Message ID | 20191127201646.25455-1-jakub.kicinski@netronome.com |
---|---|
Headers | show |
Series | net: tls: fix scatter-gather list issues | expand |
From: Jakub Kicinski <jakub.kicinski@netronome.com> Date: Wed, 27 Nov 2019 12:16:38 -0800 > This series kicked of by a syzbot report fixes three issues around > scatter gather handling in the TLS code. First patch fixes a use- > -after-free situation which may occur if record was freed on error. > This could have already happened in BPF paths, and patch 2 now makes > the same condition occur in non-BPF code. > > Patch 2 fixes the problem spotted by syzbot. If encryption failed > we have to clean the end markings from scatter gather list. As > suggested by John the patch frees the record entirely and caller > may retry copying data from user space buffer again. > > Third patch fixes a bug in the TLS 1.3 code spotted while working > on patch 2. TLS 1.3 may effectively overflow the SG list which > leads to the BUG() in sg_page() being triggered. > > Patch 4 adds a test case which triggers this bug reliably. > > Next two patches are small cleanups of dead code and code which > makes dangerous assumptions. > > Last but not least two minor improvements to the sockmap tests. ... Series applied and queued up for -stable, thanks Jakub.