diff mbox series

[net,2/4] tls: adjust recv return with async crypto and failed copy to userspace

Message ID 1b5a1eaab3c088a9dd5d9f1059ceecd7afe888d1.1711120964.git.sd@queasysnail.net (mailing list archive)
State Accepted
Commit 85eef9a41d019b59be7bc91793f26251909c0710
Delegated to: Netdev Maintainers
Headers show
Series tls: recvmsg fixes | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 944 this patch: 944
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/build_clang success Errors and warnings before: 955 this patch: 955
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 955 this patch: 955
netdev/checkpatch warning WARNING: line length of 84 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-03-27--00-00 (tests: 948)

Commit Message

Sabrina Dubroca March 25, 2024, 3:56 p.m. UTC 
process_rx_list may not copy as many bytes as we want to the userspace
buffer, for example in case we hit an EFAULT during the copy. If this
happens, we should only count the bytes that were actually copied,
which may be 0.

Subtracting async_copy_bytes is correct in both peek and !peek cases,
because decrypted == async_copy_bytes + peeked for the peek case: peek
is always !ZC, and we can go through either the sync or async path. In
the async case, we add chunk to both decrypted and
async_copy_bytes. In the sync case, we add chunk to both decrypted and
peeked. I missed that in commit 6caaf104423d ("tls: fix peeking with
sync+async decryption").

Fixes: 4d42cd6bc2ac ("tls: rx: fix return value for async crypto")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
---
I'll send a patch removing the peeked variable and simplifying the
process_rx_list call for net-next after this series lands there

 net/tls/tls_sw.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Simon Horman March 26, 2024, 11:59 a.m. UTC | #1 
On Mon, Mar 25, 2024 at 04:56:46PM +0100, Sabrina Dubroca wrote:
> process_rx_list may not copy as many bytes as we want to the userspace
> buffer, for example in case we hit an EFAULT during the copy. If this
> happens, we should only count the bytes that were actually copied,
> which may be 0.
> 
> Subtracting async_copy_bytes is correct in both peek and !peek cases,
> because decrypted == async_copy_bytes + peeked for the peek case: peek
> is always !ZC, and we can go through either the sync or async path. In
> the async case, we add chunk to both decrypted and
> async_copy_bytes. In the sync case, we add chunk to both decrypted and
> peeked. I missed that in commit 6caaf104423d ("tls: fix peeking with
> sync+async decryption").
> 
> Fixes: 4d42cd6bc2ac ("tls: rx: fix return value for async crypto")
> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>

Reviewed-by: Simon Horman <horms@kernel.org>
diff mbox series

Patch

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 3cdc6bc9fba6..14faf6189eb1 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2158,6 +2158,9 @@  int tls_sw_recvmsg(struct sock *sk,
 		else
 			err = process_rx_list(ctx, msg, &control, 0,
 					      async_copy_bytes, is_peek, NULL);
+
+		/* we could have copied less than we wanted, and possibly nothing */
+		decrypted += max(err, 0) - async_copy_bytes;
 	}
 
 	copied += decrypted;