sock: redo the psock vs ULP protection check
authorJakub Kicinski <kuba@kernel.org>
Mon, 20 Jun 2022 19:13:53 +0000 (12:13 -0700)
committerPaolo Abeni <pabeni@redhat.com>
Thu, 23 Jun 2022 08:08:30 +0000 (10:08 +0200)
Commit 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()")
has moved the inet_csk_has_ulp(sk) check from sk_psock_init() to
the new tcp_bpf_update_proto() function. I'm guessing that this
was done to allow creating psocks for non-inet sockets.

Unfortunately the destruction path for psock includes the ULP
unwind, so we need to fail the sk_psock_init() itself.
Otherwise if ULP is already present we'll notice that later,
and call tcp_update_ulp() with the sk_proto of the ULP
itself, which will most likely result in the ULP looping
its callbacks.

Fixes: 8a59f9d1e3d4 ("sock: Introduce sk->sk_prot->psock_update_sk_prot()")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com>
Tested-by: Jakub Sitnicki <jakub@cloudflare.com>
Link: https://lore.kernel.org/r/20220620191353.1184629-2-kuba@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
include/net/inet_sock.h
net/core/skmsg.c
net/ipv4/tcp_bpf.c
net/tls/tls_main.c

index c1b5dcd6597c622dfea3d4a646f97c87acb7ea32..daead5fb389aea689637a447370739cd910b5248 100644 (file)
@@ -253,6 +253,11 @@ struct inet_sock {
 #define IP_CMSG_CHECKSUM       BIT(7)
 #define IP_CMSG_RECVFRAGSIZE   BIT(8)
 
+static inline bool sk_is_inet(struct sock *sk)
+{
+       return sk->sk_family == AF_INET || sk->sk_family == AF_INET6;
+}
+
 /**
  * sk_to_full_sk - Access to a full socket
  * @sk: pointer to a socket
index 22b983ade0e7da7fcbf54e91b326b61bb23b1532..b0fcd0200e84a8b8885a53bd19b4f2b63b1ace9c 100644 (file)
@@ -699,6 +699,11 @@ struct sk_psock *sk_psock_init(struct sock *sk, int node)
 
        write_lock_bh(&sk->sk_callback_lock);
 
+       if (sk_is_inet(sk) && inet_csk_has_ulp(sk)) {
+               psock = ERR_PTR(-EINVAL);
+               goto out;
+       }
+
        if (sk->sk_user_data) {
                psock = ERR_PTR(-EBUSY);
                goto out;
index be3947e70fec57cee1342bbf4e77ffc32cad4f9c..0d3f68bb51c057b1e09d1c29cbc718fc1a35c700 100644 (file)
@@ -611,9 +611,6 @@ int tcp_bpf_update_proto(struct sock *sk, struct sk_psock *psock, bool restore)
                return 0;
        }
 
-       if (inet_csk_has_ulp(sk))
-               return -EINVAL;
-
        if (sk->sk_family == AF_INET6) {
                if (tcp_bpf_assert_proto_ops(psock->sk_proto))
                        return -EINVAL;
index da176411c1b5fdb418ad8d78b9f5b1e7a6cd4d9c..2ffede463e4a5c13fdb01de4a79fee98fd8d6b98 100644 (file)
@@ -921,6 +921,8 @@ static void tls_update(struct sock *sk, struct proto *p,
 {
        struct tls_context *ctx;
 
+       WARN_ON_ONCE(sk->sk_prot == p);
+
        ctx = tls_get_ctx(sk);
        if (likely(ctx)) {
                ctx->sk_write_space = write_space;