diff options
author | Jakub Kicinski <kuba@kernel.org> | 2022-05-18 13:56:44 -0700 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2022-05-19 17:55:06 -0700 |
commit | 1c2133114d2d11c10ffb0da4e12904bde0478beb (patch) | |
tree | 6be4051d1d7dd56208998c7031f2d9dd335803be /net | |
parent | df98714e432abf5cbdac3e4c1a13f94c65ddb8d3 (diff) |
net: tls: fix messing up lists when bpf enabled
Artem points out that skb may try to take over the skb and
queue it to its own list. Unlink the skb before calling out.
Fixes: b1a2c1786330 ("tls: rx: clear ctx->recv_pkt earlier")
Reported-by: Artem Savkov <asavkov@redhat.com>
Tested-by: Artem Savkov <asavkov@redhat.com>
Link: https://lore.kernel.org/r/20220518205644.2059468-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/tls/tls_sw.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 939d1673f508..0513f82b8537 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1837,15 +1837,17 @@ leave_on_list: bool partially_consumed = chunk > len; if (bpf_strp_enabled) { + /* BPF may try to queue the skb */ + __skb_unlink(skb, &ctx->rx_list); err = sk_psock_tls_strp_read(psock, skb); if (err != __SK_PASS) { rxm->offset = rxm->offset + rxm->full_len; rxm->full_len = 0; - __skb_unlink(skb, &ctx->rx_list); if (err == __SK_DROP) consume_skb(skb); continue; } + __skb_queue_tail(&ctx->rx_list, skb); } if (partially_consumed) |