Re: [PATCH] net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()

From: Hangyu Hua
Date: Mon Feb 27 2023 - 20:48:23 EST

Next message: Sasha Levin: "Re: AUTOSEL process"
Previous message: Liu Shixin: "Re: [PATCH RFC] arm64/vmalloc: use module region only for module_alloc() if CONFIG_RANDOMIZE_BASE is set"
In reply to: Jakub Kicinski: "Re: [PATCH] net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 28/2/2023 03:07, Jakub Kicinski wrote:

On Mon, 27 Feb 2023 11:26:18 +0800 Hangyu Hua wrote:

In order to reduce ambiguity, I think it may be a good idea only to
lock do_tls_getsockopt_conf() like we did in do_tls_setsockopt()

It will look like:

static int do_tls_getsockopt(struct sock *sk, int optname,
char __user *optval, int __user *optlen)
{
int rc = 0;

switch (optname) {
case TLS_TX:
case TLS_RX:
+ lock_sock(sk);
rc = do_tls_getsockopt_conf(sk, optval, optlen,
optname == TLS_TX);
+ release_sock(sk);
break;
case TLS_TX_ZEROCOPY_RO:
rc = do_tls_getsockopt_tx_zc(sk, optval, optlen);
break;
case TLS_RX_EXPECT_NO_PAD:
rc = do_tls_getsockopt_no_pad(sk, optval, optlen);
break;
default:
rc = -ENOPROTOOPT;
break;
}
return rc;
}

Of cause, I will clean the lock in do_tls_getsockopt_conf(). What do you
guys think?

I'd suggest to take the lock around the entire switch statement.

I get it. I will send a v2 later.

Thanks,
Hangyu

Next message: Sasha Levin: "Re: AUTOSEL process"
Previous message: Liu Shixin: "Re: [PATCH RFC] arm64/vmalloc: use module region only for module_alloc() if CONFIG_RANDOMIZE_BASE is set"
In reply to: Jakub Kicinski: "Re: [PATCH] net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]