Re: [PATCH bpf] bpf: Add sk_is_inet check in tls_sw_has_ctx_tx/rx

Stanislav Fomichev <stfomichev@xxxxxxxxx> · Tue, 29 Oct 2024 16:07:38 -0700

On 10/29, zijianzhang@xxxxxxxxxxxxx wrote:
> From: Zijian Zhang <zijianzhang@xxxxxxxxxxxxx>
> 
> As the introduction of the support for vsock and unix sockets in sockmap,
> tls_sw_has_ctx_tx/rx cannot presume the socket passed in must be inet.
> Otherwise, tls_get_ctx may return an invalid pointer and result in page
> fault in function tls_sw_ctx_rx.
> 
> BUG: unable to handle page fault for address: 0000000000040030
> Workqueue: vsock-loopback vsock_loopback_work
> RIP: 0010:sk_psock_strp_data_ready+0x23/0x60
> Call Trace:
>  ? __die+0x81/0xc3
>  ? no_context+0x194/0x350
>  ? do_page_fault+0x30/0x110
>  ? async_page_fault+0x3e/0x50
>  ? sk_psock_strp_data_ready+0x23/0x60
>  virtio_transport_recv_pkt+0x750/0x800
>  ? update_load_avg+0x7e/0x620
>  vsock_loopback_work+0xd0/0x100
>  process_one_work+0x1a7/0x360
>  worker_thread+0x30/0x390
>  ? create_worker+0x1a0/0x1a0
>  kthread+0x112/0x130
>  ? __kthread_cancel_work+0x40/0x40
>  ret_from_fork+0x1f/0x40
> 
> Fixes: 0608c69c9a80 ("bpf: sk_msg, sock{map|hash} redirect through ULP")
> Fixes: e91de6afa81c ("bpf: Fix running sk_skb program types with ktls")
> 
> Signed-off-by: Zijian Zhang <zijianzhang@xxxxxxxxxxxxx>
> ---
>  include/net/tls.h | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/include/net/tls.h b/include/net/tls.h
> index 3a33924db2bc..a65939c7ad61 100644
> --- a/include/net/tls.h
> +++ b/include/net/tls.h
> @@ -390,8 +390,12 @@ tls_offload_ctx_tx(const struct tls_context *tls_ctx)
>  
>  static inline bool tls_sw_has_ctx_tx(const struct sock *sk)
>  {
> -	struct tls_context *ctx = tls_get_ctx(sk);
> +	struct tls_context *ctx;
> +
> +	if (!sk_is_inet(sk))
> +		return false;
>  
> +	ctx = tls_get_ctx(sk);
>  	if (!ctx)
>  		return false;
>  	return !!tls_sw_ctx_tx(ctx);
> @@ -399,8 +403,12 @@ static inline bool tls_sw_has_ctx_tx(const struct sock *sk)
>  
>  static inline bool tls_sw_has_ctx_rx(const struct sock *sk)
>  {
> -	struct tls_context *ctx = tls_get_ctx(sk);
> +	struct tls_context *ctx;
> +
> +	if (!sk_is_inet(sk))
> +		return false;
>  
> +	ctx = tls_get_ctx(sk);
>  	if (!ctx)
>  		return false;
>  	return !!tls_sw_ctx_rx(ctx);

This seems like a strange place to fix it. Why does tls_get_ctx return
invalid pointer for non-tls/ulp sockets? Shouldn't it be NULL?
Is sockmap even supposed to work with vsock?