Race condition in KTLS_RECV_READY

Question

Race condition in KTLS_RECV_READY

Closed this issue 8 years ago · 2 comments

The KTLS_RECV_READY macro is used to check whether or not the aead has been set up for decryption, however, it merely checks that the keys are set, when tls_init_aead is called after keys are set, so an interrupt that checks KTLS_RECV_READY(such as tls_data_ready) that occurs between settings keys and initializing aead would cause a crash.

3 options:

Acquire the socket lock during decryption so that settings keys and initializing aead occurs atomically, which means that decryption cannot happen in a irqroutine like tls_data_ready.
Use an atomic flag that is set after key setup.
Set keys before changing the sk_data_ready callback

Answer 1 · 2016-07-31T08:35:23.000Z

Nice catch! IMHO I like 3) the most.

Answer 2 · 2016-08-10T22:41:25.000Z

Closed. Fixed in #73 , which makes sure that lock_sock is always called prior to checking KTLS_RECV_READY