From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Jann Horn <jannh@google.com>,
Sabrina Dubroca <sd@queasysnail.net>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.15 026/123] tls: wait for async encrypt in case of error during latter iterations of sendmsg
Date: Mon, 27 Oct 2025 19:35:06 +0100 [thread overview]
Message-ID: <20251027183447.098753044@linuxfoundation.org> (raw)
In-Reply-To: <20251027183446.381986645@linuxfoundation.org>
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit b014a4e066c555185b7c367efacdc33f16695495 ]
If we hit an error during the main loop of tls_sw_sendmsg_locked (eg
failed allocation), we jump to send_end and immediately
return. Previous iterations may have queued async encryption requests
that are still pending. We should wait for those before returning, as
we could otherwise be reading from memory that userspace believes
we're not using anymore, which would be a sort of use-after-free.
This is similar to what tls_sw_recvmsg already does: failures during
the main loop jump to the "wait for async" code, not straight to the
unlock/return.
Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption of records for performance")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://patch.msgid.link/c793efe9673b87f808d84fdefc0f732217030c52.1760432043.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tls/tls_sw.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index d2cb19f5cb8bc..e08edfc639fd5 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1013,7 +1013,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
if (ret == -EINPROGRESS)
num_async++;
else if (ret != -EAGAIN)
- goto send_end;
+ goto end;
}
}
@@ -1162,8 +1162,9 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
goto alloc_encrypted;
}
+send_end:
if (!num_async) {
- goto send_end;
+ goto end;
} else if (num_zc || eor) {
int err;
@@ -1181,7 +1182,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
tls_tx_records(sk, msg->msg_flags);
}
-send_end:
+end:
ret = sk_stream_error(sk, msg->msg_flags, ret);
release_sock(sk);
--
2.51.0
next prev parent reply other threads:[~2025-10-27 19:04 UTC|newest]
Thread overview: 134+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-27 18:34 [PATCH 5.15 000/123] 5.15.196-rc1 review Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 001/123] r8152: add error handling in rtl8152_driver_init Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 002/123] jbd2: ensure that all ongoing I/O complete before freeing blocks Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 003/123] ext4: detect invalid INLINE_DATA + EXTENTS flag combination Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 004/123] btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 005/123] media: s5p-mfc: remove an unused/uninitialized variable Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 006/123] media: rc: Directly use ida_free() Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 007/123] media: lirc: Fix error handling in lirc_register() Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 008/123] blk-crypto: fix missing blktrace bio split events Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 009/123] drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 010/123] drm/exynos: exynos7_drm_decon: properly clear channels during bind Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 011/123] drm/exynos: exynos7_drm_decon: remove ctx->suspended Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 012/123] crypto: rockchip - Fix dma_unmap_sg() nents value Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 013/123] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 014/123] HID: multitouch: fix sticky fingers Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 015/123] dax: skip read lock assertion for read-only filesystems Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 016/123] can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 017/123] net: dlink: handle dma_map_single() failure properly Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 018/123] doc: fix seg6_flowlabel path Greg Kroah-Hartman
2025-10-27 18:34 ` [PATCH 5.15 019/123] r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 020/123] net/ip6_tunnel: Prevent perpetual tunnel growth Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 021/123] amd-xgbe: Avoid spurious link down messages during interface toggle Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 022/123] tcp: fix tcp_tso_should_defer() vs large RTT Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 023/123] tg3: prevent use of uninitialized remote_adv and local_adv variables Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 024/123] splice, net: Add a splice_eof op to file-ops and socket-ops Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 025/123] net: tls: wait for async completion on last message Greg Kroah-Hartman
2025-10-27 18:35 ` Greg Kroah-Hartman [this message]
2025-10-27 18:35 ` [PATCH 5.15 027/123] tls: always set record_type in tls_process_cmsg Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 028/123] tls: dont rely on tx_work during send() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 029/123] net: usb: use eth_hw_addr_set() instead of ether_addr_copy() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 030/123] net: usb: lan78xx: Add error handling to lan78xx_init_mac_address Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 031/123] net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 032/123] riscv: kprobes: Fix probe address validation Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 033/123] drm/amd/powerplay: Fix CIK shutdown temperature Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 034/123] sched/balancing: Rename newidle_balance() => sched_balance_newidle() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 035/123] sched/fair: Fix pelt lost idle time detection Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 036/123] ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 037/123] ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 038/123] hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 039/123] PCI/sysfs: Ensure devices are powered for config reads (part 2) Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 040/123] Revert "perf test: Dont leak workload gopipe in PERF_RECORD_*" Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 041/123] exec: Fix incorrect type for ret Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 042/123] nios2: ensure that memblock.current_limit is set when setting pfn limits Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 043/123] hfs: clear offset and space out of valid records in b-tree node Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 044/123] hfs: make proper initalization of struct hfs_find_data Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 045/123] hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 046/123] hfs: validate record offset in hfsplus_bmap_alloc Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 047/123] hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 048/123] dlm: check for defined force value in dlm_lockspace_release Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 049/123] hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 050/123] hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 051/123] m68k: bitops: Fix find_*_bit() signatures Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 052/123] net: rtnetlink: add helper to extract msg types kind Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 053/123] net: rtnetlink: use BIT for flag values Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 054/123] net: netlink: add NLM_F_BULK delete request modifier Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 055/123] net: rtnetlink: add bulk delete support flag Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 056/123] net: