diff options
author | Jakub Kicinski <jakub.kicinski@netronome.com> | 2019-03-28 14:54:43 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-03-29 13:38:50 -0700 |
commit | c43ac97bac987e56c179598ce3398a95d55067bc (patch) | |
tree | 3e320a07187839f783d0359a0736be494607a6de /net/tls | |
parent | 1b704c4a1ba95574832e730f23817b651db2aa59 (diff) |
net: tls: prevent false connection termination with offload
Only decrypt_internal() performs zero copy on rx, all paths
which don't hit decrypt_internal() must set zc to false,
otherwise tls_sw_recvmsg() may return 0 causing the application
to believe that that connection got closed.
Currently this happens with device offload when new record
is first read from.
Fixes: d069b780e367 ("tls: Fix tls_device receive")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Reported-by: David Beckett <david.beckett@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tls')
-rw-r--r-- | net/tls/tls_sw.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 425351ac2a9b..20b191227969 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1484,6 +1484,8 @@ static int decrypt_skb_update(struct sock *sk, struct sk_buff *skb, return err; } + } else { + *zc = false; } rxm->full_len -= padding_length(ctx, tls_ctx, skb); |