From patchwork Tue Mar 17 17:04:37 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jakub Sitnicki <jakub@cloudflare.com>
X-Patchwork-Id: 222385
Return-Path: <SRS0=NONA=5C=vger.kernel.org=netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.9 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, 
 DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,
 INCLUDES_PATCH, 
 MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS,
 USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 50F17C10F29
 for <netdev@archiver.kernel.org>;
 Tue, 17 Mar 2020 17:04:52 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
 by mail.kernel.org (Postfix) with ESMTP id 212EE20714
 for <netdev@archiver.kernel.org>;
 Tue, 17 Mar 2020 17:04:52 +0000 (UTC)
Authentication-Results: mail.kernel.org;
 dkim=pass (1024-bit key) header.d=cloudflare.com
 header.i=@cloudflare.com header.b="eN/660Dj"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726734AbgCQREv (ORCPT <rfc822;netdev@archiver.kernel.org>);
 Tue, 17 Mar 2020 13:04:51 -0400
Received: from mail-wm1-f68.google.com ([209.85.128.68]:40403 "EHLO
 mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1726130AbgCQREv (ORCPT
 <rfc822;netdev@vger.kernel.org>); Tue, 17 Mar 2020 13:04:51 -0400
Received: by mail-wm1-f68.google.com with SMTP id z12so57747wmf.5
 for <netdev@vger.kernel.org>; Tue, 17 Mar 2020 10:04:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=cloudflare.com; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=KQfg7DCu72eifsIXbwUE7SsyybaOyhWpBLosdsttlhc=;
 b=eN/660DjaoMYaRVaGZPsZSclxXFN6782ZtrxIhjA+n2dgadzqE09RdRWLLNcej9aug
 deTBhIKD39T5g6N6JoZ4njdF0XGkWTNf6r3U5c/pYPk8b0cIeK2zpZNgyXKBeQcNjFmS
 MhDubYtkUYlR10oNMh0W+qpsJim99BxW50kWo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=KQfg7DCu72eifsIXbwUE7SsyybaOyhWpBLosdsttlhc=;
 b=YaSeawIjUK6cnKlh/iow2RqxgcyxliLN+4DWcdd72FWyJdsMzhr9H8gkpVN55SuPSl
 Hjkxp8VUfhqOkmZGHuYuUR72eY77DkDf66DrX+6gio+o2G0MGTW3CrTg7Fez4uf1Rwuc
 r6795TRO5UbddNsIetguXaAwyQEUCBizLbJ8E5A7VqZWUncI/V2G1RV5Axg/YoKGvtoN
 YLCfB5EasyC5AN8W+szyiZvYHNEoY2ilPRvQAtTSrZ1JmIglmjvhYE3aDLzHv9dwrh9a
 3lBoakeiEk6WP8RdkaKtbnXHjf9Heba8pO5zqFIiVXWROvmsXr7BdlMRxD+yz+qN4PZj
 TbGg==
X-Gm-Message-State: ANhLgQ2I1aIYX4Osy/WET7LJk43oIzXuxnoe6KJ1nI8KLLEu3UZ/WLDJ
 vsqH4gN6/CsectjtxoCg+TYkjxRrzCgfTA==
X-Google-Smtp-Source: ADFU+vtTyNJi+2inazClMBpzOC+3gYcKLWgQoJfwBDzNZ9eVl1OI9zRxlPeebNGxYiKQIwPXP0R9eg==
X-Received: by 2002:a05:600c:2c4a:: with SMTP id
 r10mr40334wmg.32.1584464688276; 
 Tue, 17 Mar 2020 10:04:48 -0700 (PDT)
Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b])
 by smtp.gmail.com with ESMTPSA id
 l18sm5339388wrr.17.2020.03.17.10.04.45
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 17 Mar 2020 10:04:45 -0700 (PDT)
From: Jakub Sitnicki <jakub@cloudflare.com>
To: netdev@vger.kernel.org
Cc: kernel-team@cloudflare.com, John Fastabend <john.fastabend@gmail.com>
Subject: [PATCH net-next 1/3] net/tls: Constify base proto ops used for
 building tls proto
Date: Tue, 17 Mar 2020 18:04:37 +0100
Message-Id: <20200317170439.873532-2-jakub@cloudflare.com>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20200317170439.873532-1-jakub@cloudflare.com>
References: <20200317170439.873532-1-jakub@cloudflare.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The helper that builds kTLS proto ops doesn't need to and should not modify
the base proto ops. Annotate the parameter as read-only.

Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
---
 net/tls/tls_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 82225bcc1117..ff08b2ff7597 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -63,7 +63,7 @@ static DEFINE_MUTEX(tcpv4_prot_mutex);
 static struct proto tls_prots[TLS_NUM_PROTS][TLS_NUM_CONFIG][TLS_NUM_CONFIG];
 static struct proto_ops tls_sw_proto_ops;
 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
-			 struct proto *base);
+			 const struct proto *base);
 
 void update_sk_prot(struct sock *sk, struct tls_context *ctx)
 {
@@ -652,7 +652,7 @@ static void tls_build_proto(struct sock *sk)
 }
 
 static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
-			 struct proto *base)
+			 const struct proto *base)
 {
 	prot[TLS_BASE][TLS_BASE] = *base;
 	prot[TLS_BASE][TLS_BASE].setsockopt	= tls_setsockopt;

From patchwork Tue Mar 17 17:04:39 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jakub Sitnicki <jakub@cloudflare.com>
X-Patchwork-Id: 222384
Return-Path: <SRS0=NONA=5C=vger.kernel.org=netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-9.9 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, 
 DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS,
 INCLUDES_PATCH, 
 MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS,
 USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 95780C1975A
 for <netdev@archiver.kernel.org>;
 Tue, 17 Mar 2020 17:04:59 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
 by mail.kernel.org (Postfix) with ESMTP id 688AD20714
 for <netdev@archiver.kernel.org>;
 Tue, 17 Mar 2020 17:04:59 +0000 (UTC)
Authentication-Results: mail.kernel.org;
 dkim=pass (1024-bit key) header.d=cloudflare.com
 header.i=@cloudflare.com header.b="rcUmQWSb"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726769AbgCQRE6 (ORCPT <rfc822;netdev@archiver.kernel.org>);
 Tue, 17 Mar 2020 13:04:58 -0400
Received: from mail-wm1-f65.google.com ([209.85.128.65]:37223 "EHLO
 mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1726130AbgCQRE6 (ORCPT
 <rfc822;netdev@vger.kernel.org>); Tue, 17 Mar 2020 13:04:58 -0400
Received: by mail-wm1-f65.google.com with SMTP id a141so80066wme.2
 for <netdev@vger.kernel.org>; Tue, 17 Mar 2020 10:04:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=cloudflare.com; s=google;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=0hUgEWAsZWr/sBCuSkbT1f0TalDz7qAAFKwMxJsuHJc=;
 b=rcUmQWSbXToo9qU01X9jrnaL3+0G7fkFZvohlYN76ayY5Ho1Zqb5X0Gl9uGisn36Rm
 o9IN4bkTTDph0K+OVtrQvkXg7xv/8tJxHxZBrRwKbWkwll3zLsokU9RA6Gc/FXq+K0Z7
 UXcYZPchkUPEIRb0M9hez+2ckhjUIkenkbrKg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=0hUgEWAsZWr/sBCuSkbT1f0TalDz7qAAFKwMxJsuHJc=;
 b=OZUP4V+xTvKXqc4ApDVf4K+xo99VONdxudyAOXLkEKcBf++dUf+LoZhp6zA7hKrtyh
 /4wBY5ClJgtp6GUGiWBozY/Tu7Qx1WwKVSAoOtHL1F11oQaGkTg5KNOWEkXagbL+ubfH
 0JWjwTt6SynN1yUxuT8KJjh0hNsuN8VO2YiYRDnvfD2AehNfxUFfnpoXAy70pPZtLfKx
 L8wyrXzEZzQ2yvtaaPRyKEo9XUEGJasy1nR5zNSy33/WAN9hxzG5xtB3JznJRbEfkiIL
 UXcWMna6k2wJo2+aK7Goh39TXv0h9BygWrl8q5357A3GFaJfH9SPQE+fEFbWhCGY0e6Q
 fUHg==
X-Gm-Message-State: ANhLgQ0qhb5KaOqplHTssdQOCfyN+swbL9oh3BnmuBRAYUOzhOlDbw0j
 mTvRlJPDCkLUqny4NdR+02xpTxOqg4lBwg==
X-Google-Smtp-Source: ADFU+vvalgCRA/H4k7xLyFy/PfWpPewTxGUt5TFhuxeHY1FrXPqCwN4SPiZaluPMzCUwfnfZl8Jblw==
X-Received: by 2002:a1c:1d88:: with SMTP id d130mr13405wmd.138.1584464695696; 
 Tue, 17 Mar 2020 10:04:55 -0700 (PDT)
Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b])
 by smtp.gmail.com with ESMTPSA id
 u17sm4544620wra.63.2020.03.17.10.04.54
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 17 Mar 2020 10:04:54 -0700 (PDT)
From: Jakub Sitnicki <jakub@cloudflare.com>
To: netdev@vger.kernel.org
Cc: kernel-team@cloudflare.com, John Fastabend <john.fastabend@gmail.com>
Subject: [PATCH net-next 3/3] net/tls: Annotate access to sk_prot with
 READ_ONCE/WRITE_ONCE
Date: Tue, 17 Mar 2020 18:04:39 +0100
Message-Id: <20200317170439.873532-4-jakub@cloudflare.com>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20200317170439.873532-1-jakub@cloudflare.com>
References: <20200317170439.873532-1-jakub@cloudflare.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

