tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

tls: rx: release the sock lock on locking timeout

Eric reports we should release the socket lock if the entire
"grab reader lock" operation has failed. The callers assume
they don't have to release it or otherwise unwind.

Reported-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot+16e72110feb2b653ef27@syzkaller.appspotmail.com
Fixes: 4cbc325ed6b4 ("tls: rx: allow only one reader at a time")
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20220720203701.2179034-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski dde06aaa b945804d

+13 -4
+13 -4
net/tls/tls_sw.c
··· 1803 1803 bool nonblock) 1804 1804 { 1805 1805 long timeo; 1806 + int err; 1806 1807 1807 1808 lock_sock(sk); 1808 1809 ··· 1819 1818 !READ_ONCE(ctx->reader_present), &wait); 1820 1819 remove_wait_queue(&ctx->wq, &wait); 1821 1820 1822 - if (!timeo) 1823 - return -EAGAIN; 1824 - if (signal_pending(current)) 1825 - return sock_intr_errno(timeo); 1821 + if (timeo <= 0) { 1822 + err = -EAGAIN; 1823 + goto err_unlock; 1824 + } 1825 + if (signal_pending(current)) { 1826 + err = sock_intr_errno(timeo); 1827 + goto err_unlock; 1828 + } 1826 1829 } 1827 1830 1828 1831 WRITE_ONCE(ctx->reader_present, 1); 1829 1832 1830 1833 return timeo; 1834 + 1835 + err_unlock: 1836 + release_sock(sk); 1837 + return err; 1831 1838 } 1832 1839 1833 1840 static void tls_rx_reader_unlock(struct sock *sk, struct tls_sw_context_rx *ctx)