tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

tls: fix lockless read of strp->msg_ready in ->poll

tls_sk_poll is called without locking the socket, and needs to read
strp->msg_ready (via tls_strp_msg_ready). Convert msg_ready to a bool
and use READ_ONCE/WRITE_ONCE where needed. The remaining reads are
only performed when the socket is locked.

Fixes: 121dca784fc0 ("tls: suppress wakeups unless we have a full record")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/0b7ee062319037cf86af6b317b3d72f7bfcd2e97.1713797701.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Sabrina Dubroca and committed by
Jakub Kicinski 0844370f 38d7b94e

+6 -5
+2 -1
include/net/tls.h
··· 111 111 u32 stopped : 1; 112 112 u32 copy_mode : 1; 113 113 u32 mixed_decrypted : 1; 114 - u32 msg_ready : 1; 114 + 115 + bool msg_ready; 115 116 116 117 struct strp_msg stm; 117 118
+1 -1
net/tls/tls.h
··· 215 215 216 216 static inline bool tls_strp_msg_ready(struct tls_sw_context_rx *ctx) 217 217 { 218 - return ctx->strp.msg_ready; 218 + return READ_ONCE(ctx->strp.msg_ready); 219 219 } 220 220 221 221 static inline bool tls_strp_msg_mixed_decrypted(struct tls_sw_context_rx *ctx)
+3 -3
net/tls/tls_strp.c
··· 360 360 if (strp->stm.full_len && strp->stm.full_len == skb->len) { 361 361 desc->count = 0; 362 362 363 - strp->msg_ready = 1; 363 + WRITE_ONCE(strp->msg_ready, 1); 364 364 tls_rx_msg_ready(strp); 365 365 } 366 366 ··· 528 528 if (!tls_strp_check_queue_ok(strp)) 529 529 return tls_strp_read_copy(strp, false); 530 530 531 - strp->msg_ready = 1; 531 + WRITE_ONCE(strp->msg_ready, 1); 532 532 tls_rx_msg_ready(strp); 533 533 534 534 return 0; ··· 580 580 else 581 581 tls_strp_flush_anchor_copy(strp); 582 582 583 - strp->msg_ready = 0; 583 + WRITE_ONCE(strp->msg_ready, 0); 584 584 memset(&strp->stm, 0, sizeof(strp->stm)); 585 585 586 586 tls_strp_check_rcv(strp);