Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp668637ybg; Mon, 1 Jun 2020 11:13:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwxtWrg4xQG0o/pqGchMYVP7BgeAsDIuAlgMkkTSOYkqCdrowmRSiQ8Puiwg1R4vcVZi5mb X-Received: by 2002:a17:906:1dcc:: with SMTP id v12mr21307058ejh.236.1591035186797; Mon, 01 Jun 2020 11:13:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591035186; cv=none; d=google.com; s=arc-20160816; b=iNn2NRAbbstHIAeMBPoalWH8Lvjt/X8sTQeRjb8WYcCXe1w4RGIndsEczq3cuyOpOQ T2jA4qhM7JBP8x+yWKnNwKhaHoXAYxpGgCvsWpDu4UXteUxiMqOELZ1SKCr4fnFYz+dv muzfRBatPIWYDPraDoJmPAQiqOBrBjVEqNg4fPLTwh7p9qQxgKmBBz4285w9/5uOF9We Gtg8dXeXVvTPzXKKfZYM8/eRX8CrftR5EgVDqa1KnMz59FnlEaxEEvvn3dxUuYjpMiSN 267oF45c6PKFeBKxlYgq9sOERu9nRX2Dycj/faFaBovVNDaLcZYEJIq1Z9SJJ89L386d 5h0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/QXSSkupuGzSGtTSjh6Z7QuCcquDxKsLxNdPLskoBZE=; b=szmLK1DLhnSjuX1JijEhM3Zaq0kRt//gtgZ4vGl02msXZHdwy97uy00JCRemEU0eV9 eb74+f8eyGrfs+6y2/PWSL73q7AGM/9K2SkPmL/XAHhZ/49MlHI/GG3cfcb/aH/PJB0x M1uNqtDkrICjwisw+kk93QADe+0IH7c6fWe0RFfF56d0iHn8HiiGAGeCsT02bYrX7wbv dp3BiEIedtALD6OnB+JjLrxmXqbkpGjOVoAXPxnfzHTeRou9yC54m8v8OqkhRAX54a4Q slCzucVo9r8oIAknLWRoieJCPdZdGcZkFPbeDzuIovIsshL+MzXTnIVMj6L75v0/RRUH eK3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=qTvFn2gQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i64si65439edd.574.2020.06.01.11.12.43; Mon, 01 Jun 2020 11:13:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=qTvFn2gQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730610AbgFASHi (ORCPT + 99 others); Mon, 1 Jun 2020 14:07:38 -0400 Received: from mail.kernel.org ([198.145.29.99]:52770 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730524AbgFASHA (ORCPT ); Mon, 1 Jun 2020 14:07:00 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B60532068D; Mon, 1 Jun 2020 18:06:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591034820; bh=/1aoE7TQlcktPcUnXVgbfRYbQl0UDGuNM3KVfIf8iV8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qTvFn2gQLrOBxgNdGcmxVcTcjjfJunH089MRZJjBbhVR/MZ1XkcP8qc3pZ8lZWrNg p9GQftAQ7EKnV3IVOt92RpckWYTLPqu6pQXg7Pgp3iIROGmoXRxCtvWZaaTMKLDBJa 89BGgg3lmI1A87J6siVD4vh7sWJ2hgi74CscsuiE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Vadim Fedorenko , "David S. Miller" Subject: [PATCH 5.4 028/142] net/tls: free record only on encryption error Date: Mon, 1 Jun 2020 19:53:06 +0200 Message-Id: <20200601174040.824690106@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200601174037.904070960@linuxfoundation.org> References: <20200601174037.904070960@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Vadim Fedorenko commit 635d9398178659d8ddba79dd061f9451cec0b4d1 upstream. We cannot free record on any transient error because it leads to losing previos data. Check socket error to know whether record must be freed or not. Fixes: d10523d0b3d7 ("net/tls: free the record on encryption error") Signed-off-by: Vadim Fedorenko Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/tls/tls_sw.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -797,9 +797,10 @@ static int bpf_exec_tx_verdict(struct sk psock = sk_psock_get(sk); if (!psock || !policy) { err = tls_push_record(sk, flags, record_type); - if (err && err != -EINPROGRESS) { + if (err && sk->sk_err == EBADMSG) { *copied -= sk_msg_free(sk, msg); tls_free_open_rec(sk); + err = -sk->sk_err; } if (psock) sk_psock_put(sk, psock); @@ -825,9 +826,10 @@ more_data: switch (psock->eval) { case __SK_PASS: err = tls_push_record(sk, flags, record_type); - if (err && err != -EINPROGRESS) { + if (err && sk->sk_err == EBADMSG) { *copied -= sk_msg_free(sk, msg); tls_free_open_rec(sk); + err = -sk->sk_err; goto out_err; } break;