torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
bee47cb026
linux/net
History
Olga Kornievskaia bee47cb026 sunrpc: fix handling of server side tls alerts 
Scott Mayhew discovered a security exploit in NFS over TLS in
tls_alert_recv() due to its assumption it can read data from
the msg iterator's kvec..

kTLS implementation splits TLS non-data record payload between
the control message buffer (which includes the type such as TLS
aler or TLS cipher change) and the rest of the payload (say TLS
alert's level/description) which goes into the msg payload buffer.

This patch proposes to rework how control messages are setup and
used by sock_recvmsg().

If no control message structure is setup, kTLS layer will read and
process TLS data record types. As soon as it encounters a TLS control
message, it would return an error. At that point, NFS can setup a
kvec backed msg buffer and read in the control message such as a
TLS alert. Msg iterator can advance the kvec pointer as a part of
the copy process thus we need to revert the iterator before calling
into the tls_alert_recv.

Reported-by: Scott Mayhew <smayhew@redhat.com>
Fixes: 5e052dda12 ("SUNRPC: Recognize control messages in server-side TCP socket code")
Suggested-by: Trond Myklebust <trondmy@hammerspace.com>
Cc: stable@vger.kernel.org
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2025-08-06 09:57:50 -04:00
..
6lowpan ipv6: eliminate ndisc_ops_is_useropt() 2024-08-12 17:23:57 -07:00
9p netfs: Fix the request's work item to not require a ref 2025-05-21 14:35:20 +02:00
802 treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
8021q net: 802: Remove unused p8022 code 2025-04-22 07:04:02 -07:00
appletalk net: appletalk: Fix device refcount leak in atrtr_create() 2025-07-10 18:01:08 -07:00
atm atm: clip: Fix NULL pointer dereference in vcc_sendmsg() 2025-07-09 19:09:36 -07:00
ax25 treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
batman-adv treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
bluetooth Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected 2025-07-03 11:37:43 -04:00
bpf selftests/bpf: Add test to access const void pointer argument in tracing program 2025-04-23 11:26:22 -07:00
bridge bridge: mcast: Fix use-after-free during router port configuration 2025-06-23 18:19:10 -07:00
caif rtnetlink: Pack newlink() params into struct 2025-02-21 15:28:02 -08:00
can treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
ceph A small CephFS encryption-related fix and a dead code cleanup. 2025-04-25 15:51:28 -07:00
core net: selftests: fix TCP packet checksum 2025-06-26 10:50:49 +02:00
dcb dcb: Use rtnl_register_many(). 2024-10-15 18:52:26 -07:00
devlink devlink: use DEVLINK_VAR_ATTR_TYPE_* instead of NLA_* in fmsg 2025-05-06 18:21:11 -07:00
dns_resolver
dsa net: dsa: tag_brcm: legacy: fix pskb_may_pull length 2025-05-30 19:20:18 -07:00
ethernet
ethtool Including fixes from bluetooth and wireless. 2025-06-12 09:50:36 -07:00
handshake module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
hsr treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
ieee802154 treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
ife
ipv4 tcp: refine sk_rcvbuf increase for ooo packets 2025-07-09 19:24:10 -07:00
ipv6 gre: Fix IPv6 multicast route creation. 2025-07-10 18:10:47 -07:00
iucv s390: Convert MACHINE_IS_[LPAR|VM|KVM], etc, machine_is_[lpar|vm|kvm]() 2025-03-04 17:18:07 +01:00
kcm kcm: replace call_rcu by kfree_rcu for simple kmem_cache_free callback 2024-10-15 10:50:21 -07:00
key xfrm: Migrate offload configuration 2025-04-17 11:00:03 +02:00
l2tp net: move misc netdev_lock flavors to a separate header 2025-03-08 09:06:50 -08:00
l3mdev net: fib_rules: Fix iif / oif matching on L3 master device 2025-04-15 17:54:56 -07:00
lapb treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
llc treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
mac80211 wifi: mac80211: add the virtual monitor after reconfig complete 2025-07-10 13:27:14 +02:00
mac802154 mac802154: Switch to use hrtimer_setup() 2025-02-18 10:35:44 +01:00
mctp net: mctp: use nlmsg_payload() for netlink message data extraction 2025-05-26 17:38:27 +02:00
mpls mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). 2025-06-17 18:21:59 -07:00
mptcp treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
ncsi treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
netfilter treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
netlabel calipso: unlock rcu before returning -EAFNOSUPPORT 2025-06-05 08:03:38 -07:00
netlink netlink: make sure we allow at least one dump skb 2025-07-11 07:31:47 -07:00
netrom treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
nfc NFC: nci: uart: Set tty->disc_data only in success path 2025-06-19 08:33:54 -07:00
nsh
openvswitch openvswitch: Allocate struct ovs_pcpu_storage dynamically 2025-06-17 14:47:46 +02:00
packet treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
phonet phonet: do not call synchronize_rcu() from phonet_route_del() 2024-11-07 20:34:16 -08:00
psample psample: adjust size if rate_as_probability is set 2024-12-18 19:23:04 -08:00
qrtr net: qrtr: Update packets cloning when broadcasting 2024-09-24 10:48:16 +02:00
rds replace strncpy with strscpy_pad 2025-05-26 22:28:44 +02:00
rfkill net: rfkill: gpio: allow booting in blocked state 2025-02-11 11:55:55 +01:00
rose rose: fix dangling neighbour pointers in rose_rt_device_down() 2025-07-01 19:28:48 -07:00
rxrpc rxrpc: Fix oops due to non-existence of prealloc backlog struct 2025-07-09 19:41:44 -07:00
sched net/sched: sch_qfq: Fix null-deref in agg_dequeue 2025-07-10 11:08:35 +02:00
sctp treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
shaper net: add netdev_lock() / netdev_unlock() helpers 2025-01-15 19:13:33 -08:00
smc smc: Fix lockdep false-positive for IPPROTO_SMC. 2025-04-11 14:14:26 -07:00
strparser strparser: Remove unused __strp_unpause 2025-05-05 16:48:12 -07:00
sunrpc sunrpc: fix handling of server side tls alerts 2025-08-06 09:57:50 -04:00
switchdev net: switchdev: Convert blocking notification chain to a raw one 2025-03-11 11:30:28 +01:00
tipc tipc: Fix use-after-free in tipc_conn_close(). 2025-07-07 18:38:24 -07:00
tls bpf-next-6.16 2025-05-28 15:52:42 -07:00
unix af_unix: Don't set -ECONNRESET for consumed OOB skb. 2025-06-24 10:10:07 +02:00
vmw_vsock vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also transport_local 2025-07-08 08:39:49 -07:00
wireless wifi: prevent A-MSDU attacks in mesh networks 2025-07-07 10:54:13 +02:00
x25 treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-05-22 09:42:41 -07:00
xfrm treewide, timers: Rename from_timer() to timer_container_of() 2025-06-08 09:07:37 +02:00
compat.c
devres.c
Kconfig net: Kconfig NET_DEVMEM selects GENERIC_ALLOCATOR 2025-05-27 17:31:42 -07:00
Kconfig.debug rtnetlink: Add per-netns RTNL. 2024-10-08 15:16:59 +02:00
Makefile net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-03-26 09:32:10 -07:00
sysctl_net.c