net: tls: prevent false connection termination with offload

Jakub Kicinski · davem330 · commit c43ac97bac98 · 2019-03-29T13:38:50.000-07:00
Only decrypt_internal() performs zero copy on rx, all paths which don't hit decrypt_internal() must set zc to false, otherwise tls_sw_recvmsg() may return 0 causing the application to believe that that connection got closed. Currently this happens with device offload when new record is first read from. Fixes: d069b78 ("tls: Fix tls_device receive") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reported-by: David Beckett <david.beckett@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
@@ -1484,6 +1484,8 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
 
 				return err;
 			}
+		} else {
+			*zc = false;
 		}
 
 		rxm->full_len -= padding_length(ctx, tls_ctx, skb);

Original file line number	Diff line number	Diff line change
`@@ -1484,6 +1484,8 @@ static int decrypt_skb_update(struct sock sk, struct sk_buff skb,`
`1484`	`1484`
`1485`	`1485`	`return err;`
`1486`	`1486`	`}`
	`1487`	`+ } else {`
	`1488`	`+ *zc = false;`
`1487`	`1489`	`}`
`1488`	`1490`
`1489`	`1491`	`rxm->full_len -= padding_length(ctx, tls_ctx, skb);`