Sabrina Dubroca ecb45e2a73 UPSTREAM: net: tls: fix use-after-free with partial reads and async decrypt ... [ Upstream commit 32b55c5ff9103b8508c1e04bfa5a08c64e7a925f ] tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb. Bug: 326214405 Fixes: fd31f3996a ("tls: rx: decrypt into a fresh skb") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit d684763534b969cca1022e2a28645c7cc91f7fa5) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: Ifdd765d0af082523d1432436b6f6d2c094c48dca		2024-03-07 13:41:50 +00:00
..
Kconfig	net/tls: Select SOCK_RX_QUEUE_MAPPING from TLS_DEVICE	2021-02-11 19:08:06 -08:00
Makefile	tls: rx: async: hold onto the input skb	2022-07-18 11:24:11 +01:00
tls_device_fallback.c	net/tls: Fix memory leak in tls_enc_skb() and tls_sw_fallback_init()	2022-11-11 20:08:17 -08:00
tls_device.c	net: tls: avoid discarding data on record close	2023-08-16 18:27:27 +02:00
tls_main.c	Revert "tcp: allow again tcp_disconnect() when threads are waiting"	2023-11-06 14:50:07 +00:00
tls_proc.c	tls: rx: add counter for NoPad violations	2022-07-11 19:48:33 -07:00
tls_strp.c	tls: improve lockless access safety of tls_err_abort()	2023-06-09 10:34:01 +02:00
tls_sw.c	UPSTREAM: net: tls: fix use-after-free with partial reads and async decrypt	2024-03-07 13:41:50 +00:00
tls_toe.c	tls: create an internal header	2022-07-08 18:38:45 -07:00
tls.h	tls: Only use data field in crypto completion function	2023-11-20 11:51:52 +01:00
trace.c	net/tls: add tracing for device/offload events	2019-10-05 16:29:00 -07:00
trace.h	net/tls: add device decrypted trace point	2019-10-05 16:29:00 -07:00