From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH net] tls: Stricter error checking in zerocopy sendmsg
 path
Date: Mon, 16 Jul 2018 13:32:37 -0700 (PDT)
Message-ID: <20180716.133237.2093552528129465739.davem@davemloft.net>
References: <20180712150343.GA19138@macbook-pro-6.local.dhcp.thefacebook.com>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: borisp@mellanox.com, netdev@vger.kernel.org, aviadye@mellanox.com,
        daniel@iogearbox.net, doronrk@fb.com, vakul.garg@nxp.com
To: davejwatson@fb.com
Return-path: <netdev-owner@vger.kernel.org>
Received: from shards.monkeyblade.net ([23.128.96.9]:59606 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728300AbeGPVBm (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 16 Jul 2018 17:01:42 -0400
In-Reply-To: <20180712150343.GA19138@macbook-pro-6.local.dhcp.thefacebook.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Dave Watson <davejwatson@fb.com>
Date: Thu, 12 Jul 2018 08:03:43 -0700

> In the zerocopy sendmsg() path, there are error checks to revert
> the zerocopy if we get any error code.  syzkaller has discovered
> that tls_push_record can return -ECONNRESET, which is fatal, and
> happens after the point at which it is safe to revert the iter,
> as we've already passed the memory to do_tcp_sendpages.
> 
> Previously this code could return -ENOMEM and we would want to
> revert the iter, but AFAIK this no longer returns ENOMEM after
> a447da7d004 ("tls: fix waitall behavior in tls_sw_recvmsg"),
> so we fail for all error codes.
> 
> Reported-by: syzbot+c226690f7b3126c5ee04@syzkaller.appspotmail.com
> Reported-by: syzbot+709f2810a6a05f11d4d3@syzkaller.appspotmail.com
> Signed-off-by: Dave Watson <davejwatson@fb.com>
> Fixes: 3c4d7559159b ("tls: kernel TLS support")

Applied and queued up for -stable, thanks Dave.