linux/net/tls
John Fastabend dc9dfc8dc6 net: tls, fix WARNIING in __sk_msg_free
A splice with MSG_SPLICE_PAGES will cause tls code to use the
tls_sw_sendmsg_splice path in the TLS sendmsg code to move the user
provided pages from the msg into the msg_pl. This will loop over the
msg until msg_pl is full, checked by sk_msg_full(msg_pl). The user
can also set the MORE flag to hint stack to delay sending until receiving
more pages and ideally a full buffer.

If the user adds more pages to the msg than can fit in the msg_pl
scatterlist (MAX_MSG_FRAGS) we should ignore the MORE flag and send
the buffer anyways.

What actually happens though is we abort the msg to msg_pl scatterlist
setup and then because we forget to set 'full record' indicating we
can no longer consume data without a send we fallthrough to the 'continue'
path which will check if msg_data_left(msg) has more bytes to send and
then attempts to fit them in the already full msg_pl. Then next
iteration of sender doing send will encounter a full msg_pl and throw
the warning in the syzbot report.

To fix simply check if we have a full_record in splice code path and
if not send the msg regardless of MORE flag.

Reported-and-tested-by: syzbot+f2977222e0e95cec15c8@syzkaller.appspotmail.com
Reported-by: Edward Adam Davis <eadavis@qq.com>
Fixes: fe1e81d4f7 ("tls/sw: Support MSG_SPLICE_PAGES")
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2024-01-14 12:17:14 +00:00
..
Kconfig net/tls: Select SOCK_RX_QUEUE_MAPPING from TLS_DEVICE 2021-02-11 19:08:06 -08:00
Makefile tls: rx: async: hold onto the input skb 2022-07-18 11:24:11 +01:00
tls_device_fallback.c tls: rename MAX_IV_SIZE to TLS_MAX_IV_SIZE 2023-10-13 11:26:09 +01:00
tls_device.c tls: don't reset prot->aad_size and prot->tail_size for TLS_HW 2023-10-23 10:15:09 -07:00
tls_main.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-10-19 13:29:01 -07:00
tls_proc.c tls: rx: add counter for NoPad violations 2022-07-11 19:48:33 -07:00
tls_strp.c net/tls: Use tcp_read_sock() instead of ops->read_sock() 2023-07-27 19:49:35 -07:00
tls_sw.c net: tls, fix WARNIING in __sk_msg_free 2024-01-14 12:17:14 +00:00
tls_toe.c tls: create an internal header 2022-07-08 18:38:45 -07:00
tls.h tls: don't reset prot->aad_size and prot->tail_size for TLS_HW 2023-10-23 10:15:09 -07:00
trace.c net/tls: add tracing for device/offload events 2019-10-05 16:29:00 -07:00
trace.h net/tls: add device decrypted trace point 2019-10-05 16:29:00 -07:00