| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 May 2020 18:14:08 +0300
From: Tariq Toukan <tariqt@...lanox.com>
To: "David S. Miller" <davem@...emloft.net>
Cc: netdev@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>,
Boris Pismenny <borisp@...lanox.com>,
Tariq Toukan <tariqt@...lanox.com>,
Saeed Mahameed <saeedm@...lanox.com>
Subject: [PATCH net] net/tls: Fix driver request resync
From: Boris Pismenny <borisp@...lanox.com>
In driver request resync, the hardware requests a resynchronization
request at some TCP sequence number. If that TCP sequence number does
not point to a TLS record header, then the resync attempt has failed.
Failed resync should reset the resync request to avoid spurious resyncs
after the TCP sequence number has wrapped around.
Fix this by resetting the resync request when the TLS record header
sequence number is not before the requested sequence number.
As a result, drivers may be called with a sequence number that is not
equal to the requested sequence number.
Fixes: f953d33ba122 ("net/tls: add kernel-driven TLS RX resync")
Signed-off-by: Boris Pismenny <borisp@...lanox.com>
Signed-off-by: Tariq Toukan <tariqt@...lanox.com>
Reviewed-by: Saeed Mahameed <saeedm@...lanox.com>
---
net/tls/tls_device.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index a562ebaaa33c..cbb13001b4a9 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -714,7 +714,7 @@ void tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq)
seq += TLS_HEADER_SIZE - 1;
is_req_pending = resync_req;
- if (likely(!is_req_pending) || req_seq != seq ||
+ if (likely(!is_req_pending) || before(seq, req_seq) ||
!atomic64_try_cmpxchg(&rx_ctx->resync_req, &resync_req, 0))
return;
break;
--
2.21.0
Powered by blists - more mailing lists