add ndo_fdb_del_bulk Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 057/123] net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 058/123] rtnetlink: Allow deleting FDB entries in user namespace Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 059/123] net: enetc: correct the value of ENETC_RXB_TRUESIZE Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 060/123] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 061/123] arm64, mm: avoid always making PTE dirty in pte_mkwrite() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 062/123] sctp: avoid NULL dereference when chunk data buffer is missing Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 063/123] net: bonding: fix possible peer notify event loss or dup issue Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 064/123] Revert "cpuidle: menu: Avoid discarding useful information" Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 065/123] MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 066/123] ocfs2: clear extent cache after moving/defragmenting extents Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 067/123] vsock: fix lock inversion in vsock_assign_transport() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 068/123] net: usb: rtl8150: Fix frame padding Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 069/123] net: ravb: Ensure memory write completes before ringing TX doorbell Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 070/123] riscv: Use of_get_cpu_hwid() Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 071/123] RISC-V: Correctly print supported extensions Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 072/123] RISC-V: Minimal parser for "riscv, isa" strings Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 073/123] riscv: cpu: Add 64bit hartid support on RV64 Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 074/123] RISC-V: Dont print details of CPUs disabled in DT Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 075/123] USB: serial: option: add UNISOC UIS7720 Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 076/123] USB: serial: option: add Quectel RG255C Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 077/123] USB: serial: option: add Telit FN920C04 ECM compositions Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 078/123] usb/core/quirks: Add Huawei ME906S to wakeup quirk Greg Kroah-Hartman
2025-10-27 18:35 ` [PATCH 5.15 079/123] usb: raw-gadget: do not limit transfer length Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 080/123] xhci: dbc: enable back DbC in resume if it was enabled before suspend Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 081/123] binder: remove "invalid inc weak" check Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 082/123] comedi: fix divide-by-zero in comedi_buf_munge() Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 083/123] mei: me: add wildcat lake P DID Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 084/123] most: usb: Fix use-after-free in hdm_disconnect Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 085/123] most: usb: hdm_probe: Fix calling put_device() before device initialization Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 086/123] serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 087/123] arm64: cputype: Add Neoverse-V3AE definitions Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 088/123] arm64: errata: Apply workarounds for Neoverse-V3AE Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 089/123] s390/cio: Update purge function to unregister the unused subchannels Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 090/123] xfs: rename the old_crc variable in xlog_recover_process Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 091/123] xfs: fix log CRC mismatches between i386 and other architectures Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 092/123] NFSD: Rework encoding and decoding of nfsd4_deviceid Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 093/123] NFSD: Minor cleanup in layoutcommit processing Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 094/123] NFSD: Fix last write offset handling in layoutcommit Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 095/123] iio: imu: inv_icm42600: use = { } instead of memset() Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 096/123] iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 097/123] PM: runtime: Add new devm functions Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 098/123] iio: imu: inv_icm42600: Simplify pm_runtime setup Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 099/123] padata: Reset next CPU when reorder sequence wraps around Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 100/123] fuse: allocate ff->release_args only if release is needed Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 101/123] fuse: fix livelock in synchronous file put from fuseblk workers Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 102/123] PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 103/123] PCI: j721e: Fix programming sequence of "strap" settings Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 104/123] wifi: ath11k: HAL SRNG: dont deinitialize and re-initialize again Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 105/123] PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 106/123] drm/amdgpu: use atomic functions with memory barriers for vm fault info Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 107/123] vfs: Dont leak disconnected dentries on umount Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 108/123] NFSD: Define a proc_layoutcommit for the FlexFiles layout type Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 109/123] f2fs: fix wrong block mapping for multi-devices Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 110/123] PCI: tegra194: Handle errors in BPMP response Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 111/123] PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access() Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 112/123] PCI: rcar-host: Drop PMSR spinlock Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 113/123] PCI: tegra194: Reset BARs when running in PCIe endpoint mode Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 114/123] devcoredump: Fix circular locking dependency with devcd->mutex Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 115/123] xfs: always warn about deprecated mount options Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 116/123] arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 117/123] usb: gadget: Store endpoint pointer in usb_request Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 118/123] usb: gadget: Introduce free_usb_request helper Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 119/123] usb: gadget: f_ncm: Refactor bind path to use __free() Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 120/123] usb: gadget: f_acm: " Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 121/123] net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 122/123] PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Greg Kroah-Hartman
2025-10-27 18:36 ` [PATCH 5.15 123/123] RISC-V: Dont fail in riscv_of_parent_hartid() for disabled HARTs Greg Kroah-Hartman
2025-10-27 21:01 ` [PATCH 5.15 000/123] 5.15.196-rc1 review Florian Fainelli
2025-10-27 23:26 ` Slade Watkins
2025-10-28 4:49 ` Ron Economos
2025-10-28 8:33 ` Greg Kroah-Hartman
2025-10-28 8:09 ` Pavel Machek
2025-10-28 11:28 ` Jon Hunter
2025-10-28 15:41 ` Vijayendra Suman
2025-10-29 10:20 ` Greg Kroah-Hartman
2025-10-30 18:30 ` Vijayendra Suman
2025-10-28 19:27 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251027183447.098753044@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jannh@google.com \
--cc=kuba@kernel.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=sd@queasysnail.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).