From: Dave Watson <davejwat...@fb.com>
Date: Thu, 12 Jul 2018 08:03:43 -0700
> In the zerocopy sendmsg() path, there are error checks to revert
> the zerocopy if we get any error code. syzkaller has discovered
> that tls_push_record can return -ECONNRESET, which is fatal, and
> happens after the point at which it is safe to revert the iter,
> as we've already passed the memory to do_tcp_sendpages.
>
> Previously this code could return -ENOMEM and we would want to
> revert the iter, but AFAIK this no longer returns ENOMEM after
> a447da7d004 ("tls: fix waitall behavior in tls_sw_recvmsg"),
> so we fail for all error codes.
>
> Reported-by: syzbot+c226690f7b3126c5e...@syzkaller.appspotmail.com
> Reported-by: syzbot+709f2810a6a05f11d...@syzkaller.appspotmail.com
> Signed-off-by: Dave Watson <davejwat...@fb.com>
> Fixes: 3c4d7559159b ("tls: kernel TLS support")
Applied and queued up for -stable, thanks Dave.
