]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commitdiff
tls: rx: release the sock lock on locking timeout
authorJakub Kicinski <kuba@kernel.org>
Wed, 20 Jul 2022 20:37:00 +0000 (13:37 -0700)
committerJakub Kicinski <kuba@kernel.org>
Fri, 22 Jul 2022 01:58:11 +0000 (18:58 -0700)
Eric reports we should release the socket lock if the entire
"grab reader lock" operation has failed. The callers assume
they don't have to release it or otherwise unwind.

Reported-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot+16e72110feb2b653ef27@syzkaller.appspotmail.com
Fixes: 4cbc325ed6b4 ("tls: rx: allow only one reader at a time")
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20220720203701.2179034-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/tls/tls_sw.c

index 859ea02022c0878b1cf300c7e5b5cef0213241d3..ed5e6f1df9c7f9a4919fd3bfa53f101020cf0835 100644 (file)
@@ -1803,6 +1803,7 @@ static long tls_rx_reader_lock(struct sock *sk, struct tls_sw_context_rx *ctx,
                               bool nonblock)
 {
        long timeo;
+       int err;
 
        lock_sock(sk);
 
@@ -1818,15 +1819,23 @@ static long tls_rx_reader_lock(struct sock *sk, struct tls_sw_context_rx *ctx,
                              !READ_ONCE(ctx->reader_present), &wait);
                remove_wait_queue(&ctx->wq, &wait);
 
-               if (!timeo)
-                       return -EAGAIN;
-               if (signal_pending(current))
-                       return sock_intr_errno(timeo);
+               if (timeo <= 0) {
+                       err = -EAGAIN;
+                       goto err_unlock;
+               }
+               if (signal_pending(current)) {
+                       err = sock_intr_errno(timeo);
+                       goto err_unlock;
+               }
        }
 
        WRITE_ONCE(ctx->reader_present, 1);
 
        return timeo;
+
+err_unlock:
+       release_sock(sk);
+       return err;
 }
 
 static void tls_rx_reader_unlock(struct sock *sk, struct tls_sw_context_rx *ctx)