From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Shai Amiram <samiram@nvidia.com>,
Jakub Kicinski <kuba@kernel.org>,
Simon Horman <simon.horman@corigine.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 09/42] tls: rx: strp: force mixed decrypted records into copy mode
Date: Thu, 1 Jun 2023 14:21:18 +0100 [thread overview]
Message-ID: <20230601131939.474518851@linuxfoundation.org> (raw)
In-Reply-To: <20230601131939.051934720@linuxfoundation.org>
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 14c4be92ebb3e36e392aa9dd8f314038a9f96f3c ]
If a record is partially decrypted we'll have to CoW it, anyway,
so go into copy mode and allocate a writable skb right away.
This will make subsequent fix simpler because we won't have to
teach tls_strp_msg_make_copy() how to copy skbs while preserving
decrypt status.
Tested-by: Shai Amiram <samiram@nvidia.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: eca9bfafee3a ("tls: rx: strp: preserve decryption status of skbs when needed")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/skbuff.h | 10 ++++++++++
net/tls/tls_strp.c | 16 +++++++++++-----
2 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 20ca1613f2e3e..cc5ed2cf25f65 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -1567,6 +1567,16 @@ static inline void skb_copy_hash(struct sk_buff *to, const struct sk_buff *from)
to->l4_hash = from->l4_hash;
};
+static inline int skb_cmp_decrypted(const struct sk_buff *skb1,
+ const struct sk_buff *skb2)
+{
+#ifdef CONFIG_TLS_DEVICE
+ return skb2->decrypted - skb1->decrypted;
+#else
+ return 0;
+#endif
+}
+
static inline void skb_copy_decrypted(struct sk_buff *to,
const struct sk_buff *from)
{
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index 9889df5ce0660..e2e48217e7ac9 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -326,15 +326,19 @@ static int tls_strp_read_copy(struct tls_strparser *strp, bool qshort)
return 0;
}
-static bool tls_strp_check_no_dup(struct tls_strparser *strp)
+static bool tls_strp_check_queue_ok(struct tls_strparser *strp)
{
unsigned int len = strp->stm.offset + strp->stm.full_len;
- struct sk_buff *skb;
+ struct sk_buff *first, *skb;
u32 seq;
- skb = skb_shinfo(strp->anchor)->frag_list;
- seq = TCP_SKB_CB(skb)->seq;
+ first = skb_shinfo(strp->anchor)->frag_list;
+ skb = first;
+ seq = TCP_SKB_CB(first)->seq;
+ /* Make sure there's no duplicate data in the queue,
+ * and the decrypted status matches.
+ */
while (skb->len < len) {
seq += skb->len;
len -= skb->len;
@@ -342,6 +346,8 @@ static bool tls_strp_check_no_dup(struct tls_strparser *strp)
if (TCP_SKB_CB(skb)->seq != seq)
return false;
+ if (skb_cmp_decrypted(first, skb))
+ return false;
}
return true;
@@ -422,7 +428,7 @@ static int tls_strp_read_sock(struct tls_strparser *strp)
return tls_strp_read_copy(strp, true);
}
- if (!tls_strp_check_no_dup(strp))
+ if (!tls_strp_check_queue_ok(strp))
return tls_strp_read_copy(strp, false);
strp->msg_ready = 1;
--
2.39.2
next prev parent reply other threads:[~2023-06-01 13:27 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-01 13:21 [PATCH 6.1 00/42] 6.1.32-rc1 review Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 01/42] inet: Add IP_LOCAL_PORT_RANGE socket option Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 02/42] ipv{4,6}/raw: fix output xfrm lookup wrt protocol Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 03/42] firmware: arm_ffa: Fix usage of partition info get count flag Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 04/42] selftests/bpf: Fix pkg-config call building sign-file Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 05/42] platform/x86/amd/pmf: Fix CnQF and auto-mode after resume Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 06/42] tls: rx: device: fix checking decryption status Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 07/42] tls: rx: strp: set the skb->len of detached / CoWed skbs Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 08/42] tls: rx: strp: fix determining record length in copy mode Greg Kroah-Hartman
2023-06-01 13:21 ` Greg Kroah-Hartman [this message]
2023-06-01 13:21 ` [PATCH 6.1 10/42] tls: rx: strp: factor out copying skb data Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 11/42] tls: rx: strp: preserve decryption status of skbs when needed Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 12/42] net/mlx5: E-switch, Devcom, sync devcom events and devcom comp register Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 13/42] gpio-f7188x: fix chip name and pin count on Nuvoton chip Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 14/42] bpf, sockmap: Pass skb ownership through read_skb Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 15/42] bpf, sockmap: Convert schedule_work into delayed_work Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 16/42] bpf, sockmap: Reschedule is now done through backlog Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 17/42] bpf, sockmap: Improved check for empty queue Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 18/42] bpf, sockmap: Handle fin correctly Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 19/42] bpf, sockmap: TCP data stall on recv before accept Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 20/42] bpf, sockmap: Wake up polling after data copy Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 21/42] bpf, sockmap: Incorrectly handling copied_seq Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 22/42] blk-mq: fix race condition in active queue accounting Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 23/42] vfio/type1: check pfn valid before converting to struct page Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 24/42] net: page_pool: use in_softirq() instead Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 25/42] page_pool: fix inconsistency for page_pool_ring_[un]lock() Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 26/42] net: phy: mscc: enable VSC8501/2 RGMII RX clock Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 27/42] wifi: rtw89: correct 5 MHz mask setting Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 28/42] wifi: iwlwifi: mvm: support wowlan info notification version 2 Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 29/42] wifi: iwlwifi: mvm: fix potential memory leak Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 30/42] RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 31/42] dmaengine: at_xdmac: disable/enable clock directly on suspend/resume Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 32/42] dmaengine: at_xdmac: do not resume channels paused by consumers Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 33/42] dmaengine: at_xdmac: restore the content of grws register Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 34/42] octeontx2-af: Add validation for lmac type Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 35/42] drm/amd: Dont allow s0ix on APUs older than Raven Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 36/42] bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 37/42] Revert "thermal/drivers/mellanox: Use generic thermal_zone_get_trip() function" Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 38/42] block: fix bio-cache for passthru IO Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 39/42] cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 40/42] cpufreq: amd-pstate: Add ->fast_switch() callback Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 41/42] netfilter: ctnetlink: Support offloaded conntrack entry deletion Greg Kroah-Hartman
2023-06-01 13:21 ` [PATCH 6.1 42/42] tools headers UAPI: Sync the linux/in.h with the kernel sources Greg Kroah-Hartman
2023-06-01 14:11 ` [PATCH 6.1 00/42] 6.1.32-rc1 review Naresh Kamboju
2023-06-01 14:26 ` Greg Kroah-Hartman
2023-06-01 14:33 ` Greg Kroah-Hartman
2023-06-01 14:39 ` Guenter Roeck
2023-06-01 17:41 ` Greg Kroah-Hartman
2023-06-01 20:33 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230601131939.474518851@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=patches@lists.linux.dev \
--cc=samiram@nvidia.com \
--cc=sashal@kernel.org \
--cc=simon.horman@corigine.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).