Skip to content

Commit

Permalink
tls: Fix improper revert in zerocopy_from_iter
Browse files Browse the repository at this point in the history 
The current code is problematic because the iov_iter is reverted and
never advanced in the non-error case. This patch skips the revert in the
non-error case. This patch also fixes the amount by which the iov_iter
is reverted. Currently, iov_iter is reverted by size, which can be
greater than the amount by which the iter was actually advanced.
Instead, only revert by the amount that the iter was advanced.

Fixes: 4718799 ("tls: Fix zerocopy_from_iter iov handling")
Signed-off-by: Doron Roberts-Kedes <doronrk@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Doron Roberts-Kedes authored and David S. Miller committed Jul 29, 2018
1 parent 5a3611e commit 2da19ed
Showing 1 changed file with 5 additions and 7 deletions.
12 changes: 5 additions & 7 deletions net/tls/tls_sw.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ static int zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
int length, int *pages_used,
unsigned int *size_used,
struct scatterlist *to, int to_max_pages,
bool charge, bool revert)
bool charge)
{
struct page *pages[MAX_SKB_FRAGS];

Expand Down Expand Up @@ -312,10 +312,10 @@ static int zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
}

out:
if (rc)
iov_iter_revert(from, size - *size_used);
*size_used = size;
*pages_used = num_elem;
if (revert)
iov_iter_revert(from, size);

return rc;
}
Expand Down Expand Up @@ -417,7 +417,7 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
&ctx->sg_plaintext_size,
ctx->sg_plaintext_data,
ARRAY_SIZE(ctx->sg_plaintext_data),
true, false);
true);
if (ret)
goto fallback_to_reg_send;

Expand All @@ -428,8 +428,6 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
continue;

fallback_to_reg_send:
iov_iter_revert(&msg->msg_iter,
ctx->sg_plaintext_size - orig_size);
trim_sg(sk, ctx->sg_plaintext_data,
&ctx->sg_plaintext_num_elem,
&ctx->sg_plaintext_size,
Expand Down Expand Up @@ -834,7 +832,7 @@ int tls_sw_recvmsg(struct sock *sk,
err = zerocopy_from_iter(sk, &msg->msg_iter,
to_copy, &pages,
&chunk, &sgin[1],
MAX_SKB_FRAGS, false, true);
MAX_SKB_FRAGS, false);
if (err < 0)
goto fallback_to_reg_recv;

Expand Down

0 comments on commit 2da19ed

Please sign in to comment.