From: Jakub Kicinski <jakub.kicinski@netronome.com>
To: borisp@mellanox.com, aviadye@mellanox.com,
john.fastabend@gmail.com, daniel@iogearbox.net
Cc: netdev@vger.kernel.org,
Jakub Kicinski <jakub.kicinski@netronome.com>,
syzbot+df0d4ec12332661dd1f9@syzkaller.appspotmail.com
Subject: [RFC net] net/tls: clear SG markings on encryption error
Date: Fri, 22 Nov 2019 13:45:53 -0800 [thread overview]
Message-ID: <20191122214553.20982-1-jakub.kicinski@netronome.com> (raw)
When tls_do_encryption() fails the SG lists are left with the
SG_END and SG_CHAIN marks in place. One could hope that once
encryption fails we will never see the record again, but that
is in fact not true. Commit d3b18ad31f93 ("tls: add bpf support
to sk_msg handling") added special handling to ENOMEM and ENOSPC
errors which mean we may see the same record re-submitted.
In all honesty I don't understand why we need the ENOMEM handling.
Waiting for socket memory without setting SOCK_NOSPACE on any
random memory allocation failure seems slightly ill advised.
Having said that, undoing the SG markings seems wise regardless.
Reported-by: syzbot+df0d4ec12332661dd1f9@syzkaller.appspotmail.com
Fixes: 130b392c6cd6 ("net: tls: Add tls 1.3 support")
Fixes: d3b18ad31f93 ("tls: add bpf support to sk_msg handling")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
---
John, I'm sending this mostly to ask if we can safely remove
the ENOMEM handling? :)
I was going to try the sockmap tests myself, but looks like the current
LLVM 10 build I get from their debs just segfaults when trying to build
selftest :/
Also there's at least one more bug in this piece of code, TLS 1.3
can't assume there's at least one free SG entry.
net/tls/tls_sw.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 24161750a737..4a0ea87b20cf 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -737,6 +737,19 @@ static int tls_push_record(struct sock *sk, int flags,
if (rc < 0) {
if (rc != -EINPROGRESS) {
tls_err_abort(sk, EBADMSG);
+
+ i = msg_pl->sg.end;
+ if (prot->version == TLS_1_3_VERSION) {
+ sg_mark_end(sk_msg_elem(msg_pl, i));
+ sg_unmark_end(sk_msg_elem(msg_pl, i));
+ }
+ sk_msg_iter_var_prev(i);
+ sg_unmark_end(sk_msg_elem(msg_pl, i));
+
+ i = msg_en->sg.end;
+ sk_msg_iter_var_prev(i);
+ sg_unmark_end(sk_msg_elem(msg_en, i));
+
if (split) {
tls_ctx->pending_open_record_frags = true;
tls_merge_open_record(sk, rec, tmp, orig_end);
--
2.23.0
next reply other threads:[~2019-11-22 21:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-22 21:45 Jakub Kicinski [this message]
2019-11-22 22:36 ` [RFC net] net/tls: clear SG markings on encryption error Jakub Kicinski
2019-11-23 6:56 ` John Fastabend
2019-11-25 19:58 ` Jakub Kicinski
2019-11-23 3:25 ` John Fastabend
2019-11-25 19:52 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191122214553.20982-1-jakub.kicinski@netronome.com \
--to=jakub.kicinski@netronome.com \
--cc=aviadye@mellanox.com \
--cc=borisp@mellanox.com \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=syzbot+df0d4ec12332661dd1f9@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).