aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Kicinski <[email protected]>2022-05-18 13:56:44 -0700
committerJakub Kicinski <[email protected]>2022-05-19 17:55:06 -0700
commit1c2133114d2d11c10ffb0da4e12904bde0478beb (patch)
tree6be4051d1d7dd56208998c7031f2d9dd335803be
parentdf98714e432abf5cbdac3e4c1a13f94c65ddb8d3 (diff)
net: tls: fix messing up lists when bpf enabled
Artem points out that skb may try to take over the skb and queue it to its own list. Unlink the skb before calling out. Fixes: b1a2c1786330 ("tls: rx: clear ctx->recv_pkt earlier") Reported-by: Artem Savkov <[email protected]> Tested-by: Artem Savkov <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
Diffstat
-rw-r--r--net/tls/tls_sw.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 939d1673f508..0513f82b8537 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1837,15 +1837,17 @@ leave_on_list:
bool partially_consumed = chunk > len;
if (bpf_strp_enabled) {
+ /* BPF may try to queue the skb */
+ __skb_unlink(skb, &ctx->rx_list);
err = sk_psock_tls_strp_read(psock, skb);
if (err != __SK_PASS) {
rxm->offset = rxm->offset + rxm->full_len;
rxm->full_len = 0;
- __skb_unlink(skb, &ctx->rx_list);
if (err == __SK_DROP)
consume_skb(skb);
continue;
}
+ __skb_queue_tail(&ctx->rx_list, skb);
}
if (partially_consumed)
Powered by cgit, Gruvboxed by Blaster4385.