lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20180716.133237.2093552528129465739.davem@davemloft.net>
Date:   Mon, 16 Jul 2018 13:32:37 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     davejwatson@...com
Cc:     borisp@...lanox.com, netdev@...r.kernel.org, aviadye@...lanox.com,
        daniel@...earbox.net, doronrk@...com, vakul.garg@....com
Subject: Re: [PATCH net] tls: Stricter error checking in zerocopy sendmsg
 path

From: Dave Watson <davejwatson@...com>
Date: Thu, 12 Jul 2018 08:03:43 -0700

> In the zerocopy sendmsg() path, there are error checks to revert
> the zerocopy if we get any error code.  syzkaller has discovered
> that tls_push_record can return -ECONNRESET, which is fatal, and
> happens after the point at which it is safe to revert the iter,
> as we've already passed the memory to do_tcp_sendpages.
> 
> Previously this code could return -ENOMEM and we would want to
> revert the iter, but AFAIK this no longer returns ENOMEM after
> a447da7d004 ("tls: fix waitall behavior in tls_sw_recvmsg"),
> so we fail for all error codes.
> 
> Reported-by: syzbot+c226690f7b3126c5ee04@...kaller.appspotmail.com
> Reported-by: syzbot+709f2810a6a05f11d4d3@...kaller.appspotmail.com
> Signed-off-by: Dave Watson <davejwatson@...com>
> Fixes: 3c4d7559159b ("tls: kernel TLS support")

Applied and queued up for -stable, thanks Dave.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