mbox series

[net,v2,0/2] tls fixes for SPLICE with more hint

Message ID 20240113003258.67899-1-john.fastabend@gmail.com (mailing list archive)
Headers show
Series tls fixes for SPLICE with more hint | expand

Message

John Fastabend Jan. 13, 2024, 12:32 a.m. UTC
Syzbot found a splat where it tried to splice data over a tls socket
with the more hint and sending greater than the number of frags that
fit in a msg scatterlist. This resulted in an error where we do not
correctly send the data when the msg sg is full. The more flag being
just a hint not a strict contract. This then results in the syzbot
warning on the next send.

Edward generated an initial patch for this which checked for a full
msg on entry to the sendmsg hook.  This fixed the WARNING, but didn't
fully resolve the issue because the full msg_pl scatterlist was never
sent resulting in a stuck socket. In this series instead avoid the
situation by forcing the send on the splice that fills the scatterlist.

Also in original thread I mentioned it didn't seem to be enough to
simply fix the send on full sg problem. That was incorrect and was
really a bug in my test program that was hanging the test program.
I had setup a repair socket and wasn't handling it correctly so my
tester got stuck.

Thanks. Please review. Fix in patch 1 and test in patch 2.

v2: use SPLICE_F_ flag names instead of cryptic 0xe

John Fastabend (2):
  net: tls, fix WARNIING in __sk_msg_free
  net: tls, add test to capture error on large splice

 net/tls/tls_sw.c                  |  6 +++++-
 tools/testing/selftests/net/tls.c | 14 ++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org Jan. 14, 2024, 12:20 p.m. UTC | #1
Hello:

This series was applied to netdev/net.git (main)
by David S. Miller <davem@davemloft.net>:

On Fri, 12 Jan 2024 16:32:56 -0800 you wrote:
> Syzbot found a splat where it tried to splice data over a tls socket
> with the more hint and sending greater than the number of frags that
> fit in a msg scatterlist. This resulted in an error where we do not
> correctly send the data when the msg sg is full. The more flag being
> just a hint not a strict contract. This then results in the syzbot
> warning on the next send.
> 
> [...]

Here is the summary with links:
  - [net,v2,1/2] net: tls, fix WARNIING in __sk_msg_free
    https://git.kernel.org/netdev/net/c/dc9dfc8dc629
  - [net,v2,2/2] net: tls, add test to capture error on large splice
    https://git.kernel.org/netdev/net/c/034ea1305e65

You are awesome, thank you!