• Jakub Kicinski's avatar
    tls: rx: strp: preserve decryption status of skbs when needed · eca9bfaf
    Jakub Kicinski authored
    When receive buffer is small we try to copy out the data from
    TCP into a skb maintained by TLS to prevent connection from
    stalling. Unfortunately if a single record is made up of a mix
    of decrypted and non-decrypted skbs combining them into a single
    skb leads to loss of decryption status, resulting in decryption
    errors or data corruption.
    
    Similarly when trying to use TCP receive queue directly we need
    to make sure that all the skbs within the record have the same
    status. If we don't the mixed status will be detected correctly
    but we'll CoW the anchor, again collapsing it into a single paged
    skb without decrypted status preserved. So the "fixup" code will
    not know which parts of skb to re-encrypt.
    
    Fixes: 84c61fe1 ("tls: rx: do not use the standard strparser")
    Tested-by: default avatarShai Amiram <samiram@nvidia.com>
    Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
    Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    eca9bfaf
tls.h 10.4 KB