From patchwork Wed Jan 10 22:01:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Fastabend X-Patchwork-Id: 13516597 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C17544F881; Wed, 10 Jan 2024 22:01:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="EDTPFCJS" Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1d4a980fdedso41415795ad.1; Wed, 10 Jan 2024 14:01:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704924089; x=1705528889; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=twPV4Qpu6bkGv+A13sRVdLLCnNw5osSpmpxOd4tw13w=; b=EDTPFCJS3ssARX9hfzbj+4eI9rWKq+nPe/nG8oEHkIwJNXP3gxsqysC+LfOCbkB37y M0F3Ub9ibOg8FwRKmIqzu8GpsrTlv9qqA5CVqiEjPh+YSUvN3BcCTAxxCkh7PMd4Jh3M sMQICydQTTdXLacR+6vamJLNxgUi5Iv0DvsQJ+ExINA9fE6pOhVXJD6xLbjMruh2jFgk KZw64VmiLUr6hz8t8gKxnvhJlQOR4h2c8aAUYBqpKhGD3ruRmYg3dtveEenc+4ALwcC3 KF81hkmPq3i/y+XRVhkuH+HSY+VY+ZnlLm0DrJjSTwZIfl310f02JlYLRVtQlRMk7XRy 5QLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704924089; x=1705528889; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=twPV4Qpu6bkGv+A13sRVdLLCnNw5osSpmpxOd4tw13w=; b=YceLHcyjFWvkeTufb9NXQ2bAHqfQgMdItltQNnhLxeRmDiy01JzVXoWnZ8vpLeyXuj gBxHEhGLtbnJPBNSX4kSY/JiRzwaEmugRybXgbZ+XwEyYj5xLBLuiP0Y2F5WyX/RmbTB alNorojD4igj+qWqg3W6DXrw/azMf6ny/QxWVpXqQNqMl6nnSPJxJmhudHOf8puA0o70 D02/gVjA3NrapoLF16J55n8edS/s176cVMQ5534+On9/GWcQ2vDjFDcEOtdJOWnnV7P3 0wDrVYfZkhilmyvgpvxgGD9jxOpJ4goqmnbmBDaePuIeWOrx73kpCH6qphaDLe/rDPjm k8cw== X-Gm-Message-State: AOJu0Ywi7Dhba1SMcbiUwBIcY5rtFNjy55Ot8W8JbWsEWsC+n4/6oqpU 0r3IrBTQbEJ3ddFMfNh3BmITa5GZN7Y= X-Google-Smtp-Source: AGHT+IFfv8OifM8nvSGGyiTPnfpwYhm6tGIpgXXhQccczsMgBt5FCGrNN1FjuuJBPpk7EDx9RlPDxQ== X-Received: by 2002:a17:902:f542:b0:1d4:cd56:a5 with SMTP id h2-20020a170902f54200b001d4cd5600a5mr150921plf.53.1704924089501; Wed, 10 Jan 2024 14:01:29 -0800 (PST) Received: from john.. ([98.97.116.12]) by smtp.gmail.com with ESMTPSA id jk5-20020a170903330500b001d05433d402sm4130130plb.148.2024.01.10.14.01.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jan 2024 14:01:27 -0800 (PST) From: John Fastabend To: netdev@vger.kernel.org, eadavis@qq.com, kuba@kernel.org Cc: john.fastabend@gmail.com, bpf@vger.kernel.org, borisp@nvidia.com Subject: [PATCH net 1/2] net: tls, fix WARNIING in __sk_msg_free Date: Wed, 10 Jan 2024 14:01:23 -0800 Message-Id: <20240110220124.452746-2-john.fastabend@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240110220124.452746-1-john.fastabend@gmail.com> References: <20240110220124.452746-1-john.fastabend@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org A splice with MSG_SPLICE_PAGES will cause tls code to use the tls_sw_sendmsg_splice path in the TLS sendmsg code to move the user provided pages from the msg into the msg_pl. This will loop over the msg until msg_pl is full, checked by sk_msg_full(msg_pl). The user can also set the MORE flag to hint stack to delay sending until receiving more pages and ideally a full buffer. If the user adds more pages to the msg than can fit in the msg_pl scatterlist (MAX_MSG_FRAGS) we should ignore the MORE flag and send the buffer anyways. What actually happens though is we abort the msg to msg_pl scatterlist setup and then because we forget to set 'full record' indicating we can no longer consume data without a send we fallthrough to the 'continue' path which will check if msg_data_left(msg) has more bytes to send and then attempts to fit them in the already full msg_pl. Then next iteration of sender doing send will encounter a full msg_pl and throw the warning in the syzbot report. To fix simply check if we have a full_record in splice code path and if not send the msg regardless of MORE flag. Reported-and-tested-by: syzbot+f2977222e0e95cec15c8@syzkaller.appspotmail.com Reported-by: Edward Adam Davis Fixes: fe1e81d4f73b ("tls/sw: Support MSG_SPLICE_PAGES") Signed-off-by: John Fastabend Reviewed-by: Jakub Kicinski --- net/tls/tls_sw.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index e37b4d2e2acd..31e8a94dfc11 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1052,7 +1052,11 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg, if (ret < 0) goto send_end; tls_ctx->pending_open_record_frags = true; - if (full_record || eor || sk_msg_full(msg_pl)) + + if (sk_msg_full(msg_pl)) + full_record = true; + + if (full_record || eor) goto copied; continue; } From patchwork Wed Jan 10 22:01:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Fastabend X-Patchwork-Id: 13516598 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 11A4A4F8A9; Wed, 10 Jan 2024 22:01:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dw0GdBqk" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-1d3eae5c1d7so24958215ad.2; Wed, 10 Jan 2024 14:01:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1704924091; x=1705528891; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LC3pR/KIRfQXi1nRIJvFu9lmaRDGQEQ78eS65s+oXuA=; b=dw0GdBqksFqJ5UCQL8aVtPHCg1bsVT4OiMmDxZTupKnht8gtDUJ+afGATvzmLq0hOI ptDM5Vg4od6Q+CpFxMV3nCxWkA1xlSQKP5jv4novhNgmWnA7soSBVTIQy+PAYWJvmutX Mz90Hp1InfjLe6adFGzPg1rRYanKmRZjiYrdD41+7qnyhE0Qp0/vuJb5VkMKkOc6xQBr hyG2dvG49BO+y+TDOOBpiAL2YB143uI8FVr2JwckNDRN8XfsVOttCTgWt1ZyzZvbDJx1 mlFKsxJh7lbh1oKl6umQdzxfK++P/ulnDIfeifyi/XraaUUDLHvhWWO/qtsAZkU26+dL wsbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704924091; x=1705528891; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LC3pR/KIRfQXi1nRIJvFu9lmaRDGQEQ78eS65s+oXuA=; b=fR2PRu5FQfqKOvQnCj5jAn9LsrR9Tx7kd9FupzEFXSKYUmVtJ/x9xKL2kexE+CXiuU dYyclKodWM5OkET84Fye6CIlK59DCIxyyuHeGC++EdUBVKKPKTZhvUCBQbokoW27wXq3 UFgWD7pJVfh65qugR/I43eKD+SBht5Rt/wJg1yyvaKsq35uRLj3g7w01vrdqhX94FSO3 GQJr7VAjjBYs6ccvBRH1pUswiItzT9RkUi/RjqyFaqyNBi+VUekw8vvbzWN1TOoBrvNt G4HygNaEa0NLWs85Pol+4eJfq8rDa6mySHUKT/RLMpYAMzFXvMA1LesExqDcbxcUkjVp 0I8w== X-Gm-Message-State: AOJu0Yy209ctDdVc6poF2nThKyguIqcZ4JyJZUlFJ4BOcv8gmlDa1wVk sHX+9vAGQ8dnCMttj1U58zCTXQmMyCg= X-Google-Smtp-Source: AGHT+IGCSwdnMOgqCPuwSTutJdJ7QqOAM5hKB8IWNWjE4U9O4qKJfeeW1X5yHr7ZFIg4E6ovRD8yYA== X-Received: by 2002:a17:902:da84:b0:1d5:5af5:6fec with SMTP id j4-20020a170902da8400b001d55af56fecmr198604plx.81.1704924091114; Wed, 10 Jan 2024 14:01:31 -0800 (PST) Received: from john.. ([98.97.116.12]) by smtp.gmail.com with ESMTPSA id jk5-20020a170903330500b001d05433d402sm4130130plb.148.2024.01.10.14.01.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jan 2024 14:01:30 -0800 (PST) From: John Fastabend To: netdev@vger.kernel.org, eadavis@qq.com, kuba@kernel.org Cc: john.fastabend@gmail.com, bpf@vger.kernel.org, borisp@nvidia.com Subject: [PATCH net 2/2] net: tls, add test to capture error on large splice Date: Wed, 10 Jan 2024 14:01:24 -0800 Message-Id: <20240110220124.452746-3-john.fastabend@gmail.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20240110220124.452746-1-john.fastabend@gmail.com> References: <20240110220124.452746-1-john.fastabend@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org syzbot found an error with how splice() is handled with a msg greater than 32. This was fixed in previous patch, but lets add a test for it to ensure it continues to work. Signed-off-by: John Fastabend --- tools/testing/selftests/net/tls.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 464853a7f982..a53117cee841 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -707,6 +707,19 @@ TEST_F(tls, splice_from_pipe) EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); } +TEST_F(tls, splice_more) +{ + int send_len = TLS_PAYLOAD_MAX_LEN; + char mem_send[TLS_PAYLOAD_MAX_LEN]; + int i, send_pipe = 1; + int p[2]; + + ASSERT_GE(pipe(p), 0); + EXPECT_GE(write(p[1], mem_send, send_len), 0); + for (i = 0; i < 32; i++) + EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, send_pipe, 0xe), 1); +} + TEST_F(tls, splice_from_pipe2) { int send_len = 16000;