linux

mirror of https://github.com/torvalds/linux.git synced 2026-05-13 16:59:27 +02:00

History

Jakub Kicinski 4ab26bce39 tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the queue have matching decrypt state and geometry. BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls] (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) Read of size 4 at addr ffff888013085750 by task tls/13529 CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme Call Trace: kasan_report+0xca/0x100 tls_strp_check_rcv+0x898/0x9a0 [tls] tls_rx_rec_wait+0x2c9/0x8d0 [tls] tls_sw_recvmsg+0x40f/0x1aa0 [tls] inet_recvmsg+0x1c3/0x1f0 Always reload the queue, fast path is to have the record in the queue when we wake, anyway (IOW the path going down "if !strp->stm.full_len"). Fixes: `0d87bbd39d` ("tls: strp: make sure the TCP skbs do not have overlapping data") Link: https://patch.msgid.link/20250716143850.1520292-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2025-07-17 07:39:02 -07:00
..
Kconfig	net: skbuff: generalize the skb->decrypted bit	2024-04-06 17:34:31 +01:00
Makefile
tls_device_fallback.c	net/tls: use the new scatterwalk functions	2025-03-02 15:19:44 +08:00
tls_device.c	tcp: move icsk_clean_acked to a better location	2025-03-24 09:55:18 -07:00
tls_main.c	net: tls: explicitly disallow disconnect	2025-04-08 11:38:49 +02:00
tls_proc.c	tls: add counters for rekey	2024-12-16 12:47:30 +00:00
tls_strp.c	tls: always refresh the queue when reading sock	2025-07-17 07:39:02 -07:00
tls_sw.c	ktls, sockmap: Fix missing uncharge operation	2025-05-09 18:09:59 -07:00
tls_toe.c
tls.h	tls: implement rekey for TLS1.3	2024-12-16 12:47:29 +00:00
trace.c
trace.h	move asm/unaligned.h to linux/unaligned.h	2024-10-02 17:23:23 -04:00