Syzbot found a splat where it tried to splice data over a tls socket with the more hint and sending greater than the number of frags that fit in a msg scatterlist. This resulted in an error where we do not correctly send the data when the msg sg is full. The more flag being just a hint not a strict contract. This then results in the syzbot warning on the next send. Edward generated an initial patch for this which checked for a full msg on entry to the sendmsg hook. This fixed the WARNING, but didn't fully resolve the issue because the full msg_pl scatterlist was never sent resulting in a stuck socket. In this series instead avoid the situation by forcing the send on the splice that fills the scatterlist. Also in original thread I mentioned it didn't seem to be enough to simply fix the send on full sg problem. That was incorrect and was really a bug in my test program that was hanging the test program. I had setup a repair socket and wasn't handling it correctly so my tester got stuck. Thanks. Please review. Fix in patch 1 and test in patch 2. v2: use SPLICE_F_ flag names instead of cryptic 0xe John Fastabend (2): net: tls, fix WARNIING in __sk_msg_free net: tls, add test to capture error on large splice net/tls/tls_sw.c | 6 +++++- tools/testing/selftests/net/tls.c | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) -- 2.33.0
