rxrpc: Fix unhandled errors in rxgk_verify_packet_integrity()

rxgk_verify_packet_integrity() may get more errors than just -EPROTO from
rxgk_verify_mic_skb().  Pretty much anything other than -ENOMEM constitutes
an unrecoverable error.  In the case of -ENOMEM, we can just drop the
packet and wait for a retransmission.

Similar happens with rxgk_decrypt_skb() and its callers.

Fix rxgk_decrypt_skb() or rxgk_verify_mic_skb() to return a greater variety
of abort codes and fix their callers to abort the connection on any error
apart from -ENOMEM.

Also preclear the variables used to hold the abort code returned from
rxgk_decrypt_skb() or rxgk_verify_mic_skb() to eliminate uninitialised
variable warnings.

Fixes: 9d1d2b59341f ("rxrpc: rxgk: Implement the yfs-rxgk security class (GSSAPI)")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lists.infradead.org/pipermail/linux-afs/2025-April/009739.html
Closes: https://lists.infradead.org/pipermail/linux-afs/2025-April/009740.html
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/2038804.1757631496@warthog.procyon.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/rxrpc/rxgk.c b/net/rxrpc/rxgk.c
index 1e19c605bcc829d8668e41f2d98ee949da45e22b..dce5a3d8a964f8a3859a0b08a4a9801b031fdc6e 100644 (file)
--- a/net/rxrpc/rxgk.c
+++ b/net/rxrpc/rxgk.c
@@ -475,7 +475,7 @@ static int rxgk_verify_packet_integrity(struct rxrpc_call *call,
        struct krb5_buffer metadata;
        unsigned int offset = sp->offset, len = sp->len;
        size_t data_offset = 0, data_len = len;
-       u32 ac;
+       u32 ac = 0;
        int ret = -ENOMEM;
 
        _enter("");
@@ -499,9 +499,10 @@ static int rxgk_verify_packet_integrity(struct rxrpc_call *call,
        ret = rxgk_verify_mic_skb(gk->krb5, gk->rx_Kc, &metadata,
                                  skb, &offset, &len, &ac);
        kfree(hdr);
-       if (ret == -EPROTO) {
-               rxrpc_abort_eproto(call, skb, ac,
-                                  rxgk_abort_1_verify_mic_eproto);
+       if (ret < 0) {
+               if (ret != -ENOMEM)
+                       rxrpc_abort_eproto(call, skb, ac,
+                                          rxgk_abort_1_verify_mic_eproto);
        } else {
                sp->offset = offset;
                sp->len = len;
@@ -524,15 +525,16 @@ static int rxgk_verify_packet_encrypted(struct rxrpc_call *call,
        struct rxgk_header hdr;
        unsigned int offset = sp->offset, len = sp->len;
        int ret;
-       u32 ac;
+       u32 ac = 0;
 
        _enter("");
 
        ret = rxgk_decrypt_skb(gk->krb5, gk->rx_enc, skb, &offset, &len, &ac);
-       if (ret == -EPROTO)
-               rxrpc_abort_eproto(call, skb, ac, rxgk_abort_2_decrypt_eproto);
-       if (ret < 0)
+       if (ret < 0) {
+               if (ret != -ENOMEM)
+                       rxrpc_abort_eproto(call, skb, ac, rxgk_abort_2_decrypt_eproto);
                goto error;
+       }
 
        if (len < sizeof(hdr)) {
                ret = rxrpc_abort_eproto(call, skb, RXGK_PACKETSHORT,

diff --git a/net/rxrpc/rxgk_app.c b/net/rxrpc/rxgk_app.c
index b94b77a1c31780059dff52566b188e64499d3e79..df684b5a853141b31cd023c9636a8111ff1fef8c 100644 (file)
--- a/net/rxrpc/rxgk_app.c
+++ b/net/rxrpc/rxgk_app.c
@@ -187,7 +187,7 @@ int rxgk_extract_token(struct rxrpc_connection *conn, struct sk_buff *skb,
        struct key *server_key;
        unsigned int ticket_offset, ticket_len;
        u32 kvno, enctype;
-       int ret, ec;
+       int ret, ec = 0;
 
        struct {
                __be32 kvno;
@@ -236,9 +236,11 @@ int rxgk_extract_token(struct rxrpc_connection *conn, struct sk_buff *skb,
                               &ticket_offset, &ticket_len, &ec);
        crypto_free_aead(token_enc);
        token_enc = NULL;
-       if (ret < 0)
-               return rxrpc_abort_conn(conn, skb, ec, ret,
-                                       rxgk_abort_resp_tok_dec);
+       if (ret < 0) {
+               if (ret != -ENOMEM)
+                       return rxrpc_abort_conn(conn, skb, ec, ret,
+                                               rxgk_abort_resp_tok_dec);
+       }
 
        ret = conn->security->default_decode_ticket(conn, skb, ticket_offset,
                                                    ticket_len, _key);

diff --git a/net/rxrpc/rxgk_common.h b/net/rxrpc/rxgk_common.h
index 7370a56559853ffaea910083be7ab24c39daefc6..80164d89e19c03ea442d541f68404bf8d42fcc51 100644 (file)
--- a/net/rxrpc/rxgk_common.h
+++ b/net/rxrpc/rxgk_common.h
@@ -88,11 +88,16 @@ int rxgk_decrypt_skb(const struct krb5_enctype *krb5,
                *_offset += offset;
                *_len = len;
                break;
+       case -EBADMSG: /* Checksum mismatch. */
        case -EPROTO:
-       case -EBADMSG:
                *_error_code = RXGK_SEALEDINCON;
                break;
+       case -EMSGSIZE:
+               *_error_code = RXGK_PACKETSHORT;
+               break;
+       case -ENOPKG: /* Would prefer RXGK_BADETYPE, but not available for YFS. */
        default:
+               *_error_code = RXGK_INCONSISTENCY;
                break;
        }
 
@@ -127,11 +132,16 @@ int rxgk_verify_mic_skb(const struct krb5_enctype *krb5,
                *_offset += offset;
                *_len = len;
                break;
+       case -EBADMSG: /* Checksum mismatch */
        case -EPROTO:
-       case -EBADMSG:
                *_error_code = RXGK_SEALEDINCON;
                break;
+       case -EMSGSIZE:
+               *_error_code = RXGK_PACKETSHORT;
+               break;
+       case -ENOPKG: /* Would prefer RXGK_BADETYPE, but not available for YFS. */
        default:
+               *_error_code = RXGK_INCONSISTENCY;
                break;
        }