| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Apr 2022 12:19:13 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: davem@...emloft.net, pabeni@...hat.com
Cc: netdev@...r.kernel.org, borisp@...dia.com,
john.fastabend@...il.com, daniel@...earbox.net,
vfedorenko@...ek.ru, Jakub Kicinski <kuba@...nel.org>
Subject: [PATCH net-next 06/10] tls: rx: treat process_rx_list() errors as transient
process_rx_list() only fails if it can't copy data to user
space. There is no point recording the error onto sk->sk_err
or giving up on the data which was read partially. Treat
the return value like a normal socket partial read.
Signed-off-by: Jakub Kicinski <kuba@...nel.org>
---
net/tls/tls_sw.c | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index fcecf4ef8922..bba69706aea9 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1650,7 +1650,7 @@ static int process_rx_list(struct tls_sw_context_rx *ctx,
err = tls_record_content_type(msg, tlm, control);
if (err <= 0)
- return err;
+ goto out;
if (skip < rxm->full_len)
break;
@@ -1668,13 +1668,13 @@ static int process_rx_list(struct tls_sw_context_rx *ctx,
err = tls_record_content_type(msg, tlm, control);
if (err <= 0)
- return err;
+ goto out;
if (!zc || (rxm->full_len - skip) > len) {
err = skb_copy_datagram_msg(skb, rxm->offset + skip,
msg, chunk);
if (err < 0)
- return err;
+ goto out;
}
len = len - chunk;
@@ -1707,8 +1707,10 @@ static int process_rx_list(struct tls_sw_context_rx *ctx,
skb = next_skb;
}
+ err = 0;
- return copied;
+out:
+ return copied ? : err;
}
int tls_sw_recvmsg(struct sock *sk,
@@ -1747,10 +1749,8 @@ int tls_sw_recvmsg(struct sock *sk,
/* Process pending decrypted records. It must be non-zero-copy */
err = process_rx_list(ctx, msg, &control, 0, len, false, is_peek);
- if (err < 0) {
- tls_err_abort(sk, err);
+ if (err < 0)
goto end;
- }
copied = err;
if (len <= copied)
@@ -1902,11 +1902,7 @@ int tls_sw_recvmsg(struct sock *sk,
else
err = process_rx_list(ctx, msg, &control, 0,
decrypted, true, is_peek);
- if (err < 0) {
- tls_err_abort(sk, err);
- copied = 0;
- goto end;
- }
+ decrypted = max(err, 0);
}
copied += decrypted;
--
2.34.1
Powered by blists - more mailing lists