mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/tls
History
Jakub Kicinski 3fde6360e6 net: tls: avoid discarding data on record close 
commit 6b47808f22 upstream.

TLS records end with a 16B tag. For TLS device offload we only
need to make space for this tag in the stream, the device will
generate and replace it with the actual calculated tag.

Long time ago the code would just re-reference the head frag
which mostly worked but was suboptimal because it prevented TCP
from combining the record into a single skb frag. I'm not sure
if it was correct as the first frag may be shorter than the tag.

The commit under fixes tried to replace that with using the page
frag and if the allocation failed rolling back the data, if record
was long enough. It achieves better fragment coalescing but is
also buggy.

We don't roll back the iterator, so unless we're at the end of
send we'll skip the data we designated as tag and start the
next record as if the rollback never happened.
There's also the possibility that the record was constructed
with MSG_MORE and the data came from a different syscall and
we already told the user space that we "got it".

Allocate a single dummy page and use it as fallback.

Found by code inspection, and proven by forcing allocation
failures.

Fixes: e7b159a48b ("net/tls: remove the record tail optimization")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-08-16 18:32:27 +02:00
..
Kconfig
Makefile
tls.h
tls_device.c net: tls: avoid discarding data on record close 2023-08-16 18:32:27 +02:00
tls_device_fallback.c
tls_main.c
tls_proc.c
tls_strp.c tls: improve lockless access safety of tls_err_abort() 2023-05-26 10:35:58 +01:00
tls_sw.c tls: improve lockless access safety of tls_err_abort() 2023-05-26 10:35:58 +01:00
tls_toe.c
trace.c
trace.h