From: Saeed Mahameed <saeedm@nvidia.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>, <netdev@vger.kernel.org>,
"Maxim Mikityanskiy" <maximmi@mellanox.com>,
Tariq Toukan <tariqt@nvidia.com>,
"Saeed Mahameed" <saeedm@nvidia.com>
Subject: [net 1/9] net/mlx5e: Fix refcount leak on kTLS RX resync
Date: Tue, 17 Nov 2020 11:56:54 -0800 [thread overview]
Message-ID: <20201117195702.386113-2-saeedm@nvidia.com> (raw)
In-Reply-To: <20201117195702.386113-1-saeedm@nvidia.com>
From: Maxim Mikityanskiy <maximmi@mellanox.com>
On resync, the driver calls inet_lookup_established
(__inet6_lookup_established) that increases sk_refcnt of the socket. To
decrease it, the driver set skb->destructor to sock_edemux. However, it
didn't work well, because the TCP stack also sets this destructor for
early demux, and the refcount gets decreased only once, while increased
two times (in mlx5e and in the TCP stack). It leads to a socket leak, a
TLS context leak, which in the end leads to calling tls_dev_del twice:
on socket close and on driver unload, which in turn leads to a crash.
This commit fixes the refcount leak by calling sock_gen_put right away
after using the socket, thus fixing all the subsequent issues.
Fixes: 0419d8c9d8f8 ("net/mlx5e: kTLS, Add kTLS RX resync support")
Signed-off-by: Maxim Mikityanskiy <maximmi@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
---
.../ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c
index 7f6221b8b1f7..6a1d82503ef8 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c
@@ -476,19 +476,22 @@ static void resync_update_sn(struct mlx5e_rq *rq, struct sk_buff *skb)
depth += sizeof(struct tcphdr);
- if (unlikely(!sk || sk->sk_state == TCP_TIME_WAIT))
+ if (unlikely(!sk))
return;
- if (unlikely(!resync_queue_get_psv(sk)))
- return;
+ if (unlikely(sk->sk_state == TCP_TIME_WAIT))
+ goto unref;
- skb->sk = sk;
- skb->destructor = sock_edemux;
+ if (unlikely(!resync_queue_get_psv(sk)))
+ goto unref;
seq = th->seq;
datalen = skb->len - depth;
tls_offload_rx_resync_async_request_start(sk, seq, datalen);
rq->stats->tls_resync_req_start++;
+
+unref:
+ sock_gen_put(sk);
}
void mlx5e_ktls_rx_resync(struct net_device *netdev, struct sock *sk,
--
2.26.2
next prev parent reply other threads:[~2020-11-17 20:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-17 19:56 [pull request][net 0/9] mlx5 fixes 2020-11-17 Saeed Mahameed
2020-11-17 19:56 ` Saeed Mahameed [this message]
2020-11-17 19:56 ` [net 2/9] net/mlx5e: Set IPsec WAs only in IP's non checksum partial case Saeed Mahameed
2020-11-17 19:56 ` [net 3/9] net/mlx5e: Fix IPsec packet drop by mlx5e_tc_update_skb Saeed Mahameed
2020-11-17 19:56 ` [net 4/9] net/mlx5e: Fix check if netdev is bond slave Saeed Mahameed
2020-11-17 19:56 ` [net 5/9] net/mlx5: Add handling of port type in rule deletion Saeed Mahameed
2020-11-17 19:56 ` [net 6/9] net/mlx5: Clear bw_share upon VF disable Saeed Mahameed
2020-11-17 19:57 ` [net 7/9] net/mlx5: Disable QoS when min_rates on all VFs are zero Saeed Mahameed
2020-11-17 19:57 ` [net 8/9] net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled Saeed Mahameed
2020-11-17 19:57 ` [net 9/9] net/mlx5: fix error return code in mlx5e_tc_nic_init() Saeed Mahameed
2020-11-19 1:21 ` [pull request][net 0/9] mlx5 fixes 2020-11-17 Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201117195702.386113-2-saeedm@nvidia.com \
--to=saeedm@nvidia.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=maximmi@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).