From: Jakub Kicinski Date: Tue, 9 Aug 2022 17:55:44 +0000 (-0700) Subject: tls: rx: device: don't try to copy too much on detach X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=d800a7b3577bfb783481b02865d8775a760212a7;p=linux.git tls: rx: device: don't try to copy too much on detach Another device offload bug, we use the length of the output skb as an indication of how much data to copy. But that skb is sized to offset + record length, and we start from offset. So we end up double-counting the offset which leads to skb_copy_bits() returning -EFAULT. Reported-by: Tariq Toukan Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser") Tested-by: Ran Rozenstein Link: https://lore.kernel.org/r/20220809175544.354343-2-kuba@kernel.org Signed-off-by: Jakub Kicinski --- diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c index f0b7c9122fbae..9b79e334dbd9e 100644 --- a/net/tls/tls_strp.c +++ b/net/tls/tls_strp.c @@ -41,7 +41,7 @@ static struct sk_buff *tls_strp_msg_make_copy(struct tls_strparser *strp) struct sk_buff *skb; int i, err, offset; - skb = alloc_skb_with_frags(0, strp->anchor->len, TLS_PAGE_ORDER, + skb = alloc_skb_with_frags(0, strp->stm.full_len, TLS_PAGE_ORDER, &err, strp->sk->sk_allocation); if (!skb) return NULL;