From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vakul Garg Subject: [PATCH net-next v1] net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC Date: Wed, 5 Sep 2018 21:57:43 +0530 Message-ID: <20180905162743.10145-1-vakul.garg@nxp.com> Mime-Version: 1.0 Content-Type: text/plain Cc: borisp@mellanox.com, aviadye@mellanox.com, davejwatson@fb.com, davem@davemloft.net, doronrk@fb.com, Vakul Garg To: netdev@vger.kernel.org Return-path: Received: from mail-ve1eur01on0069.outbound.protection.outlook.com ([104.47.1.69]:9667 "EHLO EUR01-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726219AbeIEPjQ (ORCPT ); Wed, 5 Sep 2018 11:39:16 -0400 Sender: netdev-owner@vger.kernel.org List-ID: tls_sw_sendmsg() allocates plaintext and encrypted SG entries using function sk_alloc_sg(). In case the number of SG entries hit MAX_SKB_FRAGS, sk_alloc_sg() returns -ENOSPC and sets the variable for current SG index to '0'. This leads to calling of function tls_push_record() with 'sg_encrypted_num_elem = 0' and later causes kernel crash. To fix this, set the number of SG elements to the number of elements in plaintext/encrypted SG arrays in case sk_alloc_sg() returns -ENOSPC. Signed-off-by: Vakul Garg --- net/tls/tls_sw.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index be4f2e990f9f..2dad3dc7be60 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -263,6 +263,9 @@ static int alloc_encrypted_sg(struct sock *sk, int len) &ctx->sg_encrypted_num_elem, &ctx->sg_encrypted_size, 0); + if (rc == -ENOSPC) + ctx->sg_encrypted_num_elem = ARRAY_SIZE(ctx->sg_encrypted_data); + return rc; } @@ -276,6 +279,9 @@ static int alloc_plaintext_sg(struct sock *sk, int len) &ctx->sg_plaintext_num_elem, &ctx->sg_plaintext_size, tls_ctx->pending_open_record_frags); + if (rc == -ENOSPC) + ctx->sg_plaintext_num_elem = ARRAY_SIZE(ctx->sg_plaintext_data); + return rc; } -- 2.13.6