From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA75C43634C; Mon, 11 May 2026 17:49:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778521767; cv=none; b=D8IMF0qcQI6bxbdvr3WdGWAWDj1Z9HbDM3RLZPRoID2cmk9t6jMBdaA/omglqrS8whXxV8A/8obDohtY40AYfbIfXiD8jfMz+9MsJ9EQRyWnZ1DCAgF6GgZoeNtkV4FivwY31CJqNlmXs3OJcfceUvJeO9N7fI806plctGmfTAI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778521767; c=relaxed/simple; bh=sVpNHmHY32bH01BNR2hNIwAhnNkkRwbJzCOag02xyH4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QedBSLvDwqdeWeacGmjWlELosB4/OUWm9ifnoyDTw9x43Oxc5l8YT/N7/wTfYU7nEpQnzG/ZGWMggAbbLN32EKHT/b2lC+A5q/GHGu7F5EDJKtp/aKe62d81eQHygU/CvWSv5JqHLL4jtY0nupI9c13Pgh+IrcIbPiunjcRmA9Y= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JYgPdg8l; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JYgPdg8l" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2286BC2BCC9; Mon, 11 May 2026 17:49:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1778521767; bh=sVpNHmHY32bH01BNR2hNIwAhnNkkRwbJzCOag02xyH4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JYgPdg8lbsszT15F7p5BAQlmrEnEQVPRA4xqJpz61iF9dn6I9lixC/lbBlBS8jUeh PJuzqNDC+hfXiKem+oksdNRJw4TW5qlgytifDWzqlN8EpKRO1FTXdXdUHvySU9Omd0 qhD3QatwaMJFewg6sdkc1T1suyWR9rF/UudNtWAwgPP5I6fmQE4Dh7EioFArrZaNKO NEyW6e3gMfgCleO9RnUXb9+roeZKkBg3r3a3Do5vR03ge9lzIZlkVprM7qW4lqpuIq 9fvFZmK3pmldJ5YNqlPFW8Dm9GZ2dXDh1lkGUyHT4gbf1iPiN+hwevzB05q5uUpsVL PHd0104iAc7tg== From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, edumazet@google.com, pabeni@redhat.com, andrew+netdev@lunn.ch, horms@kernel.org, sd@queasysnail.net, john.fastabend@gmail.com, bpf@vger.kernel.org, Jakub Kicinski , Sashiko , daniel@iogearbox.net, jonathan.lemon@gmail.com Subject: [PATCH net v2 2/4] net: tls: prevent chain-after-chain in plain text SG Date: Mon, 11 May 2026 10:49:18 -0700 Message-ID: <20260511174920.433155-3-kuba@kernel.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260511174920.433155-1-kuba@kernel.org> References: <20260511174920.433155-1-kuba@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sashiko points out that if end = 0 (start != 0) the current code will create a chain link to content type right after the wrap link: This would create a chain where the wrap link points directly to another chain link. The scatterlist API sg_next iterator does not recursively resolve consecutive chain links. meaning this is illegal input to crypto. The wrapping link is unnecessary if end = 0. end is the entry after the last one used so end = 0 means there's nothing pushed after the wrap: end start i v v v [ ]...[ ][ d ][ d ][ d ][ d ][rsv for wrap] Skip the wrapping in this case. TLS 1.3 can use the "wrapping slot" for it's chaining if end = 0. This avoids the chain-after-chain. Move the wrap chaining before marking END and chaining off content type, that feels like more logical ordering to me, but should not matter from functional perspective. Reported-by: Sashiko Fixes: 9aaaa56845a0 ("bpf: Sockmap/tls, skmsg can have wrapped skmsg that needs extra chaining") Signed-off-by: Jakub Kicinski --- CC: john.fastabend@gmail.com CC: sd@queasysnail.net CC: daniel@iogearbox.net CC: jonathan.lemon@gmail.com --- net/tls/tls_sw.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 2608b0c01849..3bfdaf5e64f5 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -789,21 +789,33 @@ static int tls_push_record(struct sock *sk, int flags, i = msg_pl->sg.end; sk_msg_iter_var_prev(i); + /* msg_pl->sg.data is a ring; data[MAX+1] is reserved for the wrap + * link (frags won't use it). 'i' is now the last filled entry: + * + * i end start + * v v v [ rsv ] + * [ d ][ d ][ ][ ]...[ ][ d ][ d ][ d ][chain] + * ^ END v + * `-----------------------------------------' + * + * Note that SGL does not allow chain-after-chain, so for TLS 1.3, + * we must make sure we don't create the wrap entry and then chain + * link to content_type immediately at index 0. + */ + if (i < msg_pl->sg.start) + sg_chain(msg_pl->sg.data, ARRAY_SIZE(msg_pl->sg.data), + msg_pl->sg.data); + rec->content_type = record_type; if (prot->version == TLS_1_3_VERSION) { /* Add content type to end of message. No padding added */ sg_set_buf(&rec->sg_content_type, &rec->content_type, 1); sg_mark_end(&rec->sg_content_type); - sg_chain(msg_pl->sg.data, msg_pl->sg.end + 1, - &rec->sg_content_type); + sg_chain(msg_pl->sg.data, i + 2, &rec->sg_content_type); } else { sg_mark_end(sk_msg_elem(msg_pl, i)); } - if (msg_pl->sg.end < msg_pl->sg.start) - sg_chain(msg_pl->sg.data, ARRAY_SIZE(msg_pl->sg.data), - msg_pl->sg.data); - i = msg_pl->sg.start; sg_chain(rec->sg_aead_in, 2, &msg_pl->sg.data[i]); -- 2.54.0