From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Shai Amiram <samiram@nvidia.com>,
Jakub Kicinski <kuba@kernel.org>,
Simon Horman <simon.horman@corigine.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.3 14/45] tls: rx: strp: force mixed decrypted records into copy mode
Date: Thu, 1 Jun 2023 14:21:10 +0100 [thread overview]
Message-ID: <20230601131939.362102447@linuxfoundation.org> (raw)
In-Reply-To: <20230601131938.702671708@linuxfoundation.org>
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 14c4be92ebb3e36e392aa9dd8f314038a9f96f3c ]
If a record is partially decrypted we'll have to CoW it, anyway,
so go into copy mode and allocate a writable skb right away.
This will make subsequent fix simpler because we won't have to
teach tls_strp_msg_make_copy() how to copy skbs while preserving
decrypt status.
Tested-by: Shai Amiram <samiram@nvidia.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: eca9bfafee3a ("tls: rx: strp: preserve decryption status of skbs when needed")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/skbuff.h | 10 ++++++++++
net/tls/tls_strp.c | 16 +++++++++++-----
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index dbcaac8b69665..4a882f9ba1f1f 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -1577,6 +1577,16 @@ static inline void skb_copy_hash(struct sk_buff *to, const struct sk_buff *from)
to->l4_hash = from->l4_hash;
};
+static inline int skb_cmp_decrypted(const struct sk_buff *skb1,
+ const struct sk_buff *skb2)
+{
+#ifdef CONFIG_TLS_DEVICE
+ return skb2->decrypted - skb1->decrypted;
+#else
+ return 0;
+#endif
+}
+
static inline void skb_copy_decrypted(struct sk_buff *to,
const struct sk_buff *from)
{
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index 9889df5ce0660..e2e48217e7ac9 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -326,15 +326,19 @@ static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort)
return 0;
}
-static bool tls_strp_check_no_dup(struct tls_strparser *strp)
+static bool tls_strp_check_queue_ok(struct tls_strparser *strp)
{
unsigned int len = strp->stm.offset + strp->stm.full_len;
- struct sk_buff *skb;
+ struct sk_buff *first, *skb;
u32 seq;
- skb = skb_shinfo(strp->anchor)->frag_list;
- seq = TCP_SKB_CB(skb)->seq;
+ first = skb_shinfo(strp->anchor)->frag_list;
+ skb = first;
+ seq = TCP_SKB_CB(first)->seq;
+ /* Make sure there's no duplicate data in the queue,
+ * and the decrypted status matches.
+ */
while (skb->len < len) {
seq += skb->len;
len -= skb->len;
@@ -342,6 +346,8 @@ static bool tls_strp_check_no_dup(struct tls_strparser *strp)
if (TCP_SKB_CB(skb)->seq != seq)
return false;
+ if (skb_cmp_decrypted(first, skb))
+ return false;
}
return true;
@@ -422,7 +428,7 @@ static int tls_strp_read_sock(struct tls_strparser *strp)
return tls_strp_read_copy(strp, true);
}
- if (!tls_strp_check_no_dup(strp))
+ if (!tls_strp_check_queue_ok(strp))
return tls_strp_read_copy(strp, false);
strp->msg_ready = 1;
--
2.39.2
next prev parent reply other threads:[~2023-06-01 13:25 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-01 13:20 [PATCH 6.3 00/45] 6.3.6-rc1 review Greg Kroah-Hartman
2023-06-01 13:20 ` [PATCH 6.3 01/45] firmware: arm_scmi: Fix incorrect alloc_workqueue() invocation Greg Kroah-Hartman
2023-06-01 13:20 ` [PATCH 6.3 02/45] firmware: arm_ffa: Fix usage of partition info get count flag Greg Kroah-Hartman
2023-06-01 13:20 ` [PATCH 6.3 03/45] spi: spi-geni-qcom: Select FIFO mode for chip select Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 04/45] coresight: perf: Release Coresight path when alloc trace id failed Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 05/45] ARM: dts: imx6ull-dhcor: Set and limit the mode for PMIC buck 1, 2 and 3 Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 06/45] selftests/bpf: Fix pkg-config call building sign-file Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 07/45] power: supply: rt9467: Fix passing zero to dev_err_probe Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 08/45] platform/x86/amd/pmf: Fix CnQF and auto-mode after resume Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 09/45] bpf: netdev: init the offload table earlier Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 10/45] gpiolib: fix allocation of mixed dynamic/static GPIOs Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 11/45] tls: rx: device: fix checking decryption status Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 12/45] tls: rx: strp: set the skb->len of detached / CoWed skbs Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 13/45] tls: rx: strp: fix determining record length in copy mode Greg Kroah-Hartman
