tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'tls-misc-bugfixes'
Sabrina Dubroca says:
====================
tls: misc bugfixes
Jann Horn reported multiple bugs in kTLS. This series addresses them,
and adds some corresponding selftests for those that are reproducible
(and without failure injection).
====================
Link: https://patch.msgid.link/cover.1760432043.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+92
-11
+2
-5
net/tls/tls_main.c
+2
-5
net/tls/tls_main.c
···
255
255
if (msg->msg_flags & MSG_MORE)
256
256
return -EINVAL;
257
257
258
-
rc = tls_handle_open_record(sk, msg->msg_flags);
259
-
if (rc)
260
-
return rc;
261
-
262
258
*record_type = *(unsigned char *)CMSG_DATA(cmsg);
263
-
rc = 0;
259
+
260
+
rc = tls_handle_open_record(sk, msg->msg_flags);
264
261
break;
265
262
default:
266
263
return -EINVAL;
+25
-6
net/tls/tls_sw.c
+25
-6
net/tls/tls_sw.c
···
1054
1054
if (ret == -EINPROGRESS)
1055
1055
num_async++;
1056
1056
else if (ret != -EAGAIN)
1057
-
goto send_end;
1057
+
goto end;
1058
1058
}
1059
1059
}
1060
1060
···
1112
1112
goto send_end;
1113
1113
tls_ctx->pending_open_record_frags = true;
1114
1114
1115
-
if (sk_msg_full(msg_pl))
1115
+
if (sk_msg_full(msg_pl)) {
1116
1116
full_record = true;
1117
+
sk_msg_trim(sk, msg_en,
1118
+
msg_pl->sg.size + prot->overhead_size);
1119
+
}
1117
1120
1118
1121
if (full_record || eor)
1119
1122
goto copied;
···
1152
1149
} else if (ret != -EAGAIN)
1153
1150
goto send_end;
1154
1151
}
1152
+
1153
+
/* Transmit if any encryptions have completed */
1154
+
if (test_and_clear_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) {
1155
+
cancel_delayed_work(&ctx->tx_work.work);
1156
+
tls_tx_records(sk, msg->msg_flags);
1157
+
}
1158
+
1155
1159
continue;
1156
1160
rollback_iter:
1157
1161
copied -= try_to_copy;
···
1214
1204
goto send_end;
1215
1205
}
1216
1206
}
1207
+
1208
+
/* Transmit if any encryptions have completed */
1209
+
if (test_and_clear_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) {
1210
+
cancel_delayed_work(&ctx->tx_work.work);
1211
+
tls_tx_records(sk, msg->msg_flags);
1212
+
}
1217
1213
}
1218
1214
1219
1215
continue;
···
1239
1223
goto alloc_encrypted;
1240
1224
}
1241
1225
1226
+
send_end:
1242
1227
if (!num_async) {
1243
-
goto send_end;
1228
+
goto end;
1244
1229
} else if (num_zc || eor) {
1245
1230
int err;
1246
1231
···
1259
1242
tls_tx_records(sk, msg->msg_flags);
1260
1243
}
1261
1244
1262
-
send_end:
1245
+
end:
1263
1246
ret = sk_stream_error(sk, msg->msg_flags, ret);
1264
1247
return copied > 0 ? copied : ret;
1265
1248
}
···
1654
1637
1655
1638
if (unlikely(darg->async)) {
1656
1639
err = tls_strp_msg_hold(&ctx->strp, &ctx->async_hold);
1657
-
if (err)
1658
-
__skb_queue_tail(&ctx->async_hold, darg->skb);
1640
+
if (err) {
1641
+
err = tls_decrypt_async_wait(ctx);
1642
+
darg->async = false;
1643
+
}
1659
1644
return err;
1660
1645
}
1661
1646
+65
tools/testing/selftests/net/tls.c
+65
tools/testing/selftests/net/tls.c
···
564
564
EXPECT_EQ(memcmp(buf, test_str, send_len), 0);
565
565
}
566
566
567
+
TEST_F(tls, cmsg_msg_more)
568
+
{
569
+
char *test_str = "test_read";
570
+
char record_type = 100;
571
+
int send_len = 10;
572
+
573
+
/* we don't allow MSG_MORE with non-DATA records */
574
+
EXPECT_EQ(tls_send_cmsg(self->fd, record_type, test_str, send_len,
575
+
MSG_MORE), -1);
576
+
EXPECT_EQ(errno, EINVAL);
577
+
}
578
+
579
+
TEST_F(tls, msg_more_then_cmsg)
580
+
{
581
+
char *test_str = "test_read";
582
+
char record_type = 100;
583
+
int send_len = 10;
584
+
char buf[10 * 2];
585
+
int ret;
586
+
587
+
EXPECT_EQ(send(self->fd, test_str, send_len, MSG_MORE), send_len);
588
+
EXPECT_EQ(recv(self->cfd, buf, send_len, MSG_DONTWAIT), -1);
589
+
590
+
ret = tls_send_cmsg(self->fd, record_type, test_str, send_len, 0);
591
+
EXPECT_EQ(ret, send_len);
592
+
593
+
/* initial DATA record didn't get merged with the non-DATA record */
594
+
EXPECT_EQ(recv(self->cfd, buf, send_len * 2, 0), send_len);
595
+
596
+
EXPECT_EQ(tls_recv_cmsg(_metadata, self->cfd, record_type,
597
+
buf, sizeof(buf), MSG_WAITALL),
598
+
send_len);
599
+
}
600
+
567
601
TEST_F(tls, msg_more_unsent)
568
602
{
569
603
char const *test_str = "test_read";
···
945
911
EXPECT_EQ(read(p[0], mem_recv, send_len), send_len);
946
912
EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
947
913
}
914
+
915
+
#define MAX_FRAGS 48
916
+
TEST_F(tls, splice_short)
917
+
{
918
+
struct iovec sendchar_iov;
919
+
char read_buf[0x10000];
920
+
char sendbuf[0x100];
921
+
char sendchar = 'S';
922
+
int pipefds[2];
923
+
int i;
924
+
925
+
sendchar_iov.iov_base = &sendchar;
926
+
sendchar_iov.iov_len = 1;
927
+
928
+
memset(sendbuf, 's', sizeof(sendbuf));
929
+
930
+
ASSERT_GE(pipe2(pipefds, O_NONBLOCK), 0);
931
+
ASSERT_GE(fcntl(pipefds[0], F_SETPIPE_SZ, (MAX_FRAGS + 1) * 0x1000), 0);
932
+
933
+
for (i = 0; i < MAX_FRAGS; i++)
934
+
ASSERT_GE(vmsplice(pipefds[1], &sendchar_iov, 1, 0), 0);
935
+
936
+
ASSERT_EQ(write(pipefds[1], sendbuf, sizeof(sendbuf)), sizeof(sendbuf));
937
+
938
+
EXPECT_EQ(splice(pipefds[0], NULL, self->fd, NULL, MAX_FRAGS + 0x1000, 0),
939
+
MAX_FRAGS + sizeof(sendbuf));
940
+
EXPECT_EQ(recv(self->cfd, read_buf, sizeof(read_buf), 0), MAX_FRAGS + sizeof(sendbuf));
941
+
EXPECT_EQ(recv(self->cfd, read_buf, sizeof(read_buf), MSG_DONTWAIT), -1);
942
+
EXPECT_EQ(errno, EAGAIN);
943
+
}
944
+
#undef MAX_FRAGS
948
945
949
946
TEST_F(tls, recvmsg_single)
950
947
{