Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp3651860ybf; Tue, 3 Mar 2020 09:49:30 -0800 (PST) X-Google-Smtp-Source: ADFU+vuZ83VqJsBigM75n6iPKy6bnaBPT1WWwz5VnCTn5vjCsb7i4n6Kq5edik/a8e8G1SJAErPF X-Received: by 2002:a9d:7607:: with SMTP id k7mr4276861otl.205.1583257769897; Tue, 03 Mar 2020 09:49:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583257769; cv=none; d=google.com; s=arc-20160816; b=hgQUHGJTj99iqBrZGkKSggj3kOT91NFXfOZDPA8oFvPB1LM+fVsWl/dGM61ka24Pp+ SiiF69B/0hr01m1R2WruyNbo0JhiUnUb0H3n+gBKiZfzKRpOa/jtZxMP7MeSh1K1nxhJ l09XDTY7KM7a27nGARr5l18qQcVAIhtXko6iJIO8EBED/RmOt9dJBMwcrjlczG5M9XwJ 5eYbqriTy9M8Cq6CPWUGD7j27MZgjQcblg3t1EfM6enBip8dumjPEyu0W7Q1Dkvj6Lm1 H3DVzbo/PpTBJKBQ0G3swk1WbsiKsEeRAfu5Pk8UTCuTltPHA0Ma4SWP1OMZHljlPuwt muvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Xo2WVp3CdHK1xGRrnCBcMA4w3qkHzLzqNSDbLpaaXTQ=; b=lmBvC2YaMF1Jj7KvbqK8VzCxv1bBSoX+767I0SFNRNWTP2/1fx6FoKpO3YBBkzXZFe PqxF1deXqkxQPmYuDhwcrhKQoKwm8LzofA9fmfKy3VIMRm27UUjmdNqr4JOFrQxeb1D7 bVDyZgrpUZC6Jt5v7YIYuCkZczc6BmSiXO0Rot4cTWlvnZQrQGCgNd03Ibri3sIjsZ6G r8o6UAV8KhdhzNL1Mw1c5YLO384qcQqnQqJ4Ze1IGbOwf2qQ/mF7zho/WMfyPZ8n1LZ4 It06xRIZI6L0AS2C3MBTn++DsEe8cpQNYYswhHyvPhJIQ3Uhl+3m0t6eQKqcXV5xrVoV clPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=dh47tWMW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l21si8658087otk.142.2020.03.03.09.49.18; Tue, 03 Mar 2020 09:49:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=dh47tWMW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731054AbgCCRqF (ORCPT + 99 others); Tue, 3 Mar 2020 12:46:05 -0500 Received: from mail.kernel.org ([198.145.29.99]:52434 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729625AbgCCRqD (ORCPT ); Tue, 3 Mar 2020 12:46:03 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 26D9320870; Tue, 3 Mar 2020 17:46:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1583257562; bh=udgEv1Fif3gvgXkHWGgmEjq1T17SCOrEkis2l10MF7Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dh47tWMWTuBKcSr7JpUg8J9MIznwN3Akcv/MuJJhgtJROjswJ3DYGlNIocgtGSO3/ qdWvdT9c/A75WtmMIt6m+orNu6Mdu0tvzpOOW/7XMhkMc2Ia6mJPm1svQeBIHaAhU1 c2TGns1r7BE+MF3wnib8QZkvtnOISJGH8fFPaxRw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Rohit Maheshwari , Jakub Kicinski , "David S. Miller" Subject: [PATCH 5.5 008/176] net/tls: Fix to avoid gettig invalid tls record Date: Tue, 3 Mar 2020 18:41:12 +0100 Message-Id: <20200303174305.526890311@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200303174304.593872177@linuxfoundation.org> References: <20200303174304.593872177@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Rohit Maheshwari [ Upstream commit 06f5201c6392f998a49ca9c9173e2930c8eb51d8 ] Current code doesn't check if tcp sequence number is starting from (/after) 1st record's start sequnce number. It only checks if seq number is before 1st record's end sequnce number. This problem will always be a possibility in re-transmit case. If a record which belongs to a requested seq number is already deleted, tls_get_record will start looking into list and as per the check it will look if seq number is before the end seq of 1st record, which will always be true and will return 1st record always, it should in fact return NULL. As part of the fix, start looking each record only if the sequence number lies in the list else return NULL. There is one more check added, driver look for the start marker record to handle tcp packets which are before the tls offload start sequence number, hence return 1st record if the record is tls start marker and seq number is before the 1st record's starting sequence number. Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure") Signed-off-by: Rohit Maheshwari Reviewed-by: Jakub Kicinski Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/tls/tls_device.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -592,7 +592,7 @@ struct tls_record_info *tls_get_record(s u32 seq, u64 *p_record_sn) { u64 record_sn = context->hint_record_sn; - struct tls_record_info *info; + struct tls_record_info *info, *last; info = context->retransmit_hint; if (!info || @@ -604,6 +604,24 @@ struct tls_record_info *tls_get_record(s struct tls_record_info, list); if (!info) return NULL; + /* send the start_marker record if seq number is before the + * tls offload start marker sequence number. This record is + * required to handle TCP packets which are before TLS offload + * started. + * And if it's not start marker, look if this seq number + * belongs to the list. + */ + if (likely(!tls_record_is_start_marker(info))) { + /* we have the first record, get the last record to see + * if this seq number belongs to the list. + */ + last = list_last_entry(&context->records_list, + struct tls_record_info, list); + + if (!between(seq, tls_record_start_seq(info), + last->end_seq)) + return NULL; + } record_sn = context->unacked_record_sn; }