diff options
| author | Jakub Kicinski | 2023-05-16 18:50:41 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman | 2023-06-05 09:26:18 +0200 |
| commit | 3347ac7a81608b30671d49d9be20f8b5563f0957 (patch) | |
| tree | 5076f309811be656c7c50fddc80b7aed5764d486 /include/net/tls.h | |
| parent | ba93977437e7c6554563e5d75c9bf4a04b387a60 (diff) | |
tls: rx: strp: preserve decryption status of skbs when needed
[ Upstream commit eca9bfafee3a0487e59c59201ae14c7594ba940a ]
When receive buffer is small we try to copy out the data from
TCP into a skb maintained by TLS to prevent connection from
stalling. Unfortunately if a single record is made up of a mix
of decrypted and non-decrypted skbs combining them into a single
skb leads to loss of decryption status, resulting in decryption
errors or data corruption.
Similarly when trying to use TCP receive queue directly we need
to make sure that all the skbs within the record have the same
status. If we don't the mixed status will be detected correctly
but we'll CoW the anchor, again collapsing it into a single paged
skb without decrypted status preserved. So the "fixup" code will
not know which parts of skb to re-encrypt.
Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser")
Tested-by: Shai Amiram <samiram@nvidia.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'include/net/tls.h')
| -rw-r--r-- | include/net/tls.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/tls.h b/include/net/tls.h index 154949c7b0c8..c36bf4c50027 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -124,6 +124,7 @@ struct tls_strparser { u32 mark : 8; u32 stopped : 1; u32 copy_mode : 1; + u32 mixed_decrypted : 1; u32 msg_ready : 1; struct strp_msg stm; |