* [PATCH net] rxrpc: Use skb_ensure_writable() before in-place decryption
@ 2026-05-10 18:51 Hyunwoo Kim
0 siblings, 0 replies; only message in thread
From: Hyunwoo Kim @ 2026-05-10 18:51 UTC (permalink / raw)
To: kuba, dhowells, marc.dionne, davem, edumazet, pabeni, horms,
qingfang.deng, jiayuan.chen
Cc: linux-afs, netdev, imv4bel
Writing to any frag is incorrect since frag pages can be shared.
Use skb_ensure_writable() to ensure the skb is writable before
in-place decryption.
Fixes: aa54b1d27fe0 ("rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present")
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
---
net/rxrpc/call_event.c | 18 ++----------------
net/rxrpc/conn_event.c | 23 +++++------------------
2 files changed, 7 insertions(+), 34 deletions(-)
diff --git a/net/rxrpc/call_event.c b/net/rxrpc/call_event.c
index 2b19b252225e..837e121ed9a6 100644
--- a/net/rxrpc/call_event.c
+++ b/net/rxrpc/call_event.c
@@ -334,22 +334,8 @@ bool rxrpc_input_call_event(struct rxrpc_call *call)
if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA &&
sp->hdr.securityIndex != 0 &&
- (skb_cloned(skb) ||
- skb_has_frag_list(skb) ||
- skb_has_shared_frag(skb))) {
- /* Unshare the packet so that it can be
- * modified by in-place decryption.
- */
- struct sk_buff *nskb = skb_copy(skb, GFP_ATOMIC);
-
- if (nskb) {
- rxrpc_new_skb(nskb, rxrpc_skb_new_unshared);
- rxrpc_input_call_packet(call, nskb);
- rxrpc_free_skb(nskb, rxrpc_skb_put_call_rx);
- } else {
- /* OOM - Drop the packet. */
- rxrpc_see_skb(skb, rxrpc_skb_see_unshare_nomem);
- }
+ skb_ensure_writable(skb, skb->len)) {
+ rxrpc_see_skb(skb, rxrpc_skb_see_unshare_nomem);
} else {
rxrpc_input_call_packet(call, skb);
}
diff --git a/net/rxrpc/conn_event.c b/net/rxrpc/conn_event.c
index 442414d90ba1..a9eaad970e0c 100644
--- a/net/rxrpc/conn_event.c
+++ b/net/rxrpc/conn_event.c
@@ -245,26 +245,13 @@ static int rxrpc_verify_response(struct rxrpc_connection *conn,
{
int ret;
- if (skb_cloned(skb) || skb_has_frag_list(skb) ||
- skb_has_shared_frag(skb)) {
- /* Copy the packet if shared so that we can do in-place
- * decryption.
- */
- struct sk_buff *nskb = skb_copy(skb, GFP_NOFS);
-
- if (nskb) {
- rxrpc_new_skb(nskb, rxrpc_skb_new_unshared);
- ret = conn->security->verify_response(conn, nskb);
- rxrpc_free_skb(nskb, rxrpc_skb_put_response_copy);
- } else {
- /* OOM - Drop the packet. */
- rxrpc_see_skb(skb, rxrpc_skb_see_unshare_nomem);
- ret = -ENOMEM;
- }
- } else {
- ret = conn->security->verify_response(conn, skb);
+ if (skb_ensure_writable(skb, skb->len)) {
+ rxrpc_see_skb(skb, rxrpc_skb_see_unshare_nomem);
+ return -ENOMEM;
}
+ ret = conn->security->verify_response(conn, skb);
+
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-10 18:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-10 18:51 [PATCH net] rxrpc: Use skb_ensure_writable() before in-place decryption Hyunwoo Kim
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.