Skip to content

L
linux
Commit a7bff11f authored by Vadim Fedorenko's avatar Vadim Fedorenko Committed by David S. Miller
Browse files
Options

net/tls: fix encryption error checking 

bpf_exec_tx_verdict() can return negative value for copied
variable. In that case this value will be pushed back to caller
and the real error code will be lost. Fix it using signed type and
checking for positive value.

Fixes: d10523d0 ("net/tls: free the record on encryption error")
Fixes: d3b18ad3 ("tls: add bpf support to sk_msg handling")
Signed-off-by: default avatarVadim Fedorenko <vfedorenko@novek.ru>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 04ba6b7d
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 5 deletions
net/tls/tls_sw.c
View file @ a7bff11f
...@@ -780,7 +780,7 @@ static int tls_push_record(struct sock *sk, int flags, ...@@ -780,7 +780,7 @@ static int tls_push_record(struct sock *sk, int flags,
static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk, static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk,
bool full_record, u8 record_type, bool full_record, u8 record_type,
size_t *copied, int flags) ssize_t *copied, int flags)
{ {
struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_context *tls_ctx = tls_get_ctx(sk);
struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
...@@ -916,7 +916,8 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) ...@@ -916,7 +916,8 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
unsigned char record_type = TLS_RECORD_TYPE_DATA; unsigned char record_type = TLS_RECORD_TYPE_DATA;
bool is_kvec = iov_iter_is_kvec(&msg->msg_iter); bool is_kvec = iov_iter_is_kvec(&msg->msg_iter);
bool eor = !(msg->msg_flags & MSG_MORE); bool eor = !(msg->msg_flags & MSG_MORE);
size_t try_to_copy, copied = 0; size_t try_to_copy;
ssize_t copied = 0;
struct sk_msg *msg_pl, *msg_en; struct sk_msg *msg_pl, *msg_en;
struct tls_rec *rec; struct tls_rec *rec;
int required_size; int required_size;
...@@ -1118,7 +1119,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) ...@@ -1118,7 +1119,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
release_sock(sk); release_sock(sk);
mutex_unlock(&tls_ctx->tx_lock); mutex_unlock(&tls_ctx->tx_lock);
return copied ? copied : ret; return copied > 0 ? copied : ret;
} }
static int tls_sw_do_sendpage(struct sock *sk, struct page *page, static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
...@@ -1132,7 +1133,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page, ...@@ -1132,7 +1133,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
struct sk_msg *msg_pl; struct sk_msg *msg_pl;
struct tls_rec *rec; struct tls_rec *rec;
int num_async = 0; int num_async = 0;
size_t copied = 0; ssize_t copied = 0;
bool full_record; bool full_record;
int record_room; int record_room;
int ret = 0; int ret = 0;
...@@ -1234,7 +1235,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page, ...@@ -1234,7 +1235,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
} }
sendpage_end: sendpage_end:
ret = sk_stream_error(sk, flags, ret); ret = sk_stream_error(sk, flags, ret);
return copied ? copied : ret; return copied > 0 ? copied : ret;
} }
int tls_sw_sendpage_locked(struct sock *sk, struct page *page, int tls_sw_sendpage_locked(struct sock *sk, struct page *page,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7