diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2026-05-11 20:49:18 +0300 |
|---|---|---|
| committer | Paolo Abeni <pabeni@redhat.com> | 2026-05-14 14:18:40 +0300 |
| commit | ff26a0e8377dec07e4a7230db7675bed1b9a6d03 (patch) | |
| tree | 8bc0a138c709db67d13e3eb65d879562f666ad75 /tools | |
| parent | 285943c6e7ca309bbea84b253745154241d9788a (diff) | |
| download | linux-ff26a0e8377dec07e4a7230db7675bed1b9a6d03.tar.xz | |
net: tls: prevent chain-after-chain in plain text SG
Sashiko points out that if end = 0 (start != 0) the current
code will create a chain link to content type right after
the wrap link:
This would create a chain where the wrap link points directly
to another chain link. The scatterlist API sg_next iterator
does not recursively resolve consecutive chain links.
meaning this is illegal input to crypto.
The wrapping link is unnecessary if end = 0. end is the entry after
the last one used so end = 0 means there's nothing pushed after
the wrap:
end start i
v v v
[ ]...[ ][ d ][ d ][ d ][ d ][rsv for wrap]
Skip the wrapping in this case.
TLS 1.3 can use the "wrapping slot" for it's chaining if end = 0.
This avoids the chain-after-chain.
Move the wrap chaining before marking END and chaining off content
type, that feels like more logical ordering to me, but should not
matter from functional perspective.
Reported-by: Sashiko <sashiko-bot@kernel.org>
Fixes: 9aaaa56845a0 ("bpf: Sockmap/tls, skmsg can have wrapped skmsg that needs extra chaining")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://patch.msgid.link/20260511174920.433155-3-kuba@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions