git.proxmox.com Git - mirror_ubuntu-kernels.git/commit

author	Jakub Kicinski <kuba@kernel.org>
	Wed, 17 May 2023 01:50:41 +0000 (18:50 -0700)
committer	Stefan Bader <stefan.bader@canonical.com>
	Wed, 9 Aug 2023 09:38:16 +0000 (11:38 +0200)
commit	a719bb8a7444dcecf528c872ed4f2e352f2b0f31
tree	81b62decda07afc4a8c49f2c38bf57a2f48b12e6	tree
parent	9ebe24366abbfc6e0d6f70e3737287cf56358c2d	commit \| diff

tls: rx: strp: preserve decryption status of skbs when needed

BugLink: https://bugs.launchpad.net/bugs/2028979
[ Upstream commit eca9bfafee3a0487e59c59201ae14c7594ba940a ]

When receive buffer is small we try to copy out the data from
TCP into a skb maintained by TLS to prevent connection from
stalling. Unfortunately if a single record is made up of a mix
of decrypted and non-decrypted skbs combining them into a single
skb leads to loss of decryption status, resulting in decryption
errors or data corruption.

Similarly when trying to use TCP receive queue directly we need
to make sure that all the skbs within the record have the same
status. If we don't the mixed status will be detected correctly
but we'll CoW the anchor, again collapsing it into a single paged
skb without decrypted status preserved. So the "fixup" code will
not know which parts of skb to re-encrypt.

Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser")
Tested-by: Shai Amiram <samiram@nvidia.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

include/net/tls.h		diff \| blob \| blame \| history
net/tls/tls.h		diff \| blob \| blame \| history
net/tls/tls_device.c		diff \| blob \| blame \| history
net/tls/tls_strp.c		diff \| blob \| blame \| history