From patchwork Sat Nov 14 04:09:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vadim Fedorenko X-Patchwork-Id: 11905407 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A873EC5519F for ; Sat, 14 Nov 2020 04:10:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 615F22225D for ; Sat, 14 Nov 2020 04:10:21 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=novek.ru header.i=@novek.ru header.b="J4uxJfFX" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726319AbgKNEKA (ORCPT ); Fri, 13 Nov 2020 23:10:00 -0500 Received: from novek.ru ([213.148.174.62]:35010 "EHLO novek.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726166AbgKNEKA (ORCPT ); Fri, 13 Nov 2020 23:10:00 -0500 Received: from nat1.ooonet.ru (gw.zelenaya.net [91.207.137.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by novek.ru (Postfix) with ESMTPSA id 53C7C502E6C; Sat, 14 Nov 2020 07:10:03 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 novek.ru 53C7C502E6C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=novek.ru; s=mail; t=1605327005; bh=ufRLmNxcaW/sju01n4BlG/GU7pHq/ui45wXfw4YCuGA=; h=From:To:Cc:Subject:Date:From; b=J4uxJfFXMs/1IwOgXUJuCMZMNYgMiBLcXKFlHUPJk4D7hey1cdB1624ypFrkeXdn1 6d54NL+vxL3Rx7MfWdAh/3w5eVpzrmW0ygvRRtkhZFiQoPogW/+8y119pIq1Ggwv1X 5ZyXqYjl46qQj8v4pnJKr6ksqc4zW9wvOSdK9b4o= From: Vadim Fedorenko To: Jakub Kicinski , Boris Pismenny , Aviad Yehezkel Cc: Vadim Fedorenko , netdev@vger.kernel.org Subject: [net] net/tls: fix corrupted data in recvmsg Date: Sat, 14 Nov 2020 07:09:42 +0300 Message-Id: <1605326982-2487-1-git-send-email-vfedorenko@novek.ru> X-Mailer: git-send-email 1.8.3.1 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org If tcp socket has more data than Encrypted Handshake Message then tls_sw_recvmsg will try to decrypt next record instead of returning full control message to userspace as mentioned in comment. The next message - usually Application Data - gets corrupted because it uses zero copy for decryption that's why the data is not stored in skb for next iteration. Disable zero copy for this case. Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Vadim Fedorenko --- net/tls/tls_sw.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 95ab5545..e040be1 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1808,6 +1808,7 @@ int tls_sw_recvmsg(struct sock *sk, if (to_decrypt <= len && !is_kvec && !is_peek && ctx->control == TLS_RECORD_TYPE_DATA && + (!control || ctx->control == control) && prot->version != TLS_1_3_VERSION && !bpf_strp_enabled) zc = true;