From nobody Tue Jan 24 05:43:22 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P1G971bF3z3bNSD;
	Tue, 24 Jan 2023 05:43:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4P1G966vRWz4TVQ;
	Tue, 24 Jan 2023 05:43:22 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1674539003;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XQBth9klTyqmbJkEMHDzHi6nAkQ6fPVzI9LNZPJI3Ro=;
	b=FwIjlXKhAaDUHfTvl1Tqkk7R1H4qpgDk38oHe7/vSKoOM6Z/yguOHdOTtM+32lvitYhqEp
	nd4i8IxqHelCu1B6+w4k5Vt1YdjIhNxt4kG0tIN5evwfKWmjTKvdLDl1t7mXhFnheHLiou
	vchXqwwZaIR9VOUgJnDBKoeDoLeCqxQtmOkvZkQiIvhknv6ct1aE51GVBn7umN5eCjykm6
	FeAF3Ii6HgnJ/WdJM7yCUpSb9MGSEMNUtn3EZT4fS3ejbgR73Yovaaiet9YzFTP5Hu3Wqo
	HbDDFfTECeBquuHKhOCfcNtMrmggkzf8qsxF1Dg7z43gFqVbbOg9txZLXie+Gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1674539003;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XQBth9klTyqmbJkEMHDzHi6nAkQ6fPVzI9LNZPJI3Ro=;
	b=MQNnUoToeOXZIpAyH1pGs5iePHq611O2wPVg+opiv2zPSB2MT+OvJhbhQJBbbURa73usL+
	BGxa+AMQQ0TbL7IJK0DXQy5TZMZj3otqsEIUcJBqoOGLfBxQIpvQyNgqoUtNtJNZEVZjEB
	gnBZ1+FyNY7LRZZv6m4xJlUgQTX5taT+5/8EZgYZljNzegaNeLHRPxAaTnq2evpjSp7CPZ
	PYdEIHG/jKPAKwGBnYYBIh6bfj2o5eUSgZC6M0xG7IMtDxWmQ6STHK1+EDA6ZMfok/6PvA
	cSBxgRUg+znrnZ1FGelhTRxNH06lWXDJiJjMJjrWNGRhZpcqaPUAdBxYRk2E/Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674539003; a=rsa-sha256; cv=none;
	b=K/YexpA4nClVsl/l8/lyA3yi3IGCCUyflSO5oUu9xtJKGwHLOLwzqiJHpBIhDsce14QeM6
	RI5LDWHBkVxfa5e3Scp2Aw3iLGQnbmM3Ax4hwdtoagnUjGFxbuQsEyVXfC91lt9s87+Zzr
	Zmfw7m0jhX/pumHGfI5+noayg1ou2JhFTDNa4ex5raA9dz8a0KpbQXPgJIH6R97NnHmKVc
	lI6lB4Ej7+Rv+cqQE/6SQ2ZLsZUOJrHhvTas4PYquNnaR3uhT7eQa8fu3L4ZSopmj96Ifa
	iTI0+t2aULTOfpnbcZumUwhiL3bItZAZoOp/EODNituyPTq3YWYNpo/MQNtTiA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P1G9660PhzyF1;
	Tue, 24 Jan 2023 05:43:22 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 30O5hMgg061998;
	Tue, 24 Jan 2023 05:43:22 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 30O5hMcM061997;
	Tue, 24 Jan 2023 05:43:22 GMT
	(envelope-from git)
Date: Tue, 24 Jan 2023 05:43:22 GMT
Message-Id: <202301240543.30O5hMcM061997@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: cc17f41e0792 - stable/13 - ktls: Close a race with setting so_error when dropping a connection.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: cc17f41e07925875ce5d004c287c4ef1f4f543be
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=cc17f41e07925875ce5d004c287c4ef1f4f543be

commit cc17f41e07925875ce5d004c287c4ef1f4f543be
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-12-15 20:06:26 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2023-01-24 05:21:22 +0000

    ktls: Close a race with setting so_error when dropping a connection.
    
    pr_abort calls tcp_usr_abort which calls tcp_drop with ECONNABORTED.
    After pr_abort returns, the so_error is then set to a more specific
    error.  However, a reader can observe and return the ECONNABORTED
    error before so_error is set to the desired error value.  This is
    resulting in spurious test failures of recently added tests for
    invalid conditions such as invalid headers.
    
    To fix, refactor the code to abort a connection to call tcp_drop
    directly with the desired error value.  ktls_reset_send_tag already
    calls tcp_drop directly when it aborts a connection due to an error.
    
    Reviewed by:    gallatin
    Reported by:    CI (jenkins), gallatin, olivier
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D37692
    
    (cherry picked from commit 69542f26820b7edb8351398b36edda5299c1db56)
---
 sys/kern/uipc_ktls.c | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index e3f84171a976..711b38ec7f99 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -1865,6 +1865,27 @@ tls13_find_record_type(struct ktls_session *tls, struct mbuf *m, int tls_len,
 	return (0);
 }
 
+static void
+ktls_drop(struct socket *so, int error)
+{
+	struct epoch_tracker et;
+	struct inpcb *inp = sotoinpcb(so);
+	struct tcpcb *tp;
+
+	NET_EPOCH_ENTER(et);
+	INP_WLOCK(inp);
+	if (!(inp->inp_flags & INP_DROPPED)) {
+		tp = intotcpcb(inp);
+		CURVNET_SET(inp->inp_vnet);
+		tp = tcp_drop(tp, error);
+		CURVNET_RESTORE();
+		if (tp != NULL)
+			INP_WUNLOCK(inp);
+	} else
+		INP_WUNLOCK(inp);
+	NET_EPOCH_EXIT(et);
+}
+
 static void
 ktls_decrypt(struct socket *so)
 {
@@ -1921,10 +1942,7 @@ ktls_decrypt(struct socket *so)
 			SOCKBUF_UNLOCK(sb);
 			counter_u64_add(ktls_offload_corrupted_records, 1);
 
-			CURVNET_SET(so->so_vnet);
-			so->so_proto->pr_usrreqs->pru_abort(so);
-			so->so_error = error;
-			CURVNET_RESTORE();
+			ktls_drop(so, error);
 			goto deref;
 		}
 
@@ -2331,8 +2349,7 @@ retry_page:
 	if (error == 0) {
 		(void)(*so->so_proto->pr_usrreqs->pru_ready)(so, top, npages);
 	} else {
-		so->so_proto->pr_usrreqs->pru_abort(so);
-		so->so_error = EIO;
+		ktls_drop(so, EIO);
 		mb_free_notready(top, total_pages);
 	}