mbox series

[net,v3,0/2] net/tls: fix encryption error path

Message ID 1589964104-9941-1-git-send-email-vfedorenko@novek.ru
Headers show
Series net/tls: fix encryption error path | expand

Message

Vadim Fedorenko May 20, 2020, 8:41 a.m. UTC 
The problem with data stream corruption was found in KTLS
transmit path with small socket send buffers and large 
amount of data. bpf_exec_tx_verdict() frees open record
on any type of error including EAGAIN, ENOMEM and ENOSPC
while callers are able to recover this transient errors.
Also wrong error code was returned to user space in that
case. This patchset fixes the problems.

Vadim Fedorenko (2):
  net/tls: fix encryption error checking
  net/tls: free record only on encryption error

 net/tls/tls_sw.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

Comments

Jakub Kicinski May 20, 2020, 8:46 p.m. UTC | #1 
On Wed, 20 May 2020 11:41:42 +0300 Vadim Fedorenko wrote:
> The problem with data stream corruption was found in KTLS
> transmit path with small socket send buffers and large 
> amount of data. bpf_exec_tx_verdict() frees open record
> on any type of error including EAGAIN, ENOMEM and ENOSPC
> while callers are able to recover this transient errors.
> Also wrong error code was returned to user space in that
> case. This patchset fixes the problems.

Thanks:

Acked-by: Jakub Kicinski <kuba@kernel.org>

Pooja, I think Vadim's fix to check the socket error will make changes
to handling of -EAGAIN unnecessary, right? Still would be good to get
that selftest, triggering EAGAIN should be quite simple.
Pooja Trivedi May 21, 2020, 4:29 p.m. UTC | #2 
On Wed, May 20, 2020 at 4:46 PM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Wed, 20 May 2020 11:41:42 +0300 Vadim Fedorenko wrote:
> > The problem with data stream corruption was found in KTLS
> > transmit path with small socket send buffers and large
> > amount of data. bpf_exec_tx_verdict() frees open record
> > on any type of error including EAGAIN, ENOMEM and ENOSPC
> > while callers are able to recover this transient errors.
> > Also wrong error code was returned to user space in that
> > case. This patchset fixes the problems.
>
> Thanks:
>
> Acked-by: Jakub Kicinski <kuba@kernel.org>
>
> Pooja, I think Vadim's fix to check the socket error will make changes
> to handling of -EAGAIN unnecessary, right?

Correct, yes.

> Still would be good to get
> that selftest, triggering EAGAIN should be quite simple.

Agree.
David Miller May 22, 2020, 12:20 a.m. UTC | #3 
From: Vadim Fedorenko <vfedorenko@novek.ru>
Date: Wed, 20 May 2020 11:41:42 +0300

> The problem with data stream corruption was found in KTLS
> transmit path with small socket send buffers and large 
> amount of data. bpf_exec_tx_verdict() frees open record
> on any type of error including EAGAIN, ENOMEM and ENOSPC
> while callers are able to recover this transient errors.
> Also wrong error code was returned to user space in that
> case. This patchset fixes the problems.

Series applied, thanks.