From: Jakub Kicinski <kuba@kernel.org>
Date: Mon, 11 Apr 2022 19:19:14 +0000 (-0700)
Subject: tls: rx: return the already-copied data on crypto error
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=f314bfee81b1bf8e01168177b2f65f24eb8da63a;p=linux.git

tls: rx: return the already-copied data on crypto error

async crypto handler will report the socket error no need
to report it again. We can, however, let the data we already
copied be reported to user space but we need to make sure
the error will be reported next time around.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index c1ba64bfe228d..73c31f38dfe93 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1744,6 +1744,11 @@ int tls_sw_recvmsg(struct sock *sk,
 	lock_sock(sk);
 	bpf_strp_enabled = sk_psock_strp_enabled(psock);
 
+	/* If crypto failed the connection is broken */
+	err = ctx->async_wait.err;
+	if (err)
+		goto end;
+
 	/* Process pending decrypted records. It must be non-zero-copy */
 	err = process_rx_list(ctx, msg, &control, 0, len, false, is_peek);
 	if (err < 0)
@@ -1874,7 +1879,7 @@ leave_on_list:
 
 recv_end:
 	if (async) {
-		int pending;
+		int ret, pending;
 
 		/* Wait for all previously submitted records to be decrypted */
 		spin_lock_bh(&ctx->decrypt_compl_lock);
@@ -1882,11 +1887,10 @@ recv_end:
 		pending = atomic_read(&ctx->decrypt_pending);
 		spin_unlock_bh(&ctx->decrypt_compl_lock);
 		if (pending) {
-			err = crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
-			if (err) {
-				/* one of async decrypt failed */
-				tls_err_abort(sk, err);
-				copied = 0;
+			ret = crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+			if (ret) {
+				if (err >= 0 || err == -EINPROGRESS)
+					err = ret;
 				decrypted = 0;
 				goto end;
 			}