski wrote: > > On Thu, 09 May 2019 21:57:49 -0700, John Fastabend wrote: > > > @@ -2042,12 +2060,14 @@ void tls_sw_free_resources_tx(struct sock *sk) > > > if (atomic_read(&ctx->encrypt_pending)) > > > crypto_wait_req(-EINPROGRESS, &ctx->async_wait); >

Re: [bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

Jakub Kicinski wrote: > On Thu, 09 May 2019 21:57:49 -0700, John Fastabend wrote: > > @@ -2042,12 +2060,14 @@ void tls_sw_free_resources_tx(struct sock *sk) > > if (atomic_read(&ctx->encrypt_pending)) > > crypto_wait_req(-EINPROGRESS, &ctx->async_wait); > > > > - release_sock(sk

Re: [bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

On Thu, 09 May 2019 21:57:49 -0700, John Fastabend wrote: > @@ -2042,12 +2060,14 @@ void tls_sw_free_resources_tx(struct sock *sk) > if (atomic_read(&ctx->encrypt_pending)) > crypto_wait_req(-EINPROGRESS, &ctx->async_wait); > > - release_sock(sk); > + if (locked) > +

Re: [bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

On Thu, 09 May 2019 21:57:49 -0700, John Fastabend wrote: > #ifdef CONFIG_TLS_DEVICE > if (ctx->rx_conf == TLS_HW) > tls_device_offload_cleanup_rx(sk); > - > - if (ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW) { > -#else > - { > #endif > + > + if (ctx->tx_conf

[bpf PATCH v4 1/4] bpf: tls, implement unhash to avoid transition out of ESTABLISHED

It is possible (via shutdown()) for TCP socks to go through TCP_CLOSE state via tcp_disconnect() without calling into close callback. This would allow a kTLS enabled socket to exist outside of ESTABLISHED state which is not supported. Solve this the same way we solved the sock{map|hash} case by ad