diff options
| author | Jakub Kicinski <jakub.kicinski@netronome.com> | 2019-11-27 12:16:40 -0800 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2019-11-28 22:40:29 -0800 |
| commit | d10523d0b3d78153ee58d19853ced26c9004c8c4 (patch) | |
| tree | 8e86eea39a1cfc9a35cc3abb86e532915f0e10c7 /net | |
| parent | c329ef9684de9517d82af5b4758c9e1b64a8a11a (diff) | |
net/tls: free the record on encryption error
When tls_do_encryption() fails the SG lists are left with the
SG_END and SG_CHAIN marks in place. One could hope that once
encryption fails we will never see the record again, but that
is in fact not true. Commit d3b18ad31f93 ("tls: add bpf support
to sk_msg handling") added special handling to ENOMEM and ENOSPC
errors which mean we may see the same record re-submitted.
As suggested by John free the record, the BPF code is already
doing just that.
Reported-by: syzbot+df0d4ec12332661dd1f9@syzkaller.appspotmail.com
Fixes: d3b18ad31f93 ("tls: add bpf support to sk_msg handling")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/tls/tls_sw.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 70e3c0c1af50..dbba51b69d21 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -771,8 +771,14 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk, policy = !(flags & MSG_SENDPAGE_NOPOLICY); psock = sk_psock_get(sk); - if (!psock || !policy) - return tls_push_record(sk, flags, record_type); + if (!psock || !policy) { + err = tls_push_record(sk, flags, record_type); + if (err) { + *copied -= sk_msg_free(sk, msg); + tls_free_open_rec(sk); + } + return err; + } more_data: enospc = sk_msg_full(msg); if (psock->eval == __SK_NONE) { |