From: Sabrina Dubroca Date: Thu, 9 Jan 2025 22:30:54 +0000 (+0100) Subject: tls: skip setting sk_write_space on rekey X-Git-Tag: block-6.14-20240131~28^2~98 X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=06cc8786516f65bf0171402bfc2a4db6818b380b;p=linux-2.6-block.git tls: skip setting sk_write_space on rekey syzbot reported a problem when calling setsockopt(SO_SNDBUF) after a rekey. SO_SNDBUF calls sk_write_space, ie tls_write_space, which then calls the original socket's sk_write_space, saved in ctx->sk_write_space. Rekeys should skip re-assigning ctx->sk_write_space, so we don't end up with tls_write_space calling itself. Fixes: 47069594e67e ("tls: implement rekey for TLS1.3") Reported-by: syzbot+6ac73b3abf1b598863fa@syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/676d231b.050a0220.2f3838.0461.GAE@google.com/ Tested-by: syzbot+6ac73b3abf1b598863fa@syzkaller.appspotmail.com Signed-off-by: Sabrina Dubroca Link: https://patch.msgid.link/ffdbe4de691d1c1eead556bbf42e33ae215304a7.1736436785.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski --- diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 9ee5a83c5b40..99ca4465f702 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -737,6 +737,10 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval, else ctx->rx_conf = conf; update_sk_prot(sk, ctx); + + if (update) + return 0; + if (tx) { ctx->sk_write_space = sk->sk_write_space; sk->sk_write_space = tls_write_space;