net/tls: take into account that bpf_exec_tx_verdict() may free the record (c329ef96) · Commits · 戴 / test

bpf_exec_tx_verdict() may free the record if tls_push_record() fails, or if the entire record got consumed by BPF. Re-check ctx->open_rec before touching the data. Fixes: ("tls: add bpf support to sk_msg handling") Signed-off-by:

Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by:

Simon Horman <simon.horman@netronome.com> Acked-by:

John Fastabend <john.fastabend@gmail.com> Signed-off-by:

David S. Miller <davem@davemloft.net>

net/tls/tls_sw.c

+8 −5

Original line number	Diff line number	Diff line
		@@ -984,7 +984,7 @@ alloc_encrypted:
		num_async++;
		else if (ret == -ENOMEM)
		goto wait_for_memory;
		else if (ret == -ENOSPC)
		else if (ctx->open_rec && ret == -ENOSPC)
		goto rollback_iter;
		else if (ret != -EAGAIN)
		goto send_end;
		@@ -1053,11 +1053,12 @@ wait_for_memory:
		ret = sk_stream_wait_memory(sk, &timeo);
		if (ret) {
		trim_sgl:
		if (ctx->open_rec)
		tls_trim_both_msgs(sk, orig_size);
		goto send_end;
		}

		if (msg_en->sg.size < required_size)
		if (ctx->open_rec && msg_en->sg.size < required_size)
		goto alloc_encrypted;
		}

		@@ -1190,10 +1191,12 @@ wait_for_sndbuf:
		wait_for_memory:
		ret = sk_stream_wait_memory(sk, &timeo);
		if (ret) {
		if (ctx->open_rec)
		tls_trim_both_msgs(sk, msg_pl->sg.size);
		goto sendpage_end;
		}

		if (ctx->open_rec)
		goto alloc_payload;
		}

Admin message