git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Jakub Kicinski <kuba@kernel.org>
	Mon, 11 May 2026 17:49:18 +0000 (10:49 -0700)
committer	Paolo Abeni <pabeni@redhat.com>
	Thu, 14 May 2026 11:18:40 +0000 (13:18 +0200)
commit	ff26a0e8377dec07e4a7230db7675bed1b9a6d03
tree	8bc0a138c709db67d13e3eb65d879562f666ad75	tree \| snapshot
parent	285943c6e7ca309bbea84b253745154241d9788a	commit \| diff

net: tls: prevent chain-after-chain in plain text SG

Sashiko points out that if end = 0 (start != 0) the current
code will create a chain link to content type right after
the wrap link:

  This would create a chain where the wrap link points directly
  to another chain link. The scatterlist API sg_next iterator
  does not recursively resolve consecutive chain links.

meaning this is illegal input to crypto.

The wrapping link is unnecessary if end = 0. end is the entry after
the last one used so end = 0 means there's nothing pushed after
the wrap:

   end         start            i
    v            v              v
  [   ]...[   ][ d ][ d ][ d ][ d ][rsv for wrap]

Skip the wrapping in this case.

TLS 1.3 can use the "wrapping slot" for it's chaining if end = 0.
This avoids the chain-after-chain.

Move the wrap chaining before marking END and chaining off content
type, that feels like more logical ordering to me, but should not
matter from functional perspective.

Reported-by: Sashiko <sashiko-bot@kernel.org>
Fixes: 9aaaa56845a0 ("bpf: Sockmap/tls, skmsg can have wrapped skmsg that needs extra chaining")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://patch.msgid.link/20260511174920.433155-3-kuba@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>