[net,v2] chelsio/chtls: fix tls record info to user

Message ID	20201022190556.21308-1-vinay.yadav@chelsio.com
State	Superseded
Headers	show Return-Path: <SRS0=3HDY=D5=vger.kernel.org=netdev-owner@kernel.org> From: Vinay Kumar Yadav <vinay.yadav@chelsio.com> To: netdev@vger.kernel.org, davem@davemloft.net, kuba@kernel.org Cc: secdev@chelsio.com, Vinay Kumar Yadav <vinay.yadav@chelsio.com> Subject: [PATCH net,v2] chelsio/chtls: fix tls record info to user Date: Fri, 23 Oct 2020 00:35:57 +0530 Message-Id: <20201022190556.21308-1-vinay.yadav@chelsio.com> Precedence: bulk
Series	[net,v2] chelsio/chtls: fix tls record info to user \| expand [net,v2] chelsio/chtls: fix tls record info to user

Message ID

20201022190556.21308-1-vinay.yadav@chelsio.com

State

Superseded

Headers

From: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
To: netdev@vger.kernel.org, davem@davemloft.net, kuba@kernel.org
Cc: secdev@chelsio.com, Vinay Kumar Yadav <vinay.yadav@chelsio.com>
Subject: [PATCH net,v2] chelsio/chtls: fix tls record info to user
Date: Fri, 23 Oct 2020 00:35:57 +0530
Message-Id: <20201022190556.21308-1-vinay.yadav@chelsio.com>
Precedence: bulk

Series

[net,v2] chelsio/chtls: fix tls record info to user | expand

Commit Message

Vinay Kumar Yadav Oct. 22, 2020, 7:05 p.m. UTC

chtls_pt_recvmsg() receives a skb with tls header and subsequent
skb with data, need to finalize the data copy whenever next skb
with tls header is available. but here current tls header is
overwritten by next available tls header, ends up corrupting
user buffer data. fixing it by finalizing current record whenever
next skb contains tls header.

v1->v2:
- Improved commit message.

Fixes: 17a7d24aa89d ("crypto: chtls - generic handling of data and hdr")
Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>
---
 .../net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Jakub Kicinski Oct. 24, 2020, 1:36 a.m. UTC | #1

On Fri, 23 Oct 2020 00:35:57 +0530 Vinay Kumar Yadav wrote:
> chtls_pt_recvmsg() receives a skb with tls header and subsequent

> skb with data, need to finalize the data copy whenever next skb

> with tls header is available. but here current tls header is

> overwritten by next available tls header, ends up corrupting

> user buffer data. fixing it by finalizing current record whenever

> next skb contains tls header.

> 

> v1->v2:

> - Improved commit message.

> 

> Fixes: 17a7d24aa89d ("crypto: chtls - generic handling of data and hdr")

> Signed-off-by: Vinay Kumar Yadav <vinay.yadav@chelsio.com>


Applied.

diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c
index 9fb5ca6682ea..a5dcc576ba3c 100644
--- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c
+++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c
@@ -1585,6 +1585,7 @@  static int chtls_pt_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
 			tp->urg_data = 0;
 
 		if ((avail + offset) >= skb->len) {
+			struct sk_buff *next_skb;
 			if (ULP_SKB_CB(skb)->flags & ULPCB_FLAG_TLS_HDR) {
 				tp->copied_seq += skb->len;
 				hws->rcvpld = skb->hdr_len;
@@ -1595,9 +1596,12 @@  static int chtls_pt_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
 			chtls_free_skb(sk, skb);
 			buffers_freed++;
 			hws->copied_seq = 0;
-			if (copied >= target &&
-			    !skb_peek(&sk->sk_receive_queue))
+			next_skb = skb_peek(&sk->sk_receive_queue);
+			if (copied >= target && !next_skb)
 				break;
+			if (ULP_SKB_CB(next_skb)->flags & ULPCB_FLAG_TLS_HDR)
+				break;
+
 		}
 	} while (len > 0);

[net,v2] chelsio/chtls: fix tls record info to user

Commit Message

Comments

Patch