From: David Miller <davem@davemloft.net>
To: jakub.kicinski@netronome.com
Cc: john.fastabend@gmail.com, netdev@vger.kernel.org,
oss-drivers@netronome.com, borisp@mellanox.com,
aviadye@mellanox.com, daniel@iogearbox.net
Subject: Re: [PATCH net 0/8] net: tls: fix scatter-gather list issues
Date: Thu, 28 Nov 2019 22:44:13 -0800 (PST) [thread overview]
Message-ID: <20191128.224413.2026858682315234984.davem@davemloft.net> (raw)
In-Reply-To: <20191127201646.25455-1-jakub.kicinski@netronome.com>
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Wed, 27 Nov 2019 12:16:38 -0800
> This series kicked of by a syzbot report fixes three issues around
> scatter gather handling in the TLS code. First patch fixes a use-
> -after-free situation which may occur if record was freed on error.
> This could have already happened in BPF paths, and patch 2 now makes
> the same condition occur in non-BPF code.
>
> Patch 2 fixes the problem spotted by syzbot. If encryption failed
> we have to clean the end markings from scatter gather list. As
> suggested by John the patch frees the record entirely and caller
> may retry copying data from user space buffer again.
>
> Third patch fixes a bug in the TLS 1.3 code spotted while working
> on patch 2. TLS 1.3 may effectively overflow the SG list which
> leads to the BUG() in sg_page() being triggered.
>
> Patch 4 adds a test case which triggers this bug reliably.
>
> Next two patches are small cleanups of dead code and code which
> makes dangerous assumptions.
>
> Last but not least two minor improvements to the sockmap tests.
...
Series applied and queued up for -stable, thanks Jakub.
prev parent reply other threads:[~2019-11-29 6:44 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-27 20:16 [PATCH net 0/8] net: tls: fix scatter-gather list issues Jakub Kicinski
2019-11-27 20:16 ` [PATCH net 1/8] net/tls: take into account that bpf_exec_tx_verdict() may free the record Jakub Kicinski
2019-11-28 4:40 ` John Fastabend
2019-11-27 20:16 ` [PATCH net 2/8] net/tls: free the record on encryption error Jakub Kicinski
2019-11-28 4:41 ` John Fastabend
2019-11-27 20:16 ` [PATCH net 3/8] net: skmsg: fix TLS 1.3 crash with full sk_msg Jakub Kicinski
2019-11-27 20:16 ` [PATCH net 4/8] selftests/tls: add a test for fragmented messages Jakub Kicinski
2019-11-27 20:16 ` [PATCH net 5/8] net/tls: remove the dead inplace_crypto code Jakub Kicinski
2019-11-27 20:16 ` [PATCH net 6/8] net/tls: use sg_next() to walk sg entries Jakub Kicinski
2019-11-27 20:16 ` [PATCH net 7/8] selftests: bpf: test_sockmap: handle file creation failures gracefully Jakub Kicinski
2019-11-27 20:16 ` [PATCH net 8/8] selftests: bpf: correct perror strings Jakub Kicinski
2019-11-29 6:44 ` David Miller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191128.224413.2026858682315234984.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=aviadye@mellanox.com \
--cc=borisp@mellanox.com \
--cc=daniel@iogearbox.net \
--cc=jakub.kicinski@netronome.com \
--cc=john.fastabend@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=oss-drivers@netronome.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).