| Message ID | 20190328215443.9989-1-jakub.kicinski@netronome.com |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] net: tls: prevent false connection termination with offload | expand |
On Thu, 28 Mar 2019 14:54:43 -0700, Jakub Kicinski wrote: > Only decrypt_internal() performs zero copy on rx, all paths > which don't hit decrypt_internal() must set zc to false, > otherwise tls_sw_recvmsg() may return 0 causing the application > to believe that that connection got closed. > > Currently this happens with device offload when new record > is first read from. > > Fixes: d069b780e367 ("tls: Fix tls_device receive") Reported-by: David Beckett <david.beckett@netronome.com> > Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> > Reviewed-by: Simon Horman <simon.horman@netronome.com> > --- > net/tls/tls_sw.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c > index 4f821edeeae6..4741edf4bb1e 100644 > --- a/net/tls/tls_sw.c > +++ b/net/tls/tls_sw.c > @@ -1497,6 +1497,8 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, > > return err; > } > + } else { > + *zc = false; > } > > rxm->full_len -= padding_length(ctx, tls_ctx, skb);
From: Jakub Kicinski <jakub.kicinski@netronome.com> Date: Thu, 28 Mar 2019 14:54:43 -0700 > Only decrypt_internal() performs zero copy on rx, all paths > which don't hit decrypt_internal() must set zc to false, > otherwise tls_sw_recvmsg() may return 0 causing the application > to believe that that connection got closed. > > Currently this happens with device offload when new record > is first read from. > > Fixes: d069b780e367 ("tls: Fix tls_device receive") > Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> > Reviewed-by: Simon Horman <simon.horman@netronome.com> Applied, thanks Jakub.
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 4f821edeeae6..4741edf4bb1e 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1497,6 +1497,8 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, return err; } + } else { + *zc = false; } rxm->full_len -= padding_length(ctx, tls_ctx, skb);
Only decrypt_internal() performs zero copy on rx, all paths which don't hit decrypt_internal() must set zc to false, otherwise tls_sw_recvmsg() may return 0 causing the application to believe that that connection got closed. Currently this happens with device offload when new record is first read from. Fixes: d069b780e367 ("tls: Fix tls_device receive") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> --- net/tls/tls_sw.c | 2 ++ 1 file changed, 2 insertions(+)