git: bf25678226f0 - main - ktls: Fix error/mode confusion in TCP_*TLS_MODE getsockopt handlers
Mark Johnston
markj at FreeBSD.org
Fri Sep 17 19:12:33 UTC 2021
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=bf25678226f0d9b52c27610c734c97d76a7cae59
commit bf25678226f0d9b52c27610c734c97d76a7cae59
Author: Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-09-17 16:14:29 +0000
Commit: Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-09-17 18:19:05 +0000
ktls: Fix error/mode confusion in TCP_*TLS_MODE getsockopt handlers
ktls_get_(rx|tx)_mode() can return an errno value or a TLS mode, so
errors are effectively hidden. Fix this by using a separate output
parameter. Convert to the new socket buffer locking macros while here.
Note that the socket buffer lock is not needed to synchronize the
SOLISTENING check here, we can rely on the PCB lock.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31977
---
sys/kern/uipc_ktls.c | 26 ++++++++++++--------------
sys/netinet/tcp_usrreq.c | 12 ++++++++----
sys/sys/ktls.h | 4 ++--
3 files changed, 22 insertions(+), 20 deletions(-)
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index 9e9a6b5b60fb..bc21e6fe2493 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -1199,45 +1199,43 @@ ktls_enable_tx(struct socket *so, struct tls_enable *en)
}
int
-ktls_get_rx_mode(struct socket *so)
+ktls_get_rx_mode(struct socket *so, int *modep)
{
struct ktls_session *tls;
struct inpcb *inp;
- int mode;
if (SOLISTENING(so))
return (EINVAL);
inp = so->so_pcb;
INP_WLOCK_ASSERT(inp);
- SOCKBUF_LOCK(&so->so_rcv);
+ SOCK_RECVBUF_LOCK(so);
tls = so->so_rcv.sb_tls_info;
if (tls == NULL)
- mode = TCP_TLS_MODE_NONE;
+ *modep = TCP_TLS_MODE_NONE;
else
- mode = tls->mode;
- SOCKBUF_UNLOCK(&so->so_rcv);
- return (mode);
+ *modep = tls->mode;
+ SOCK_RECVBUF_UNLOCK(so);
+ return (0);
}
int
-ktls_get_tx_mode(struct socket *so)
+ktls_get_tx_mode(struct socket *so, int *modep)
{
struct ktls_session *tls;
struct inpcb *inp;
- int mode;
if (SOLISTENING(so))
return (EINVAL);
inp = so->so_pcb;
INP_WLOCK_ASSERT(inp);
- SOCKBUF_LOCK(&so->so_snd);
+ SOCK_SENDBUF_LOCK(so);
tls = so->so_snd.sb_tls_info;
if (tls == NULL)
- mode = TCP_TLS_MODE_NONE;
+ *modep = TCP_TLS_MODE_NONE;
else
- mode = tls->mode;
- SOCKBUF_UNLOCK(&so->so_snd);
- return (mode);
+ *modep = tls->mode;
+ SOCK_SENDBUF_UNLOCK(so);
+ return (0);
}
/*
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index 3a1608cc106a..e9f7fa541461 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -2563,14 +2563,18 @@ unhold:
#endif
#ifdef KERN_TLS
case TCP_TXTLS_MODE:
- optval = ktls_get_tx_mode(so);
+ error = ktls_get_tx_mode(so, &optval);
INP_WUNLOCK(inp);
- error = sooptcopyout(sopt, &optval, sizeof(optval));
+ if (error == 0)
+ error = sooptcopyout(sopt, &optval,
+ sizeof(optval));
break;
case TCP_RXTLS_MODE:
- optval = ktls_get_rx_mode(so);
+ error = ktls_get_rx_mode(so, &optval);
INP_WUNLOCK(inp);
- error = sooptcopyout(sopt, &optval, sizeof(optval));
+ if (error == 0)
+ error = sooptcopyout(sopt, &optval,
+ sizeof(optval));
break;
#endif
case TCP_LRD:
diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h
index 9729fd6fe8c4..71d55ee1b3d8 100644
--- a/sys/sys/ktls.h
+++ b/sys/sys/ktls.h
@@ -212,9 +212,9 @@ void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt,
void ktls_seq(struct sockbuf *sb, struct mbuf *m);
void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count);
void ktls_enqueue_to_free(struct mbuf *m);
-int ktls_get_rx_mode(struct socket *so);
+int ktls_get_rx_mode(struct socket *so, int *modep);
int ktls_set_tx_mode(struct socket *so, int mode);
-int ktls_get_tx_mode(struct socket *so);
+int ktls_get_tx_mode(struct socket *so, int *modep);
int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls);
#ifdef RATELIMIT
int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate);
More information about the dev-commits-src-main
mailing list