summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Kicinski <kuba@kernel.org>2022-08-09 19:55:44 +0200
committerJakub Kicinski <kuba@kernel.org>2022-08-11 07:53:25 +0200
commitd800a7b3577bfb783481b02865d8775a760212a7 (patch)
tree69bbc9081eb324017b05e80621123de8a7645751
parenttls: rx: device: bound the frag walk (diff)
downloadlinux-d800a7b3577bfb783481b02865d8775a760212a7.tar.xz
linux-d800a7b3577bfb783481b02865d8775a760212a7.zip
tls: rx: device: don't try to copy too much on detach
Another device offload bug, we use the length of the output skb as an indication of how much data to copy. But that skb is sized to offset + record length, and we start from offset. So we end up double-counting the offset which leads to skb_copy_bits() returning -EFAULT. Reported-by: Tariq Toukan <tariqt@nvidia.com> Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser") Tested-by: Ran Rozenstein <ranro@nvidia.com> Link: https://lore.kernel.org/r/20220809175544.354343-2-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-rw-r--r--net/tls/tls_strp.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index f0b7c9122fba..9b79e334dbd9 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -41,7 +41,7 @@ static struct sk_buff *tls_strp_msg_make_copy(struct tls_strparser *strp)
struct sk_buff *skb;
int i, err, offset;
- skb = alloc_skb_with_frags(0, strp->anchor->len, TLS_PAGE_ORDER,
+ skb = alloc_skb_with_frags(0, strp->stm.full_len, TLS_PAGE_ORDER,
&err, strp->sk->sk_allocation);
if (!skb)
return NULL;