Re: [PATCH net] net: tls: fix strparser anchor skb leak on offload RX setup failure

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vadim Fedorenko <vadim.fedorenko@linux.dev>
To: Jakub Kicinski <kuba@kernel.org>, davem@davemloft.net
Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com,
	andrew+netdev@lunn.ch, horms@kernel.org,
	john.fastabend@gmail.com, sd@queasysnail.net
Subject: Re: [PATCH net] net: tls: fix strparser anchor skb leak on offload RX setup failure
Date: Wed, 29 Apr 2026 12:57:02 +0100	[thread overview]
Message-ID: <c0427810-3727-4cf0-b4c2-c8aeba3078df@linux.dev> (raw)
In-Reply-To: <20260428231559.1358502-1-kuba@kernel.org>

On 29/04/2026 00:15, Jakub Kicinski wrote:
> When tls_set_device_offload_rx() fails at tls_dev_add(), the error path
> calls tls_sw_free_resources_rx() to clean up the SW context that was
> initialized by tls_set_sw_offload(). This function calls
> tls_sw_release_resources_rx() (which stops the strparser via
> tls_strp_stop()) and tls_sw_free_ctx_rx() (which kfrees the context),
> but never frees the anchor skb that was allocated by alloc_skb(0) in
> tls_strp_init().
> 
> Note that tls_sw_free_resources_rx() is exclusively used for this
> "failed to start offload" code path, there's no other caller.
> 
> The leak did not exist before commit 84c61fe1a75b ("tls: rx: do not use
> the standard strparser"), because the standard strparser doesn't try
> to pre-allocate an skb.
> 
> The normal close path in tls_sk_proto_close() handles cleanup by calling
> tls_sw_strparser_done() (which calls tls_strp_done()) after dropping
> the socket lock, because tls_strp_done() does cancel_work_sync() and
> the strparser work handler takes the socket lock.
> 
> Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser")
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> ---
> CC: john.fastabend@gmail.com
> CC: sd@queasysnail.net
> ---
>   net/tls/tls.h      | 1 +
>   net/tls/tls_strp.c | 6 ++++++
>   net/tls/tls_sw.c   | 4 ++++
>   3 files changed, 11 insertions(+)
> 
> diff --git a/net/tls/tls.h b/net/tls/tls.h
> index e8f81a006520..12f44cb649c9 100644
> --- a/net/tls/tls.h
> +++ b/net/tls/tls.h
> @@ -188,6 +188,7 @@ int tls_strp_dev_init(void);
>   void tls_strp_dev_exit(void);
>   
>   void tls_strp_done(struct tls_strparser *strp);
> +void __tls_strp_done(struct tls_strparser *strp);
>   void tls_strp_stop(struct tls_strparser *strp);
>   int tls_strp_init(struct tls_strparser *strp, struct sock *sk);
>   void tls_strp_data_ready(struct tls_strparser *strp);
> diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
> index 98e12f0ff57e..c72e88317627 100644
> --- a/net/tls/tls_strp.c
> +++ b/net/tls/tls_strp.c
> @@ -624,6 +624,12 @@ void tls_strp_done(struct tls_strparser *strp)
>   	WARN_ON(!strp->stopped);
>   
>   	cancel_work_sync(&strp->work);
> +	__tls_strp_done(strp);
> +}
> +
> +/* For setup error paths where the strparser was initialized but never armed. */
> +void __tls_strp_done(struct tls_strparser *strp)
> +{
>   	tls_strp_anchor_free(strp);
>   }
>   
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
> index 94d2ae0daa8c..798243eabb1f 100644
> --- a/net/tls/tls_sw.c
> +++ b/net/tls/tls_sw.c
> @@ -2624,8 +2624,12 @@ void tls_sw_free_ctx_rx(struct tls_context *tls_ctx)
>   void tls_sw_free_resources_rx(struct sock *sk)
>   {
>   	struct tls_context *tls_ctx = tls_get_ctx(sk);
> +	struct tls_sw_context_rx *ctx;
> +
> +	ctx = tls_sw_ctx_rx(tls_ctx);
>   
>   	tls_sw_release_resources_rx(sk);
> +	__tls_strp_done(&ctx->strp);
>   	tls_sw_free_ctx_rx(tls_ctx);
>   }
>   

Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>

next prev parent reply	other threads:[~2026-04-29 11:57 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-28 23:15 [PATCH net] net: tls: fix strparser anchor skb leak on offload RX setup failure Jakub Kicinski
2026-04-29 11:57 ` Vadim Fedorenko [this message]
2026-04-30 11:50 ` patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c0427810-3727-4cf0-b4c2-c8aeba3078df@linux.dev \
    --to=vadim.fedorenko@linux.dev \
    --cc=andrew+netdev@lunn.ch \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=horms@kernel.org \
    --cc=john.fastabend@gmail.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=sd@queasysnail.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.