On Thu, Aug 7, 2025 at 4:29 PM Jakub Kicinski <[email protected]> wrote: > > TLS expects that it owns the receive queue of the TCP socket. > This cannot be guaranteed in case the reader of the TCP socket > entered before the TLS ULP was installed, or uses some non-standard > read API (eg. zerocopy ones). Replace the WARN_ON() and a buggy > early exit (which leaves anchor pointing to a freed skb) with real > error handling. Wipe the parsing state and tell the reader to retry. > > We already reload the anchor every time we (re)acquire the socket lock, > so the only condition we need to avoid is an out of bounds read > (not having enough bytes in the socket for previously parsed record len). > > If some data was read from under TLS but there's enough in the queue > we'll reload and decrypt what is most likely not a valid TLS record. > Leading to some undefined behavior from TLS perspective (corrupting > a stream? missing an alert? missing an attack?) but no kernel crash > should take place. > > Reported-by: William Liu <[email protected]> > Reported-by: Savino Dicanosa <[email protected]> > Link: > https://lore.kernel.org/tFjq_kf7sWIG3A7CrCg_egb8CVsT_gsmHAK0_wxDPJXfIzxFAMxqmLwp3MlU5EHiet0AwwJldaaFdgyHpeIUCS-3m3llsmRzp9xIOBR4lAI=@syst3mfailure.io > Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser") > Signed-off-by: Jakub Kicinski <[email protected]> > --- > v2: > - fix the reporter tags > - drop the copied_seq nonsense, just correct the error handling > v1: https://lore.kernel.org/[email protected] > ---
Reviewed-by: Eric Dumazet <[email protected]>
