summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorJakub Kicinski <kuba@kernel.org>2022-05-18 13:56:44 -0700
committerJakub Kicinski <kuba@kernel.org>2022-05-19 17:55:06 -0700
commit1c2133114d2d11c10ffb0da4e12904bde0478beb (patch)
tree6be4051d1d7dd56208998c7031f2d9dd335803be /net
parentdf98714e432abf5cbdac3e4c1a13f94c65ddb8d3 (diff)
net: tls: fix messing up lists when bpf enabled
Artem points out that skb may try to take over the skb and queue it to its own list. Unlink the skb before calling out. Fixes: b1a2c1786330 ("tls: rx: clear ctx->recv_pkt earlier") Reported-by: Artem Savkov <asavkov@redhat.com> Tested-by: Artem Savkov <asavkov@redhat.com> Link: https://lore.kernel.org/r/20220518205644.2059468-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net')
-rw-r--r--net/tls/tls_sw.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 939d1673f508..0513f82b8537 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1837,15 +1837,17 @@ leave_on_list:
bool partially_consumed = chunk > len;
if (bpf_strp_enabled) {
+ /* BPF may try to queue the skb */
+ __skb_unlink(skb, &ctx->rx_list);
err = sk_psock_tls_strp_read(psock, skb);
if (err != __SK_PASS) {
rxm->offset = rxm->offset + rxm->full_len;
rxm->full_len = 0;
- __skb_unlink(skb, &ctx->rx_list);
if (err == __SK_DROP)
consume_skb(skb);
continue;
}
+ __skb_queue_tail(&ctx->rx_list, skb);
}
if (partially_consumed)