git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Sabrina Dubroca <sd@queasysnail.net>
	Wed, 28 Feb 2024 22:43:58 +0000 (23:43 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 6 Mar 2024 14:48:36 +0000 (14:48 +0000)
commit	11121c2ce571408997508cb0814cacdf81dfa5ca
tree	29a937d1a80d4b1a8c0911a09ed7b0604219a904	tree \| snapshot
parent	c19fdb06d3d7759cc024a7f28ce21ba870c73840	commit \| diff

tls: fix peeking with sync+async decryption

[ Upstream commit 6caaf104423d809b49a67ee6500191d063b40dc6 ]

If we peek from 2 records with a currently empty rx_list, and the
first record is decrypted synchronously but the second record is
decrypted async, the following happens:
  1. decrypt record 1 (sync)
  2. copy from record 1 to the userspace's msg
  3. queue the decrypted record to rx_list for future read(!PEEK)
  4. decrypt record 2 (async)
  5. queue record 2 to rx_list
  6. call process_rx_list to copy data from the 2nd record

We currently pass copied=0 as skip offset to process_rx_list, so we
end up copying once again from the first record. We should skip over
the data we've already copied.

Seen with selftest tls.12_aes_gcm.recv_peek_large_buf_mult_recs

Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/1b132d2b2b99296bfde54e8a67672d90d6d16e71.1709132643.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>