This is a note to let you know that I've just added the patch titled
tls: break out of main loop when PEEK gets a non-data record
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
tls-break-out-of-main-loop-when-peek-gets-a-non-data.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 1aebbfe29d93e34d6de2bb7837a6e4566515a3b9
Author: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
Date: Thu Feb 15 17:17:29 2024 +0100
tls: break out of main loop when PEEK gets a non-data record
[ Upstream commit 10f41d0710fc81b7af93fa6106678d57b1ff24a7 ]
PEEK needs to leave decrypted records on the rx_list so that we can
receive them later on, so it jumps back into the async code that
queues the skb. Unfortunately that makes us skip the
TLS_RECORD_TYPE_DATA check at the bottom of the main loop, so if two
records of the same (non-DATA) type are queued, we end up merging
them.
Add the same record type check, and make it unlikely to not penalize
the async fastpath. Async decrypt only applies to data record, so this
check is only needed for PEEK.
process_rx_list also has similar issues.
Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple records")
Signed-off-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/3df2eef4fdae720c55e69472b5bea668772b45a2.1708007371.git.sd@xxxxxxxxxxxxxxx
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index c8cbdd02a784e..cd86c271c1348 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2137,6 +2137,8 @@ int tls_sw_recvmsg(struct sock *sk,
decrypted += chunk;
len -= chunk;
__skb_queue_tail(&ctx->rx_list, skb);
+ if (unlikely(control != TLS_RECORD_TYPE_DATA))
+ break;
continue;
}
