[PATCH OLK-5.10 1/4] tls: rx: simplify async wait

From: Jakub Kicinski kuba@kernel.org

mainline inclusion from mainline-v5.19-rc1 commit 37943f047bfb88ba4dfc7a522563f57c86d088a0 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I92REK CVE: CVE-2024-26583

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

--------------------------------

Since we are protected from async completions by decrypt_compl_lock we can drop the async_notify and reinit the completion before we start waiting.

Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com --- include/net/tls.h | 1 - net/tls/tls_sw.c | 14 ++------------ 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/include/net/tls.h b/include/net/tls.h index c837ef871564..6654cb041693 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -161,7 +161,6 @@ struct tls_sw_context_rx { atomic_t decrypt_pending; /* protect crypto_wait with decrypt_pending*/ spinlock_t decrypt_compl_lock; - bool async_notify; };

struct tls_record_info { diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 84e1f2af1a83..c6afd6b4467f 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -169,7 +169,6 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err) struct scatterlist *sg; struct sk_buff *skb; unsigned int pages; - int pending;

skb = (struct sk_buff *)req->data; tls_ctx = tls_get_ctx(skb->sk); @@ -217,9 +216,7 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err) kfree(aead_req);

spin_lock_bh(&ctx->decrypt_compl_lock); - pending = atomic_dec_return(&ctx->decrypt_pending); - - if (!pending && ctx->async_notify) + if (!atomic_dec_return(&ctx->decrypt_pending)) complete(&ctx->async_wait.completion); spin_unlock_bh(&ctx->decrypt_compl_lock); } @@ -1956,7 +1953,7 @@ int tls_sw_recvmsg(struct sock *sk, if (num_async) { /* Wait for all previously submitted records to be decrypted */ spin_lock_bh(&ctx->decrypt_compl_lock); - ctx->async_notify = true; + reinit_completion(&ctx->async_wait.completion); pending = atomic_read(&ctx->decrypt_pending); spin_unlock_bh(&ctx->decrypt_compl_lock); if (pending) { @@ -1968,15 +1965,8 @@ int tls_sw_recvmsg(struct sock *sk, decrypted = 0; goto end; } - } else { - reinit_completion(&ctx->async_wait.completion); }

- /* There can be no concurrent accesses, since we have no - * pending decrypt operations - */ - WRITE_ONCE(ctx->async_notify, false); - /* Drain records from the rx_list & copy if required */ if (is_peek || is_kvec) err = process_rx_list(ctx, msg, &control, &cmsg, copied,