Commit 7e7be31b authored Apr 29, 2026 by Jakub Kicinski

net: tls: fix silent data drop under pipe back-pressure

tls_sw_splice_read() uses len when advancing rxm->offset / rxm->full_len
after skb_splice_bits(), rather than copied (the actual number of bytes
successfully spliced into the pipe). When the destination pipe cannot
accept all the requested bytes, splice_to_pipe() returns fewer bytes
than len, and 'len - copied' of data is effectively skipped over.

Fixes: e062fe99 ("tls: splice_read: fix accessing pre-processed records")
Link: https://patch.msgid.link/20260429222944.2139041-2-kuba@kernel.org

Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent b42f68cf

net/tls/tls_sw.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -2317,9 +2317,9 @@ ssize_t tls_sw_splice_read(struct socket sock, loff_t ppos,
		if (copied < 0)
		goto splice_requeue;

		if (chunk < rxm->full_len) {
		rxm->offset += len;
		rxm->full_len -= len;
		if (copied < rxm->full_len) {
		rxm->offset += copied;
		rxm->full_len -= copied;
		goto splice_requeue;
		}