sockmap performs lockless writes to sk->sk_prot on the following paths:

tcp_bpf_{recvmsg|sendmsg} / sock_map_unref
  sk_psock_put
    sk_psock_drop
      sk_psock_restore_proto
        WRITE_ONCE(sk->sk_prot, proto)

To prevent load/store tearing [1], and to make tooling aware of intentional
shared access [2], we need to annotate other sites that access sk_prot with
READ_ONCE/WRITE_ONCE macros.

Change done with Coccinelle with following semantic patch:

@@
expression E;
identifier I;
struct sock *sk;
identifier sk_prot =~ "^sk_prot$";
@@
(
 E =
-sk->sk_prot
+READ_ONCE(sk->sk_prot)
|
-sk->sk_prot = E
+WRITE_ONCE(sk->sk_prot, E)
|
-sk->sk_prot
+READ_ONCE(sk->sk_prot)
 ->I
)

Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
---
 net/tls/tls_device.c | 2 +-
 net/tls/tls_main.c   | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index 1c5574e2e058..a562ebaaa33c 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -366,7 +366,7 @@ static int tls_do_allocation(struct sock *sk,
 	if (!offload_ctx->open_record) {
 		if (unlikely(!skb_page_frag_refill(prepend_size, pfrag,
 						   sk->sk_allocation))) {
-			sk->sk_prot->enter_memory_pressure(sk);
+			READ_ONCE(sk->sk_prot)->enter_memory_pressure(sk);
 			sk_stream_moderate_sndbuf(sk);
 			return -ENOMEM;
 		}
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index e7de0306a7df..156efce50dbd 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -69,7 +69,8 @@ void update_sk_prot(struct sock *sk, struct tls_context *ctx)
 {
 	int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
 
-	sk->sk_prot = &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf];
+	WRITE_ONCE(sk->sk_prot,
+		   &tls_prots[ip_ver][ctx->tx_conf][ctx->rx_conf]);
 }
 
 int wait_on_pending_writer(struct sock *sk, long *timeo)
@@ -312,7 +313,7 @@ static void tls_sk_proto_close(struct sock *sk, long timeout)
 	write_lock_bh(&sk->sk_callback_lock);
 	if (free_ctx)
 		rcu_assign_pointer(icsk->icsk_ulp_data, NULL);
-	sk->sk_prot = ctx->sk_proto;
+	WRITE_ONCE(sk->sk_prot, ctx->sk_proto);
 	if (sk->sk_write_space == tls_write_space)
 		sk->sk_write_space = ctx->sk_write_space;
 	write_unlock_bh(&sk->sk_callback_lock);
@@ -621,14 +622,14 @@ struct tls_context *tls_ctx_create(struct sock *sk)
 
 	mutex_init(&ctx->tx_lock);
 	rcu_assign_pointer(icsk->icsk_ulp_data, ctx);
-	ctx->sk_proto = sk->sk_prot;
+	ctx->sk_proto = READ_ONCE(sk->sk_prot);
 	return ctx;
 }
 
 static void tls_build_proto(struct sock *sk)
 {
 	int ip_ver = sk->sk_family == AF_INET6 ? TLSV6 : TLSV4;
-	const struct proto *prot = sk->sk_prot;
+	const struct proto *prot = READ_ONCE(sk->sk_prot);
 
 	/* Build IPv6 TLS whenever the address of tcpv6 _prot changes */
 	if (ip_ver == TLSV6 &&