diff mbox series

[net,v2] net/tls: fix corrupted data in recvmsg

Message ID 1605413760-21153-1-git-send-email-vfedorenko@novek.ru (mailing list archive)
State Accepted
Delegated to: Netdev Maintainers
Headers show
Series [net,v2] net/tls: fix corrupted data in recvmsg | expand

Checks

Context Check Description
netdev/cover_letter success Link
netdev/fixes_present success Link
netdev/patch_count success Link
netdev/tree_selection success Clearly marked for net
netdev/subject_prefix success Link
netdev/source_inline success Was 0 now: 0
netdev/verify_signedoff success Link
netdev/module_param success Was 0 now: 0
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/verify_fixes success Link
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/header_inline success Link
netdev/stable success Stable not CCed

Commit Message

Vadim Fedorenko Nov. 15, 2020, 4:16 a.m. UTC
If tcp socket has more data than Encrypted Handshake Message then
tls_sw_recvmsg will try to decrypt next record instead of returning
full control message to userspace as mentioned in comment. The next
message - usually Application Data - gets corrupted because it uses
zero copy for decryption that's why the data is not stored in skb
for next iteration. Revert check to not decrypt next record if
current is not Application Data.

Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records")
Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
---
 net/tls/tls_sw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Jakub Kicinski Nov. 17, 2020, 12:26 a.m. UTC | #1
On Sun, 15 Nov 2020 07:16:00 +0300 Vadim Fedorenko wrote:
> If tcp socket has more data than Encrypted Handshake Message then
> tls_sw_recvmsg will try to decrypt next record instead of returning
> full control message to userspace as mentioned in comment. The next
> message - usually Application Data - gets corrupted because it uses
> zero copy for decryption that's why the data is not stored in skb
> for next iteration. Revert check to not decrypt next record if
> current is not Application Data.
> 
> Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records")
> Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
> ---
>  net/tls/tls_sw.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
> index 95ab5545..2fe9e2c 100644
> --- a/net/tls/tls_sw.c
> +++ b/net/tls/tls_sw.c
> @@ -1913,7 +1913,7 @@ int tls_sw_recvmsg(struct sock *sk,
>  			 * another message type
>  			 */
>  			msg->msg_flags |= MSG_EOR;
> -			if (ctx->control != TLS_RECORD_TYPE_DATA)
> +			if (control != TLS_RECORD_TYPE_DATA)

Sorry I wasn't clear enough, should this be:

	if (ctx->control != control)

? Otherwise if we get a control record first and then data record
the code will collapse them, which isn't correct, right?

>  				goto recv_end;
>  		} else {
>  			break;
Vadim Fedorenko Nov. 17, 2020, 12:45 a.m. UTC | #2
On 17.11.2020 00:26, Jakub Kicinski wrote:
> On Sun, 15 Nov 2020 07:16:00 +0300 Vadim Fedorenko wrote:
>> If tcp socket has more data than Encrypted Handshake Message then
>> tls_sw_recvmsg will try to decrypt next record instead of returning
>> full control message to userspace as mentioned in comment. The next
>> message - usually Application Data - gets corrupted because it uses
>> zero copy for decryption that's why the data is not stored in skb
>> for next iteration. Revert check to not decrypt next record if
>> current is not Application Data.
>>
>> Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records")
>> Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
>> ---
>>   net/tls/tls_sw.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
>> index 95ab5545..2fe9e2c 100644
>> --- a/net/tls/tls_sw.c
>> +++ b/net/tls/tls_sw.c
>> @@ -1913,7 +1913,7 @@ int tls_sw_recvmsg(struct sock *sk,
>>   			 * another message type
>>   			 */
>>   			msg->msg_flags |= MSG_EOR;
>> -			if (ctx->control != TLS_RECORD_TYPE_DATA)
>> +			if (control != TLS_RECORD_TYPE_DATA)
> Sorry I wasn't clear enough, should this be:
>
> 	if (ctx->control != control)
>
> ? Otherwise if we get a control record first and then data record
> the code will collapse them, which isn't correct, right?
>
>>   				goto recv_end;
>>   		} else {
>>   			break;
I think you mean when ctx->control is control record and control is
data record. In this case control message will be decrypted without
zero copy and will be stored in skb for the next recvmsg, but will
not be returned together with data message. This behavior is the same
as for TLSv1.3 when record type is known only after decrypting.
But if we want completely different flow for TLSv1.2 and TLSv1.3
then changing to check difference in message types makes sense.
Jakub Kicinski Nov. 17, 2020, 12:54 a.m. UTC | #3
On Tue, 17 Nov 2020 00:45:11 +0000 Vadim Fedorenko wrote:
> On 17.11.2020 00:26, Jakub Kicinski wrote:
> > On Sun, 15 Nov 2020 07:16:00 +0300 Vadim Fedorenko wrote:  
> >> If tcp socket has more data than Encrypted Handshake Message then
> >> tls_sw_recvmsg will try to decrypt next record instead of returning
> >> full control message to userspace as mentioned in comment. The next
> >> message - usually Application Data - gets corrupted because it uses
> >> zero copy for decryption that's why the data is not stored in skb
> >> for next iteration. Revert check to not decrypt next record if
> >> current is not Application Data.
> >>
> >> Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records")
> >> Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
> >> ---
> >>   net/tls/tls_sw.c | 2 +-
> >>   1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
> >> index 95ab5545..2fe9e2c 100644
> >> --- a/net/tls/tls_sw.c
> >> +++ b/net/tls/tls_sw.c
> >> @@ -1913,7 +1913,7 @@ int tls_sw_recvmsg(struct sock *sk,
> >>   			 * another message type
> >>   			 */
> >>   			msg->msg_flags |= MSG_EOR;
> >> -			if (ctx->control != TLS_RECORD_TYPE_DATA)
> >> +			if (control != TLS_RECORD_TYPE_DATA)  
> > Sorry I wasn't clear enough, should this be:
> >
> > 	if (ctx->control != control)
> >
> > ? Otherwise if we get a control record first and then data record
> > the code will collapse them, which isn't correct, right?
> >  
> >>   				goto recv_end;
> >>   		} else {
> >>   			break;
> I think you mean when ctx->control is control record and control is
> data record. 

