• Jakub Kicinski's avatar
    net/tls: avoid NULL-deref on resync during device removal · 38030d7c
    Jakub Kicinski authored
    When netdev with active kTLS sockets in unregistered
    notifier callback walks the offloaded sockets and
    cleans up offload state.  RX data may still be processed,
    however, and if resync was requested prior to device
    removal we would hit a NULL pointer dereference on
    ctx->netdev use.
    
    Make sure resync is under the device offload lock
    and NULL-check the netdev pointer.
    
    This should be safe, because the pointer is set to
    NULL either in the netdev notifier (under said lock)
    or when socket is completely dead and no resync can
    happen.
    
    The other access to ctx->netdev in tls_validate_xmit_skb()
    does not dereference the pointer, it just checks it against
    other device pointer, so it should be pretty safe (perhaps
    we can add a READ_ONCE/WRITE_ONCE there, if paranoid).
    
    Fixes: 4799ac81 ("tls: Add rx inline crypto offload")
    Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
    Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    38030d7c
tls_device.c 25.8 KB