Re: [PATCH net-next v10 08/16] tls: Inline do_tcp_sendpages()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 04/08/2023 6:12, Jakub Kicinski wrote:
On Thu, 3 Aug 2023 14:47:35 +0300 Tariq Toukan wrote:
When applying this patch, repro disappears! :)
Apparently it is related to the warning.
Please go on and submit it.

I have no idea how. I found a different bug, staring at this code
for another hour. But I still don't get how we can avoid UaF on
a page by having the TCP take a ref on it rather than copy it.

If anything we should have 2 refs on any page in the sg, one because
it's on the sg, and another held by the re-tx handling.

So I'm afraid we're papering over something here :( We need to keep
digging.

Hi Jakub,
I'm glad to see that you already nailed the other bug and merged the fix.

I can update that we ran comprehensive TLS testing on a branch that contains your proposed fix (net: tls: set MSG_SPLICE_PAGES consistently), and doesn't contain the other fix (net: tls: avoid discarding data on record close).

Except for one "known" issue (we'll discuss it in a second), the runs look clean. No more traces or encrypt/decrypt error counters. Your proposed fix seems to work and causes no degradation.
How do you suggest proceeding here?

One mysterious remaining issue, which I already reported some time ago but couldn't effectively debug due to other TLS bugs, is the increase of TlsDecryptError / TlsEncryptError counters when running kTLS offloaded traffic during bond creation on some other interface.
Weird...

We should start giving it the needed attention now that the other issues seem to be resolved.

Regards,
Tariq




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux