Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp666953ybg; Mon, 1 Jun 2020 11:11:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzoxo0Mk/NtbJ/+4dlOR439fW0lZjGldpI3b9Z2ivhG1Ilr8vDbSaPuyeVwi5c+KhEH2PP5 X-Received: by 2002:a17:906:2cc5:: with SMTP id r5mr4358638ejr.247.1591035060822; Mon, 01 Jun 2020 11:11:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591035060; cv=none; d=google.com; s=arc-20160816; b=gY7QofdaFkHEnz1rh90a1rPSw0O6BwHgdRZotplgWgW2rqn04svOOOnFBMMj3TrMB3 XxqdtddKcyEhAtMcr90D09IzXWhaRb7XnXvX1vNIwe4LhKWGhhgzTZzy7xTao2oKXZOb w8vIfO+X6h3eazH0dhmY1XOlQKj8lNFDf8xWDw2M0n0pUdetY0i/53+3eoyDz3g4Z07Y I4OzTvshjRcuY0jO3T/CyMb6IlHVFYV2/hrAlXXhXUyx7mwDpq9jo9ZS+2FDL2OcVJcb A7nuJtdzX6whIiYrzurQM32J5cGo6wMXyF2dnASlPYv1kW1UY2IJVOPHLILtvzolXLpv 18tA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=j526Om9yOMV5oILJRZQ0LHS7N7dGEgNxd4noo9RdSH4=; b=PvduTtQorjr0a0+O+mTs+NIWRjmeFBQt/VfCMKjSgi5SSDB2gFi0fmSCjpQgcxrNrJ Pj8yIJJ1bLZwWCKddI2Swt6t+BkyyLvFDCZKvpoE7BHZEdkemvMAqzBbUeRU8yq4Adh/ mTYdRy58YDoliBtwFK4PWxDcc5t04S3iQlo9As9nPk1YWr2x8596yFI8LCh0p0mn7pJA G/NX0vDu7UiMKPLfZS1+20tIbxE6XcbYqK7NFxhcWo9UTMGqxhbicFuPY59RG/reaPm7 eLQbkgEJEIYyQAZ4kALOYpgxx4vzmTpu+Q+lkDIfF9lApxydYf36g2tvzSFvuNWYIFLa +HmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OD53EG6k; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id si29si171991ejb.40.2020.06.01.11.10.37; Mon, 01 Jun 2020 11:11:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=OD53EG6k; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730602AbgFASHf (ORCPT + 99 others); Mon, 1 Jun 2020 14:07:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:52738 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728833AbgFASG6 (ORCPT ); Mon, 1 Jun 2020 14:06:58 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 824C4207D0; Mon, 1 Jun 2020 18:06:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034818; bh=oUUrow9BaLigfYLgQvV/CONmfTcm9hlUNd3VeXm6wCo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OD53EG6kOA3xY1bnTzxCXtM+k7pvtTNURJe8/MqZbe601eMt/croMZ2iB2wNvt5CH RHhecZwv0c1lfrUmVn+DtH0I5moXwS6XGzBtV2jLnaa6Vhg0kIAYUQbT1PNxmf2q/0 5USkoJsH73IaUoHuY1HDUan7TVCiq11o+fyc1dvs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Vadim Fedorenko , "David S. Miller" Subject: [PATCH 5.4 027/142] net/tls: fix encryption error checking Date: Mon, 1 Jun 2020 19:53:05 +0200 Message-Id: <20200601174040.718668506@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601174037.904070960@linuxfoundation.org> References: <20200601174037.904070960@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Vadim Fedorenko commit a7bff11f6f9afa87c25711db8050c9b5324db0e2 upstream. bpf_exec_tx_verdict() can return negative value for copied variable. In that case this value will be pushed back to caller and the real error code will be lost. Fix it using signed type and checking for positive value. Fixes: d10523d0b3d7 ("net/tls: free the record on encryption error") Fixes: d3b18ad31f93 ("tls: add bpf support to sk_msg handling") Signed-off-by: Vadim Fedorenko Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/tls/tls_sw.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -781,7 +781,7 @@ static int tls_push_record(struct sock * static int bpf_exec_tx_verdict(struct sk_msg *msg, struct sock *sk, bool full_record, u8 record_type, - size_t *copied, int flags) + ssize_t *copied, int flags) { struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); @@ -917,7 +917,8 @@ int tls_sw_sendmsg(struct sock *sk, stru unsigned char record_type = TLS_RECORD_TYPE_DATA; bool is_kvec = iov_iter_is_kvec(&msg->msg_iter); bool eor = !(msg->msg_flags & MSG_MORE); - size_t try_to_copy, copied = 0; + size_t try_to_copy; + ssize_t copied = 0; struct sk_msg *msg_pl, *msg_en; struct tls_rec *rec; int required_size; @@ -1126,7 +1127,7 @@ send_end: release_sock(sk); mutex_unlock(&tls_ctx->tx_lock); - return copied ? copied : ret; + return copied > 0 ? copied : ret; } static int tls_sw_do_sendpage(struct sock *sk, struct page *page, @@ -1140,7 +1141,7 @@ static int tls_sw_do_sendpage(struct soc struct sk_msg *msg_pl; struct tls_rec *rec; int num_async = 0; - size_t copied = 0; + ssize_t copied = 0; bool full_record; int record_room; int ret = 0; @@ -1242,7 +1243,7 @@ wait_for_memory: } sendpage_end: ret = sk_stream_error(sk, flags, ret); - return copied ? copied : ret; + return copied > 0 ? copied : ret; } int tls_sw_sendpage_locked(struct sock *sk, struct page *page,