Merge tag 'v5.3-rc6' into x86/cpu, to pick up fixes

Signed-off-by: Ingo Molnar <mingo@kernel.org>
author: Ingo Molnar <mingo@kernel.org> 2019-08-26 11:20:55 +0200
committer: Ingo Molnar <mingo@kernel.org> 2019-08-26 11:20:55 +0200
commit: b3e30c9884407599353e690a4eb36d0c4671bf62 (patch)
tree: d752d32d8a1a395cacd220313f24b933b2ed7294 /include/net/sock.h
parent: 342061c53a049569fc7f56d237753c26b4b2166d (diff)
parent: a55aa89aab90fae7c815b0551b07be37db359d76 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/include/net/sock.h b/include/net/sock.h
index 228db3998e46..2c53f1a1d905 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -2482,6 +2482,7 @@ static inline bool sk_fullsock(const struct sock *sk)
 
 /* Checks if this SKB belongs to an HW offloaded socket
  * and whether any SW fallbacks are required based on dev.
+ * Check decrypted mark in case skb_orphan() cleared socket.
  */
 static inline struct sk_buff *sk_validate_xmit_skb(struct sk_buff *skb,
 						   struct net_device *dev)
@@ -2489,8 +2490,15 @@ static inline struct sk_buff *sk_validate_xmit_skb(struct sk_buff *skb,
 #ifdef CONFIG_SOCK_VALIDATE_XMIT
 	struct sock *sk = skb->sk;
 
-	if (sk && sk_fullsock(sk) && sk->sk_validate_xmit_skb)
+	if (sk && sk_fullsock(sk) && sk->sk_validate_xmit_skb) {
 		skb = sk->sk_validate_xmit_skb(sk, dev, skb);
+#ifdef CONFIG_TLS_DEVICE
+	} else if (unlikely(skb->decrypted)) {
+		pr_warn_ratelimited("unencrypted skb with no associated socket - dropping\n");
+		kfree_skb(skb);
+		skb = NULL;
+#endif
+	}
 #endif
 
 	return skb;
author	Ingo Molnar <mingo@kernel.org>	2019-08-26 11:20:55 +0200
committer	Ingo Molnar <mingo@kernel.org>	2019-08-26 11:20:55 +0200
commit	b3e30c9884407599353e690a4eb36d0c4671bf62 (patch)
tree	d752d32d8a1a395cacd220313f24b933b2ed7294 /include/net/sock.h
parent	342061c53a049569fc7f56d237753c26b4b2166d (diff)
parent	a55aa89aab90fae7c815b0551b07be37db359d76 (diff)