2023-06-01 13:21 ` Greg Kroah-Hartman [this message]
2023-06-01 13:21 ` [PATCH 6.3 15/45] tls: rx: strp: factor out copying skb data Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 16/45] tls: rx: strp: preserve decryption status of skbs when needed Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 17/45] tls: rx: strp: dont use GFP_KERNEL in softirq context Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 18/45] net: fec: add dma_wmb to ensure correct descriptor values Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 19/45] cxl/port: Fix NULL pointer access in devm_cxl_add_port() Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 20/45] ASoC: Intel: avs: Fix module lookup Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 21/45] drm/i915: Move shared DPLL disabling into CRTC disable hook Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 22/45] drm/i915: Disable DPLLs before disconnecting the TC PHY Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 23/45] drm/i915: Fix PIPEDMC disabling for a bigjoiner configuration Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 24/45] net/mlx5e: TC, Fix using eswitch mapping in nic mode Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 25/45] Revert "net/mlx5: Expose steering dropped packets counter" Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 26/45] Revert "net/mlx5: Expose vnic diagnostic counters for eswitch managed vports" Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 27/45] net/mlx5: E-switch, Devcom, sync devcom events and devcom comp register Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 28/45] gpio-f7188x: fix chip name and pin count on Nuvoton chip Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 29/45] bpf, sockmap: Pass skb ownership through read_skb Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 30/45] bpf, sockmap: Convert schedule_work into delayed_work Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 31/45] bpf, sockmap: Reschedule is now done through backlog Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 32/45] bpf, sockmap: Improved check for empty queue Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 33/45] bpf, sockmap: Handle fin correctly Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 34/45] bpf, sockmap: TCP data stall on recv before accept Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 35/45] bpf, sockmap: Wake up polling after data copy Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 36/45] bpf, sockmap: Incorrectly handling copied_seq Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 37/45] blk-wbt: fix that wbt cant be disabled by default Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 38/45] blk-mq: fix race condition in active queue accounting Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 39/45] vfio/type1: check pfn valid before converting to struct page Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 40/45] cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 41/45] net: phy: mscc: enable VSC8501/2 RGMII RX clock Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 42/45] bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 43/45] cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 44/45] cpufreq: amd-pstate: Add ->fast_switch() callback Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.3 45/45] netfilter: ctnetlink: Support offloaded conntrack entry deletion Greg Kroah-Hartman
2023-06-01 20:27 ` [PATCH 6.3 00/45] 6.3.6-rc1 review Shuah Khan
2023-06-01 20:27 ` Florian Fainelli
2023-06-02 6:15 ` Ron Economos
2023-06-02 7:01 ` Conor Dooley
2023-06-02 8:45 ` Jon Hunter
2023-06-02 9:02 ` Bagas Sanjaya
2023-06-02 9:44 ` Naresh Kamboju
2023-06-02 16:56 ` Justin Forbes
2023-06-02 22:36 ` Guenter Roeck
2023-06-05 9:19 ` Chris Paterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230601131939.362102447@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=patches@lists.linux.dev \
--cc=samiram@nvidia.com \
--cc=sashal@kernel.org \
--cc=simon.horman@corigine.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).