tls: Move decrypt-failure abort into tls_rx_one_record()

Three receive paths -- recvmsg, read_sock, and splice_read --
each follow tls_rx_one_record() with the same tls_err_abort()
call. Consolidate the abort into tls_rx_one_record() so the
decrypt-and-abort sequence lives in one place.

A tls_check_pending_rekey() failure after successful
decryption no longer triggers tls_err_abort(). That path
fires only when skb_copy_bits() fails on a valid skb,
which is not a realistic scenario.

Suggested-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Link: https://patch.msgid.link/20260604-tls-read-sock-v12-3-b114efa6e3e2@oracle.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index fd8d3c97936848ba07a8fec5ad8218c58d0700c1..798f2535ddf77bb7d949f65bdff192b4fafffeca 100644 (file)
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1827,6 +1827,9 @@ static int tls_check_pending_rekey(struct sock *sk, struct tls_context *ctx,
        return 0;
 }
 
+/* On decrypt failure the connection is aborted (sk_err set) before
+ * returning a negative errno.
+ */
 static int tls_rx_one_record(struct sock *sk, struct msghdr *msg,
                             struct tls_decrypt_arg *darg)
 {
@@ -1838,8 +1841,10 @@ static int tls_rx_one_record(struct sock *sk, struct msghdr *msg,
        err = tls_decrypt_device(sk, msg, tls_ctx, darg);
        if (!err)
                err = tls_decrypt_sw(sk, tls_ctx, msg, darg);
-       if (err < 0)
+       if (err < 0) {
+               tls_err_abort(sk, -EBADMSG);
                return err;
+       }
 
        rxm = strp_msg(darg->skb);
        rxm->offset += prot->prepend_size;
@@ -2150,10 +2155,8 @@ int tls_sw_recvmsg(struct sock *sk,
                        darg.async = false;
 
                err = tls_rx_one_record(sk, msg, &darg);
-               if (err < 0) {
-                       tls_err_abort(sk, -EBADMSG);
+               if (err < 0)
                        goto recv_end;
-               }
 
                async |= darg.async;
 
@@ -2312,10 +2315,8 @@ ssize_t tls_sw_splice_read(struct socket *sock,  loff_t *ppos,
                memset(&darg.inargs, 0, sizeof(darg.inargs));
 
                err = tls_rx_one_record(sk, NULL, &darg);
-               if (err < 0) {
-                       tls_err_abort(sk, -EBADMSG);
+               if (err < 0)
                        goto splice_read_end;
-               }
 
                tls_rx_rec_done(ctx);
                skb = darg.skb;
@@ -2398,10 +2399,8 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
                        memset(&darg.inargs, 0, sizeof(darg.inargs));
 
                        err = tls_rx_one_record(sk, NULL, &darg);
-                       if (err < 0) {
-                               tls_err_abort(sk, -EBADMSG);
+                       if (err < 0)
                                goto read_sock_end;
-                       }
 
                        released = tls_read_flush_backlog(sk, prot, INT_MAX,
                                                          0, decrypted,