From nobody Thu Dec 15 20:07:00 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NY3D515XBz4V9C7; Thu, 15 Dec 2022 20:07:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NY3D46gclz47Ws; Thu, 15 Dec 2022 20:07:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1671134820; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jIVOPb7JyYP9u7H41gvo1lh+FLknt88+gCRHg/irXwg=; b=Ax9OOi3/7jmoeTPNM2zch6gmLaciFtSQrcMMgwuj8r7TM7MUemhIi2EbXreXA/iHBMNh/g NvcGcAke8hr6mZRymFkCggz4xuPosEdqQ/vgndz8m/YM+yRCcOWegrTdai9KW1xHhVTfoj eyLWz700NA0eDdbk4Q3p6/KxFnW8zj5kzZoc9XvFnFZV+cBzXrQMcWWMIENi9mrLPhLVDU yFZQA84W73Geq2TSA1vAGrEWjRF34emf6RSq5Er51thIN57DqQ4oKwC6eLV9F27ftkzqJZ 2lJB+u2Ms7onBZ78kmUu7dPV9UsUK2BIZIYsWi2pNCT+y8VAQdcycXJzP4g6cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1671134820; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jIVOPb7JyYP9u7H41gvo1lh+FLknt88+gCRHg/irXwg=; b=xcTyiZOrN1ss3OLGTbXRZtmpZ5f64AhUK8q5c2z9Zw5RJNhZmkWyyuI35mLeiw5uQ5dXhs mqpJFLk/dLNcWLsbt3ehon0IMRN+D4Dr61A8MRvTXdI9FMWTXJF9scllIUneNNDa1MsD4N 2nu9ShgunJaVOcAqQE2e8l2icL9DXdW1dotJwDKWjLPRCeM55WiIr405BZRUikF7A6hfrA kGACogXUz2Xh6CNmpN5BI+CQ5rflNMYSWWyTaNG2yxhlgvEjVfLRtWnC3KEBcTilkSypUX Nh5NHVVoiRRPXQS6/5AdGoKUZG5AAQlxuRRYyV7qPy2OnV4LJBOsys0ZxHSxfQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1671134820; a=rsa-sha256; cv=none; b=IEGjmOiZtlArKseu3tDdgyYw71p+AzB6vxnDF9EFg/7DKymt2iWymXjwgLkL+SFSG9iA/A jUxqo9UTNr0z5mmFusLKpQjjccVygnO3BaSrZII/4DolqvGx1OGbpq+i1NlQESVVLY/IWG mX4J3j25VDOPToQiX/DKS47Q9c8j0SoerA7ovma4qO2jwcGm77wy0L+SYP8VjNL1E52qzB bL2u25k2HZx1sUxa2VxNPplakWArfMvQv6QVUN15VvdgmC7phv+AAkA1M+Kd8U4sFJOFSZ /ZKk/B++06JT1z3UF6eUjuEN31W2id5f8ObtD8nd1JR37D+bdJmUl8rFlXNhFA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NY3D45lRYzlkR; Thu, 15 Dec 2022 20:07:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2BFK70gq029065; Thu, 15 Dec 2022 20:07:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2BFK70Lg029064; Thu, 15 Dec 2022 20:07:00 GMT (envelope-from git) Date: Thu, 15 Dec 2022 20:07:00 GMT Message-Id: <202212152007.2BFK70Lg029064@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 69542f26820b - main - ktls: Close a race with setting so_error when dropping a connection. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 69542f26820b7edb8351398b36edda5299c1db56 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=69542f26820b7edb8351398b36edda5299c1db56 commit 69542f26820b7edb8351398b36edda5299c1db56 Author: John Baldwin AuthorDate: 2022-12-15 20:06:26 +0000 Commit: John Baldwin CommitDate: 2022-12-15 20:06:26 +0000 ktls: Close a race with setting so_error when dropping a connection. pr_abort calls tcp_usr_abort which calls tcp_drop with ECONNABORTED. After pr_abort returns, the so_error is then set to a more specific error. However, a reader can observe and return the ECONNABORTED error before so_error is set to the desired error value. This is resulting in spurious test failures of recently added tests for invalid conditions such as invalid headers. To fix, refactor the code to abort a connection to call tcp_drop directly with the desired error value. ktls_reset_send_tag already calls tcp_drop directly when it aborts a connection due to an error. Reviewed by: gallatin Reported by: CI (jenkins), gallatin, olivier Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37692 --- sys/kern/uipc_ktls.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index ae9201976988..5648598e2b0a 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -2301,6 +2301,27 @@ ktls_resync_ifnet(struct socket *so, uint32_t tls_len, uint64_t tls_rcd_num) return (mst->sw->snd_tag_modify(mst, ¶ms)); } +static void +ktls_drop(struct socket *so, int error) +{ + struct epoch_tracker et; + struct inpcb *inp = sotoinpcb(so); + struct tcpcb *tp; + + NET_EPOCH_ENTER(et); + INP_WLOCK(inp); + if (!(inp->inp_flags & INP_DROPPED)) { + tp = intotcpcb(inp); + CURVNET_SET(inp->inp_vnet); + tp = tcp_drop(tp, error); + CURVNET_RESTORE(); + if (tp != NULL) + INP_WUNLOCK(inp); + } else + INP_WUNLOCK(inp); + NET_EPOCH_EXIT(et); +} + static void ktls_decrypt(struct socket *so) { @@ -2358,10 +2379,7 @@ ktls_decrypt(struct socket *so) SOCKBUF_UNLOCK(sb); counter_u64_add(ktls_offload_corrupted_records, 1); - CURVNET_SET(so->so_vnet); - so->so_proto->pr_abort(so); - so->so_error = error; - CURVNET_RESTORE(); + ktls_drop(so, error); goto deref; } @@ -2887,8 +2905,7 @@ ktls_encrypt(struct ktls_wq *wq, struct mbuf *top) if (error == 0) { (void)so->so_proto->pr_ready(so, top, npages); } else { - so->so_proto->pr_abort(so); - so->so_error = EIO; + ktls_drop(so, EIO); mb_free_notready(top, total_pages); } @@ -2931,8 +2948,7 @@ ktls_encrypt_cb(struct ktls_ocf_encrypt_state *state, int error) if (error == 0) { (void)so->so_proto->pr_ready(so, m, npages); } else { - so->so_proto->pr_abort(so); - so->so_error = EIO; + ktls_drop(so, EIO); mb_free_notready(m, npages); } @@ -2996,8 +3012,7 @@ ktls_encrypt_async(struct ktls_wq *wq, struct mbuf *top) CURVNET_SET(so->so_vnet); if (error != 0) { - so->so_proto->pr_abort(so); - so->so_error = EIO; + ktls_drop(so, EIO); mb_free_notready(m, total_pages - npages); }