From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D76C30DEBA for ; Fri, 8 May 2026 08:53:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778230396; cv=none; b=dZnmvfx6vyaWr28LwNU1mfDfvudlTp7PWvi4QRi5H8YE7mVe5+3TVOpypIGmU5NjnD21xL/ZRIVcUhxXw0bBEEg6lQiTfLCRSrE1vS2lUmTi1r3X8XWjHITnPbi5Lg4dsY5pzq8iU2kFoVk3MgKbjMvNdoiKkYw4z2Z/R2IUg/g= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778230396; c=relaxed/simple; bh=c9epRKiYhaGspONM8KWKVGgkg5mJffga5eNI3KZzYj0=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=qlcXinMhmt2DsUQm4SwFq4wro1tdDmLTyl44MHb+YH6HPjvSt6zUz32v1y6lD5ffVruRP8um7KTsWmylG91798Om55H3ZyiAWWTNitgVZ6877uny4fjH55iC+zFCpPE9mLe8NAS5QeUEPzLskprRdDGzq1ChU+x2PeRiSaZYC4E= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ViV0FGD9; arc=none smtp.client-ip=209.85.210.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ViV0FGD9" Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-8353fd1cb5fso864993b3a.0 for ; Fri, 08 May 2026 01:53:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778230394; x=1778835194; darn=vger.kernel.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=ri1HIxFfdPDhQYTOtlv8tdzoC5QvHDL1O0z7T1+MFXM=; b=ViV0FGD9Jl9zN1VC2sxfiKgJDTZAQH+EeUHFY7VqHkh3RTGkIA9/IqVWl7+HNlvu4a D2rsBSJqpqcaTKH+m6fAaiByJltEDc6kNLOBv53Sk2NT902a9bnCuP1zDKmP+pMeEDd1 VdDu+mfSUAydowKbGOxVuJxhY3Sopn/QhKLoZmbW1oa2YirsxlwDm6gKxuQKA7425WuD KXhIp8anio9ZYqkTJGpAnHwK8zs8c/mJHTocnf61vGCJgStZD1PxoB04+wY2XO37Euz8 sYYbcFal24QnjHSmEQ/P5avjVm1xA7l008X1PgCez8XbUl6sj71wk1fawjex6O4IULXv rlpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778230394; x=1778835194; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ri1HIxFfdPDhQYTOtlv8tdzoC5QvHDL1O0z7T1+MFXM=; b=VpdZu6k8bFZYtUW0yXVW7dzT/XzZ+OG8BDtbXkoxykj3Rx14F9WSWxIcL/y84eRGfs oWoPqly1b74wkrym+Uz4P+SOnriUj08tE21kLbSFWcjhp7F6VEWuYz7bDEtI0c8dv8Vi Z+m309FZISFvCnmFE2KP05ALMjUJI9lZO7HU8wt5JyzZ/gDogAlSD5aPzomW1t7ziUeM 3EhQz2/baCUy1XEnb1J3VKJTySuBLsjCpwP12iUrFbR963uWotIpyy6rCQOhX7iQwqtd kYyAbqO+3Tn4QZ1gq/sugwe0PW/7YP4f+39O9cmlF/OC86bWCHCgaxaQx+eeNwEmVF4T bzDg== X-Forwarded-Encrypted: i=1; AFNElJ+1NIHUb8r0Hq6vV/mwpHUXbxwSu6qQ8eBsVgyuR3xfRwIxne56oB3FujG7CvHrlDfj96gqSv4=@vger.kernel.org X-Gm-Message-State: AOJu0YwSl3QVQ0N3WqkXqip7EVW7YheIeCetNilVot1T16ARaow+U+Q1 xCa+foOdL3F1Mvfbq1RqAiIo84lpzY8dWpXumIO38A8653hXnsbNQB+Z X-Gm-Gg: AeBDiesbSkXpWKEVQlOxH0LVJcNbKUF/IS49OyvZgcT68g1o9gackndekgoBG6OMAB1 PfIQfTsgCRaOqlvCzqxWbmuc/Wxr+nanEFOMj893WfhZDyYDTP8lAeZ1HHc/GUA1wJd7/Vw7KZ/ D6DVGIThXPouP5x05qtiqK0wtQpQI8NtmP7FXqIKFf4lAJw+VmA8vGmh1i+ozpjijaX+nGLTpvP khJyDdfRXn9Z3Z/zTfh6LVYBw7UDvKrMxIz9ntnk86LZUawxyClDvGzQ8wlfBV3NfjTYVWHq7uf G8gSurCTnKKY6XqrrFDfjH3DTWWvLVzVjU2mseZi2iH++QJAN3T0nF6q2dKL4P7QJGAXIk8UXTp