[net,v2,0/2] tls fixes for SPLICE with more hint

Message ID	20240113003258.67899-1-john.fastabend@gmail.com (mailing list archive)
Headers	show Received: from mail-oi1-f171.google.com (mail-oi1-f171.google.com [209.85.167.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED118632; Sat, 13 Jan 2024 00:33:01 +0000 (UTC) From: John Fastabend <john.fastabend@gmail.com> To: netdev@vger.kernel.org, eadavis@qq.com, kuba@kernel.org Cc: john.fastabend@gmail.com, bpf@vger.kernel.org, borisp@nvidia.com Subject: [PATCH net v2 0/2] tls fixes for SPLICE with more hint Date: Fri, 12 Jan 2024 16:32:56 -0800 Message-Id: <20240113003258.67899-1-john.fastabend@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	tls fixes for SPLICE with more hint \| expand [net,v2,0/2] tls fixes for SPLICE with more hint [net,v2,1/2] net: tls, fix WARNIING in __sk_msg_free [net,v2,2/2] net: tls, add test to capture error on large splice

Message ID

20240113003258.67899-1-john.fastabend@gmail.com (mailing list archive)

Headers

From: John Fastabend <john.fastabend@gmail.com>
To: netdev@vger.kernel.org,
	eadavis@qq.com,
	kuba@kernel.org
Cc: john.fastabend@gmail.com,
	bpf@vger.kernel.org,
	borisp@nvidia.com
Subject: [PATCH net v2 0/2] tls fixes for SPLICE with more hint 
Date: Fri, 12 Jan 2024 16:32:56 -0800
Message-Id: <20240113003258.67899-1-john.fastabend@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

tls fixes for SPLICE with more hint | expand

Message

John Fastabend Jan. 13, 2024, 12:32 a.m. UTC

Syzbot found a splat where it tried to splice data over a tls socket
with the more hint and sending greater than the number of frags that
fit in a msg scatterlist. This resulted in an error where we do not
correctly send the data when the msg sg is full. The more flag being
just a hint not a strict contract. This then results in the syzbot
warning on the next send.

Edward generated an initial patch for this which checked for a full
msg on entry to the sendmsg hook.  This fixed the WARNING, but didn't
fully resolve the issue because the full msg_pl scatterlist was never
sent resulting in a stuck socket. In this series instead avoid the
situation by forcing the send on the splice that fills the scatterlist.

Also in original thread I mentioned it didn't seem to be enough to
simply fix the send on full sg problem. That was incorrect and was
really a bug in my test program that was hanging the test program.
I had setup a repair socket and wasn't handling it correctly so my
tester got stuck.

Thanks. Please review. Fix in patch 1 and test in patch 2.

v2: use SPLICE_F_ flag names instead of cryptic 0xe

John Fastabend (2):
  net: tls, fix WARNIING in __sk_msg_free
  net: tls, add test to capture error on large splice

 net/tls/tls_sw.c                  |  6 +++++-
 tools/testing/selftests/net/tls.c | 14 ++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org Jan. 14, 2024, 12:20 p.m. UTC | #1

Hello:

This series was applied to netdev/net.git (main)
by David S. Miller <davem@davemloft.net>:

On Fri, 12 Jan 2024 16:32:56 -0800 you wrote:
> Syzbot found a splat where it tried to splice data over a tls socket
> with the more hint and sending greater than the number of frags that
> fit in a msg scatterlist. This resulted in an error where we do not
> correctly send the data when the msg sg is full. The more flag being
> just a hint not a strict contract. This then results in the syzbot
> warning on the next send.
> 
> [...]

Here is the summary with links:
  - [net,v2,1/2] net: tls, fix WARNIING in __sk_msg_free
    https://git.kernel.org/netdev/net/c/dc9dfc8dc629
  - [net,v2,2/2] net: tls, add test to capture error on large splice
    https://git.kernel.org/netdev/net/c/034ea1305e65

You are awesome, thank you!