net: tls: prevent false connection termination with offload

Only decrypt_internal() performs zero copy on rx, all paths which don't hit decrypt_internal() must set zc to false, otherwise tls_sw_recvmsg() may return 0 causing the application to believe that that connection got closed. Currently this happens with device offload when new record is first read from. Fixes: d069b780 ("tls: Fix tls_device receive") Signed-off-by: N Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: N Simon Horman <simon.horman@netronome.com> Reported-by: N David Beckett <david.beckett@netronome.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

net: tls: prevent false connection termination with offload
Only decrypt_internal() performs zero copy on rx, all paths which don't hit decrypt_internal() must set zc to false, otherwise tls_sw_recvmsg() may return 0 causing the application to believe that that connection got closed. Currently this happens with device offload when new record is first read from. Fixes: d069b780 ("tls: Fix tls_device receive") Signed-off-by: N Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: N Simon Horman <simon.horman@netronome.com> Reported-by: N David Beckett <david.beckett@netronome.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
c43ac97b · Jakub Kicinski · David S. Miller · 1b704c4a · c43ac97b
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

net/tls/tls_sw.c net/tls/tls_sw.c +2 -0

未找到文件。
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1484,6 +1484,8 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb,

 				return err;
 			}
+		} else {
+			*zc = false;
 		}

 		rxm->full_len -= padding_length(ctx, tls_ctx, skb);