| Message ID | 20191127201646.25455-3-jakub.kicinski@netronome.com |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | net: tls: fix scatter-gather list issues | expand |
Jakub Kicinski wrote: > When tls_do_encryption() fails the SG lists are left with the > SG_END and SG_CHAIN marks in place. One could hope that once > encryption fails we will never see the record again, but that > is in fact not true. Commit d3b18ad31f93 ("tls: add bpf support > to sk_msg handling") added special handling to ENOMEM and ENOSPC > errors which mean we may see the same record re-submitted. > > As suggested by John free the record, the BPF code is already > doing just that. > > Reported-by: syzbot+df0d4ec12332661dd1f9@syzkaller.appspotmail.com > Fixes: d3b18ad31f93 ("tls: add bpf support to sk_msg handling") > Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> > Reviewed-by: Simon Horman <simon.horman@netronome.com> > --- > net/tls/tls_sw.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) Acked-by: John Fastabend <john.fastabend@gmail.com>
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 70e3c0c1af50..dbba51b69d21 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -771,8 +771,14 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk, policy = !(flags & MSG_SENDPAGE_NOPOLICY); psock = sk_psock_get(sk); - if (!psock || !policy) - return tls_push_record(sk, flags, record_type); + if (!psock || !policy) { + err = tls_push_record(sk, flags, record_type); + if (err) { + *copied -= sk_msg_free(sk, msg); + tls_free_open_rec(sk); + } + return err; + } more_data: enospc = sk_msg_full(msg); if (psock->eval == __SK_NONE) {
When tls_do_encryption() fails the SG lists are left with the SG_END and SG_CHAIN marks in place. One could hope that once encryption fails we will never see the record again, but that is in fact not true. Commit d3b18ad31f93 ("tls: add bpf support to sk_msg handling") added special handling to ENOMEM and ENOSPC errors which mean we may see the same record re-submitted. As suggested by John free the record, the BPF code is already doing just that. Reported-by: syzbot+df0d4ec12332661dd1f9@syzkaller.appspotmail.com Fixes: d3b18ad31f93 ("tls: add bpf support to sk_msg handling") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> --- net/tls/tls_sw.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)