Commit a5534617 authored by David S. Miller's avatar David S. Miller

Merge branch 'net-tls-fix-encryption-error-path'

Vadim Fedorenko says:

====================
net/tls: fix encryption error path

The problem with data stream corruption was found in KTLS
transmit path with small socket send buffers and large
amount of data. bpf_exec_tx_verdict() frees open record
on any type of error including EAGAIN, ENOMEM and ENOSPC
while callers are able to recover this transient errors.
Also wrong error code was returned to user space in that
case. This patchset fixes the problems.
====================
Acked-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 04ba6b7d 635d9398
...@@ -780,7 +780,7 @@ static int tls_push_record(struct sock *sk, int flags, ...@@ -780,7 +780,7 @@ static int tls_push_record(struct sock *sk, int flags,
static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk, static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk,
bool full_record, u8 record_type, bool full_record, u8 record_type,
size_t *copied, int flags) ssize_t *copied, int flags)
{ {
struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_context *tls_ctx = tls_get_ctx(sk);
struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
...@@ -796,9 +796,10 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk, ...@@ -796,9 +796,10 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk,
psock = sk_psock_get(sk); psock = sk_psock_get(sk);
if (!psock || !policy) { if (!psock || !policy) {
err = tls_push_record(sk, flags, record_type); err = tls_push_record(sk, flags, record_type);
if (err && err != -EINPROGRESS) { if (err && sk->sk_err == EBADMSG) {
*copied -= sk_msg_free(sk, msg); *copied -= sk_msg_free(sk, msg);
tls_free_open_rec(sk); tls_free_open_rec(sk);
err = -sk->sk_err;
} }
if (psock) if (psock)
sk_psock_put(sk, psock); sk_psock_put(sk, psock);
...@@ -824,9 +825,10 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk, ...@@ -824,9 +825,10 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk,
switch (psock->eval) { switch (psock->eval) {
case __SK_PASS: case __SK_PASS:
err = tls_push_record(sk, flags, record_type); err = tls_push_record(sk, flags, record_type);
if (err && err != -EINPROGRESS) { if (err && sk->sk_err == EBADMSG) {
*copied -= sk_msg_free(sk, msg); *copied -= sk_msg_free(sk, msg);
tls_free_open_rec(sk); tls_free_open_rec(sk);
err = -sk->sk_err;
goto out_err; goto out_err;
} }
break; break;
...@@ -916,7 +918,8 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) ...@@ -916,7 +918,8 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
unsigned char record_type = TLS_RECORD_TYPE_DATA; unsigned char record_type = TLS_RECORD_TYPE_DATA;
bool is_kvec = iov_iter_is_kvec(&msg->msg_iter); bool is_kvec = iov_iter_is_kvec(&msg->msg_iter);
bool eor = !(msg->msg_flags & MSG_MORE); bool eor = !(msg->msg_flags & MSG_MORE);
size_t try_to_copy, copied = 0; size_t try_to_copy;
ssize_t copied = 0;
struct sk_msg *msg_pl, *msg_en; struct sk_msg *msg_pl, *msg_en;
struct tls_rec *rec; struct tls_rec *rec;
int required_size; int required_size;
...@@ -1118,7 +1121,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) ...@@ -1118,7 +1121,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
release_sock(sk); release_sock(sk);
mutex_unlock(&tls_ctx->tx_lock); mutex_unlock(&tls_ctx->tx_lock);
return copied ? copied : ret; return copied > 0 ? copied : ret;
} }
static int tls_sw_do_sendpage(struct sock *sk, struct page *page, static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
...@@ -1132,7 +1135,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page, ...@@ -1132,7 +1135,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
struct sk_msg *msg_pl; struct sk_msg *msg_pl;
struct tls_rec *rec; struct tls_rec *rec;
int num_async = 0; int num_async = 0;
size_t copied = 0; ssize_t copied = 0;
bool full_record; bool full_record;
int record_room; int record_room;
int ret = 0; int ret = 0;
...@@ -1234,7 +1237,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page, ...@@ -1234,7 +1237,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
} }
sendpage_end: sendpage_end:
ret = sk_stream_error(sk, flags, ret); ret = sk_stream_error(sk, flags, ret);
return copied ? copied : ret; return copied > 0 ? copied : ret;
} }
int tls_sw_sendpage_locked(struct sock *sk, struct page *page, int tls_sw_sendpage_locked(struct sock *sk, struct page *page,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment