diff options
author | Mark Johnston <markj@FreeBSD.org> | 2021-09-17 16:14:29 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2021-09-17 18:19:05 +0000 |
commit | bf25678226f0d9b52c27610c734c97d76a7cae59 (patch) | |
tree | 5d4a9701b848e5a8d2e9b032f38b3d7c9bb41b86 | |
parent | d6e77cda9be1509ea170142cca3ff0d3b9f12e35 (diff) | |
download | src-bf25678226f0d9b52c27610c734c97d76a7cae59.tar.gz src-bf25678226f0d9b52c27610c734c97d76a7cae59.zip |
ktls: Fix error/mode confusion in TCP_*TLS_MODE getsockopt handlers
ktls_get_(rx|tx)_mode() can return an errno value or a TLS mode, so
errors are effectively hidden. Fix this by using a separate output
parameter. Convert to the new socket buffer locking macros while here.
Note that the socket buffer lock is not needed to synchronize the
SOLISTENING check here, we can rely on the PCB lock.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31977
-rw-r--r-- | sys/kern/uipc_ktls.c | 26 | ||||
-rw-r--r-- | sys/netinet/tcp_usrreq.c | 12 | ||||
-rw-r--r-- | sys/sys/ktls.h | 4 |
3 files changed, 22 insertions, 20 deletions
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index 9e9a6b5b60fb..bc21e6fe2493 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -1199,45 +1199,43 @@ ktls_enable_tx(struct socket *so, struct tls_enable *en) } int -ktls_get_rx_mode(struct socket *so) +ktls_get_rx_mode(struct socket *so, int *modep) { struct ktls_session *tls; struct inpcb *inp; - int mode; if (SOLISTENING(so)) return (EINVAL); inp = so->so_pcb; INP_WLOCK_ASSERT(inp); - SOCKBUF_LOCK(&so->so_rcv); + SOCK_RECVBUF_LOCK(so); tls = so->so_rcv.sb_tls_info; if (tls == NULL) - mode = TCP_TLS_MODE_NONE; + *modep = TCP_TLS_MODE_NONE; else - mode = tls->mode; - SOCKBUF_UNLOCK(&so->so_rcv); - return (mode); + *modep = tls->mode; + SOCK_RECVBUF_UNLOCK(so); + return (0); } int -ktls_get_tx_mode(struct socket *so) +ktls_get_tx_mode(struct socket *so, int *modep) { struct ktls_session *tls; struct inpcb *inp; - int mode; if (SOLISTENING(so)) return (EINVAL); inp = so->so_pcb; INP_WLOCK_ASSERT(inp); - SOCKBUF_LOCK(&so->so_snd); + SOCK_SENDBUF_LOCK(so); tls = so->so_snd.sb_tls_info; if (tls == NULL) - mode = TCP_TLS_MODE_NONE; + *modep = TCP_TLS_MODE_NONE; else - mode = tls->mode; - SOCKBUF_UNLOCK(&so->so_snd); - return (mode); + *modep = tls->mode; + SOCK_SENDBUF_UNLOCK(so); + return (0); } /* diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 3a1608cc106a..e9f7fa541461 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -2563,14 +2563,18 @@ unhold: #endif #ifdef KERN_TLS case TCP_TXTLS_MODE: - optval = ktls_get_tx_mode(so); + error = ktls_get_tx_mode(so, &optval); INP_WUNLOCK(inp); - error = sooptcopyout(sopt, &optval, sizeof(optval)); + if (error == 0) + error = sooptcopyout(sopt, &optval, + sizeof(optval)); break; case TCP_RXTLS_MODE: - optval = ktls_get_rx_mode(so); + error = ktls_get_rx_mode(so, &optval); INP_WUNLOCK(inp); - error = sooptcopyout(sopt, &optval, sizeof(optval)); + if (error == 0) + error = sooptcopyout(sopt, &optval, + sizeof(optval)); break; #endif case TCP_LRD: diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h index 9729fd6fe8c4..71d55ee1b3d8 100644 --- a/sys/sys/ktls.h +++ b/sys/sys/ktls.h @@ -212,9 +212,9 @@ void ktls_frame(struct mbuf *m, struct ktls_session *tls, int *enqueue_cnt, void ktls_seq(struct sockbuf *sb, struct mbuf *m); void ktls_enqueue(struct mbuf *m, struct socket *so, int page_count); void ktls_enqueue_to_free(struct mbuf *m); -int ktls_get_rx_mode(struct socket *so); +int ktls_get_rx_mode(struct socket *so, int *modep); int ktls_set_tx_mode(struct socket *so, int mode); -int ktls_get_tx_mode(struct socket *so); +int ktls_get_tx_mode(struct socket *so, int *modep); int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls); #ifdef RATELIMIT int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate); |