net: tls: prevent false connection termination with offload
authorJakub Kicinski <jakub.kicinski@netronome.com>
Thu, 28 Mar 2019 21:54:43 +0000 (14:54 -0700)
committerDavid S. Miller <davem@davemloft.net>
Fri, 29 Mar 2019 20:38:50 +0000 (13:38 -0700)
Only decrypt_internal() performs zero copy on rx, all paths
which don't hit decrypt_internal() must set zc to false,
otherwise tls_sw_recvmsg() may return 0 causing the application
to believe that that connection got closed.

Currently this happens with device offload when new record
is first read from.

Fixes: d069b780e367 ("tls: Fix tls_device receive")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Reported-by: David Beckett <david.beckett@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/tls/tls_sw.c

index 425351ac2a9b156aacf9234e566d7c5ba0dc5867..20b1912279694a457fb4bc9d5287186ced1afacc 100644 (file)
@@ -1484,6 +1484,8 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,
 
                                return err;
                        }
+               } else {
+                       *zc = false;
                }
 
                rxm->full_len -= padding_length(ctx, tls_ctx, skb);