Patch "net/tls: Fix inverted error codes to avoid endless loop" has been added to the 4.14-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 28 Jan 2018 17:39:04 +0100

This is a note to let you know that I've just added the patch titled

    net/tls: Fix inverted error codes to avoid endless loop

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-tls-fix-inverted-error-codes-to-avoid-endless-loop.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Sun Jan 28 17:35:08 CET 2018
From: "r.hering@xxxxxx" <r.hering@xxxxxx>
Date: Fri, 12 Jan 2018 15:42:06 +0100
Subject: net/tls: Fix inverted error codes to avoid endless loop

From: "r.hering@xxxxxx" <r.hering@xxxxxx>


[ Upstream commit 30be8f8dba1bd2aff73e8447d59228471233a3d4 ]

sendfile() calls can hang endless with using Kernel TLS if a socket error occurs.
Socket error codes must be inverted by Kernel TLS before returning because
they are stored with positive sign. If returned non-inverted they are
interpreted as number of bytes sent, causing endless looping of the
splice mechanic behind sendfile().

Signed-off-by: Robert Hering <r.hering@xxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 include/net/tls.h |    2 +-
 net/tls/tls_sw.c  |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -168,7 +168,7 @@ static inline bool tls_is_pending_open_r
 
 static inline void tls_err_abort(struct sock *sk)
 {
-	sk->sk_err = -EBADMSG;
+	sk->sk_err = EBADMSG;
 	sk->sk_error_report(sk);
 }
 
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -407,7 +407,7 @@ int tls_sw_sendmsg(struct sock *sk, stru
 
 	while (msg_data_left(msg)) {
 		if (sk->sk_err) {
-			ret = sk->sk_err;
+			ret = -sk->sk_err;
 			goto send_end;
 		}
 
@@ -560,7 +560,7 @@ int tls_sw_sendpage(struct sock *sk, str
 		size_t copy, required_size;
 
 		if (sk->sk_err) {
-			ret = sk->sk_err;
+			ret = -sk->sk_err;
 			goto sendpage_end;
 		}
 


Patches currently in stable-queue which might be from r.hering@xxxxxx are

queue-4.14/net-tls-fix-inverted-error-codes-to-avoid-endless-loop.patch






