mirrors
/
deepin-kernel
mirror of https://github.com/deepin-community/kernel.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
deepin-kernel/net/tls
History
Jakub Kicinski 807fea95c9 tls: always refresh the queue when reading sock 
[ Upstream commit 4ab26bce3969f8fd925fe6f6f551e4d1a508c68b ]

After recent changes in net-next TCP compacts skbs much more
aggressively. This unearthed a bug in TLS where we may try
to operate on an old skb when checking if all skbs in the
queue have matching decrypt state and geometry.

    BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]
    (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)
    Read of size 4 at addr ffff888013085750 by task tls/13529

    CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme
    Call Trace:
     kasan_report+0xca/0x100
     tls_strp_check_rcv+0x898/0x9a0 [tls]
     tls_rx_rec_wait+0x2c9/0x8d0 [tls]
     tls_sw_recvmsg+0x40f/0x1aa0 [tls]
     inet_recvmsg+0x1c3/0x1f0

Always reload the queue, fast path is to have the record in the queue
when we wake, anyway (IOW the path going down "if !strp->stm.full_len").

Fixes: 0d87bbd39d ("tls: strp: make sure the TCP skbs do not have overlapping data")
Link: https://patch.msgid.link/20250716143850.1520292-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 1f3a429c21e0e43e8b8c55d30701e91411a4df02)
 		2025-07-28 15:19:07 +08:00
..
Kconfig net/tls: Select SOCK_RX_QUEUE_MAPPING from TLS_DEVICE 2021-02-11 19:08:06 -08:00
Makefile tls: rx: async: hold onto the input skb 2022-07-18 11:24:11 +01:00
tls.h tls: fix lockless read of strp->msg_ready in ->poll 2024-05-05 17:12:09 +08:00
tls_device.c tls: expand use of tls_cipher_desc in tls_set_device_offload 2023-08-27 17:17:41 -07:00
tls_device_fallback.c tls: expand use of tls_cipher_desc in tls_sw_fallback_init 2023-08-27 17:17:42 -07:00
tls_main.c net: tls: explicitly disallow disconnect 2025-05-09 18:47:14 +08:00
tls_proc.c tls: rx: add counter for NoPad violations 2022-07-11 19:48:33 -07:00
tls_strp.c tls: always refresh the queue when reading sock 2025-07-28 15:19:07 +08:00
tls_sw.c ktls, sockmap: Fix missing uncharge operation 2025-06-20 14:39:15 +08:00
tls_toe.c tls: create an internal header 2022-07-08 18:38:45 -07:00
trace.c
trace.h