From: Jakub Kicinski <kuba@kernel.org>
To: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
Cc: netdev@vger.kernel.org, davem@davemloft.net, borisp@nvidia.com,
secdev@chelsio.com
Subject: Re: [PATCH net] net/tls: Fix kernel panic when socket is in TLS ULP
Date: Fri, 6 Nov 2020 12:28:31 -0800 [thread overview]
Message-ID: <20201106122831.5fccebe3@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> (raw)
In-Reply-To: <a9d6ec03-1638-6282-470a-3a6b09b96652@chelsio.com>
On Sat, 7 Nov 2020 02:02:42 +0530 Vinay Kumar Yadav wrote:
> On 11/6/2020 12:16 AM, Jakub Kicinski wrote:
> > On Thu, 5 Nov 2020 23:55:15 +0530 Vinay Kumar Yadav wrote:
> >>>>> We should prevent from the socket getting into LISTEN state in the
> >>>>> first place. Can we make a copy of proto_ops (like tls_sw_proto_ops)
> >>>>> and set listen to sock_no_listen?
> >>>>
> >>>> Once tls-toe (TLS_HW_RECORD) is configured on a socket, listen() call
> >>>> from user on same socket will create hash at two places.
> >>>
> >>> What I'm saying is - disallow listen calls on sockets with tls-toe
> >>> installed on them. Is that not possible?
> >>>
> >> You mean socket with tls-toe installed shouldn't be listening at other
> >> than adapter? basically avoid ctx->sk_proto->hash(sk) call.
> >
> > No, replace the listen callback, like I said. Why are you talking about
> > hash???
> >As per my understanding we can't avoid socket listen.
> Not sure how replacing listen callback solve the issue,
> can you please elaborate ?
TLS sockets are not supposed to get into listen state. IIUC the problem
is that the user is able to set TLS TOE on a socket which then starts
to listen and the state gets cloned improperly.
next prev parent reply other threads:[~2020-11-06 20:28 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-03 10:47 [PATCH net] net/tls: Fix kernel panic when socket is in TLS ULP Vinay Kumar Yadav
2020-11-05 1:16 ` Jakub Kicinski
2020-11-05 17:50 ` Vinay Kumar Yadav
2020-11-05 17:53 ` Jakub Kicinski
2020-11-05 18:25 ` Vinay Kumar Yadav
2020-11-05 18:46 ` Jakub Kicinski
2020-11-06 20:32 ` Vinay Kumar Yadav
2020-11-06 20:28 ` Jakub Kicinski [this message]
2020-11-09 18:51 ` Vinay Kumar Yadav
2020-11-09 18:58 ` Jakub Kicinski
2020-11-10 5:07 ` Vinay Kumar Yadav
2020-11-10 5:58 ` Vinay Kumar Yadav
2020-11-10 16:28 ` Jakub Kicinski
2020-11-10 19:49 ` Vinay Kumar Yadav
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201106122831.5fccebe3@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com \
--to=kuba@kernel.org \
--cc=borisp@nvidia.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=secdev@chelsio.com \
--cc=vinay.yadav@chelsio.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).