Commit b4f47f38 authored by Jakub Kicinski's avatar Jakub Kicinski Committed by David S. Miller

net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded()

Unlike '&&' operator, the '&' does not have short-circuit
evaluation semantics.  IOW both sides of the operator always
get evaluated.  Fix the wrong operator in
tls_is_sk_tx_device_offloaded(), which would lead to
out-of-bounds access for for non-full sockets.

Fixes: 4799ac81 ("tls: Add rx inline crypto offload")
Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
Reviewed-by: default avatarSimon Horman <simon.horman@netronome.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8065a779
...@@ -381,7 +381,7 @@ tls_validate_xmit_skb(struct sock *sk, struct net_device *dev, ...@@ -381,7 +381,7 @@ tls_validate_xmit_skb(struct sock *sk, struct net_device *dev,
static inline bool tls_is_sk_tx_device_offloaded(struct sock *sk) static inline bool tls_is_sk_tx_device_offloaded(struct sock *sk)
{ {
#ifdef CONFIG_SOCK_VALIDATE_XMIT #ifdef CONFIG_SOCK_VALIDATE_XMIT
return sk_fullsock(sk) & return sk_fullsock(sk) &&
(smp_load_acquire(&sk->sk_validate_xmit_skb) == (smp_load_acquire(&sk->sk_validate_xmit_skb) ==
&tls_validate_xmit_skb); &tls_validate_xmit_skb);
#else #else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment