On 10/30/24 8:38 AM, Stanislav Fomichev wrote:
On 10/29, Zijian Zhang wrote:
On 10/29/24 5:22 PM, Stanislav Fomichev wrote:
On 10/29, Zijian Zhang wrote:
On 10/29/24 4:07 PM, Stanislav Fomichev wrote:
On 10/29, zijianzhang@xxxxxxxxxxxxx wrote:
...
diff --git a/include/net/tls.h b/include/net/tls.h
index 3a33924db2bc..a65939c7ad61 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -390,8 +390,12 @@ tls_offload_ctx_tx(const struct tls_context *tls_ctx)
static inline bool tls_sw_has_ctx_tx(const struct sock *sk)
{
- struct tls_context *ctx = tls_get_ctx(sk);
+ struct tls_context *ctx;
+
+ if (!sk_is_inet(sk))
+ return false;
+ ctx = tls_get_ctx(sk);
if (!ctx)
return false;
return !!tls_sw_ctx_tx(ctx);
@@ -399,8 +403,12 @@ static inline bool tls_sw_has_ctx_tx(const struct sock *sk)
static inline bool tls_sw_has_ctx_rx(const struct sock *sk)
{
- struct tls_context *ctx = tls_get_ctx(sk);
+ struct tls_context *ctx;
+
+ if (!sk_is_inet(sk))
+ return false;
+ ctx = tls_get_ctx(sk);
if (!ctx)
return false;
return !!tls_sw_ctx_rx(ctx);
This seems like a strange place to fix it. Why does tls_get_ctx return
invalid pointer for non-tls/ulp sockets? Shouldn't it be NULL?
Is sockmap even supposed to work with vsock?
Here is my understanding, please correct me if I am wrong :)
```
static inline struct tls_context *tls_get_ctx(const struct sock *sk)
{
const struct inet_connection_sock *icsk = inet_csk(sk);
return (__force void *)icsk->icsk_ulp_data;
}
```
tls_get_ctx assumes the socket passed is icsk_socket. However, unix
and vsock do not have inet_connection_sock, they have unix_sock and
vsock_sock. The offset of icsk_ulp_data are meaningless for them, and
they might point to some other values which might not be NULL.
Afaik, sockmap started to support vsock in 634f1a7110b4 ("vsock: support
sockmap"), and support unix in 94531cfcbe79 ("af_unix: Add
unix_stream_proto for sockmap").
If the above is correct, I find that using inet_test_bit(IS_ICSK, sk)
instead of sk_is_inet will be more accurate.
Thanks for the context, makes sense. And consolidating this sk_is_inet
check inside tls_get_ctx is worse because it gets called outside of
sockmap?
Yes, tls_get_ctx is invoked in multiple locations, and I want to only
fix sockmap related calls.
Sounds convincing. Unless John/Jakub have better suggestions:
Acked-by: Stanislav Fomichev <sdf@xxxxxxxxxxx>
Thanks for the Ack and reviewing!
In order to make it more accurate, I added inet_test_bit(IS_ICSK, sk)
check in version2. I just found that sk_is_inet only cannot assure
inet_csk is valid. For example, udp_sock does not have inet_connection_sock.
