tls: Stricter error checking in zerocopy sendmsg path
authorDave Watson <davejwatson@fb.com>
Thu, 12 Jul 2018 15:03:43 +0000 (08:03 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 16 Jul 2018 20:31:31 +0000 (13:31 -0700)
commit32da12216e467dea70a09cd7094c30779ce0f9db
tree5a46f10804c8bcc68822d9100a1bc951218d8775
parent24d4e34f7a6157f313f7e0985944180e6a7d223d
tls: Stricter error checking in zerocopy sendmsg path

In the zerocopy sendmsg() path, there are error checks to revert
the zerocopy if we get any error code.  syzkaller has discovered
that tls_push_record can return -ECONNRESET, which is fatal, and
happens after the point at which it is safe to revert the iter,
as we've already passed the memory to do_tcp_sendpages.

Previously this code could return -ENOMEM and we would want to
revert the iter, but AFAIK this no longer returns ENOMEM after
a447da7d004 ("tls: fix waitall behavior in tls_sw_recvmsg"),
so we fail for all error codes.

Reported-by: syzbot+c226690f7b3126c5ee04@syzkaller.appspotmail.com
Reported-by: syzbot+709f2810a6a05f11d4d3@syzkaller.appspotmail.com
Signed-off-by: Dave Watson <davejwatson@fb.com>
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: David S. Miller <davem@davemloft.net>
net/tls/tls_sw.c