Yup.

> In this case control message will be decrypted without
> zero copy and will be stored in skb for the next recvmsg, but will
> not be returned together with data message.

Could you point me to a line which breaks the loop in that case?

> This behavior is the same
> as for TLSv1.3 when record type is known only after decrypting.
> But if we want completely different flow for TLSv1.2 and TLSv1.3
> then changing to check difference in message types makes sense.
Vadim Fedorenko Nov. 17, 2020, 12:59 a.m. UTC | #4
On 17.11.2020 00:54, Jakub Kicinski wrote:
> On Tue, 17 Nov 2020 00:45:11 +0000 Vadim Fedorenko wrote:
>> On 17.11.2020 00:26, Jakub Kicinski wrote:
>>> On Sun, 15 Nov 2020 07:16:00 +0300 Vadim Fedorenko wrote:
>>>> If tcp socket has more data than Encrypted Handshake Message then
>>>> tls_sw_recvmsg will try to decrypt next record instead of returning
>>>> full control message to userspace as mentioned in comment. The next
>>>> message - usually Application Data - gets corrupted because it uses
>>>> zero copy for decryption that's why the data is not stored in skb
>>>> for next iteration. Revert check to not decrypt next record if
>>>> current is not Application Data.
>>>>
>>>> Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records")
>>>> Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
>>>> ---
>>>>    net/tls/tls_sw.c | 2 +-
>>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
>>>> index 95ab5545..2fe9e2c 100644
>>>> --- a/net/tls/tls_sw.c
>>>> +++ b/net/tls/tls_sw.c
>>>> @@ -1913,7 +1913,7 @@ int tls_sw_recvmsg(struct sock *sk,
>>>>    			 * another message type
>>>>    			 */
>>>>    			msg->msg_flags |= MSG_EOR;
>>>> -			if (ctx->control != TLS_RECORD_TYPE_DATA)
>>>> +			if (control != TLS_RECORD_TYPE_DATA)
>>> Sorry I wasn't clear enough, should this be:
>>>
>>> 	if (ctx->control != control)
>>>
>>> ? Otherwise if we get a control record first and then data record
>>> the code will collapse them, which isn't correct, right?
>>>   
>>>>    				goto recv_end;
>>>>    		} else {
>>>>    			break;
>> I think you mean when ctx->control is control record and control is
>> data record.
> Yup.
>
>> In this case control message will be decrypted without
>> zero copy and will be stored in skb for the next recvmsg, but will
>> not be returned together with data message.
> Could you point me to a line which breaks the loop in that case?
>
Sure!

		if (!control)
			control = tlm->control;
		else if (control != tlm->control)
			goto recv_end;


In that case control != tlm->control
Variable control is set only once and never changes again.

>> This behavior is the same
>> as for TLSv1.3 when record type is known only after decrypting.
>> But if we want completely different flow for TLSv1.2 and TLSv1.3
>> then changing to check difference in message types makes sense.
Jakub Kicinski Nov. 17, 2020, 1:12 a.m. UTC | #5
On Tue, 17 Nov 2020 00:59:54 +0000 Vadim Fedorenko wrote:
> >>> Sorry I wasn't clear enough, should this be:
> >>>
> >>> 	if (ctx->control != control)
> >>>
> >>> ? Otherwise if we get a control record first and then data record
> >>> the code will collapse them, which isn't correct, right?
> >>>     
> >>>>    				goto recv_end;
> >>>>    		} else {
> >>>>    			break;  
> >> I think you mean when ctx->control is control record and control is
> >> data record.  
> > Yup.
> >  
> >> In this case control message will be decrypted without
> >> zero copy and will be stored in skb for the next recvmsg, but will
> >> not be returned together with data message.  
> > Could you point me to a line which breaks the loop in that case?
> >  
> Sure!
> 
> 		if (!control)
> 			control = tlm->control;
> 		else if (control != tlm->control)
> 			goto recv_end;
> 
> 
> In that case control != tlm->control
> Variable control is set only once and never changes again.

You're right! Applied, thanks!
diff mbox series

Patch

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 95ab5545..2fe9e2c 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1913,7 +1913,7 @@  int tls_sw_recvmsg(struct sock *sk,
 			 * another message type
 			 */
 			msg->msg_flags |= MSG_EOR;
-			if (ctx->control != TLS_RECORD_TYPE_DATA)
+			if (control != TLS_RECORD_TYPE_DATA)
 				goto recv_end;
 		} else {
 			break;