ARkFpWWLzW8db9C6/ZJqKPpAq8NuyWLyVJTkLRNMTii89vbY4Z25SVR41ia2ydCFa7lIg3YOBfL WZRWl7T4wVBCYP0lSLjNbNl+f/sWEifCpsaAF1r8dEZxA= X-Received: by 2002:a05:6a00:3e1a:b0:835:36f5:17c9 with SMTP id d2e1a72fcca58-83bb65f38bfmr5369559b3a.2.1778230393951; Fri, 08 May 2026 01:53:13 -0700 (PDT) Received: from v4bel ([58.123.110.97]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-8396563f03bsm11851171b3a.9.2026.05.08.01.53.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 May 2026 01:53:13 -0700 (PDT) Date: Fri, 8 May 2026 17:53:09 +0900 From: Hyunwoo Kim To: dhowells@redhat.com, marc.dionne@auristor.com, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, horms@kernel.org, qingfang.deng@linux.dev, jiayuan.chen@linux.dev Cc: linux-afs@lists.infradead.org, netdev@vger.kernel.org, stable@vger.kernel.org, imv4bel@gmail.com Subject: [PATCH net v3] rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present Message-ID: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true. This catches the splice-loopback vector and other externally-shared frag sources while preserving the zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC page_pool RX, GRO). The OOM/trace handling already in place is reused. Fixes: d0d5c0cd1e71 ("rxrpc: Use skb_unshare() rather than skb_cow_data()") Cc: stable@vger.kernel.org Signed-off-by: Hyunwoo Kim --- Changes in v3: - Use skb_has_frag_list() || skb_has_shared_frag() instead of skb_is_nonlinear() - v2: https://lore.kernel.org/all/af2F1FU5d4Q_Gn1W@v4bel/ Changes in v2: - Use skb_is_nonlinear() instead of skb->data_len - v1: https://lore.kernel.org/all/afKV2zGR6rrelPC7@v4bel/ --- net/rxrpc/call_event.c | 4 +++- net/rxrpc/conn_event.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/net/rxrpc/call_event.c b/net/rxrpc/call_event.c index fdd683261226..2b19b252225e 100644 --- a/net/rxrpc/call_event.c +++ b/net/rxrpc/call_event.c @@ -334,7 +334,9 @@ bool rxrpc_input_call_event(struct rxrpc_call *call) if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA && sp->hdr.securityIndex != 0 && - skb_cloned(skb)) { + (skb_cloned(skb) || + skb_has_frag_list(skb) || + skb_has_shared_frag(skb))) { /* Unshare the packet so that it can be * modified by in-place decryption. */ diff --git a/net/rxrpc/conn_event.c b/net/rxrpc/conn_event.c index a2130d25aaa9..442414d90ba1 100644 --- a/net/rxrpc/conn_event.c +++ b/net/rxrpc/conn_event.c @@ -245,7 +245,8 @@ static int rxrpc_verify_response(struct rxrpc_connection *conn, { int ret; - if (skb_cloned(skb)) { + if (skb_cloned(skb) || skb_has_frag_list(skb) || + skb_has_shared_frag(skb)) { /* Copy the packet if shared so that we can do in-place * decryption. */ -- 2.43.0