Commit def304aa authored by David Howells's avatar David Howells Committed by Jakub Kicinski
Browse files

rxrpc: Fix rxkad crypto unalignment handling 

Fix handling of a packet with a misaligned crypto length.  Also handle
non-ENOMEM errors from decryption by aborting.  Further, remove the
WARN_ON_ONCE() so that it can't be remotely triggered (a trace line can
still be emitted).

Fixes: f93af41b ("rxrpc: Fix missing error checks for rxkad encryption/decryption failure")
Closes: https://sashiko.dev/#/patchset/20260408121252.2249051-1-dhowells%40redhat.com


Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Jeffrey Altman <jaltman@auristor.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: stable@kernel.org
Link: https://patch.msgid.link/20260422161438.2593376-3-dhowells@redhat.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 34f61a07

include/trace/events/rxrpc.h

+1 −0
Original line number Diff line number Diff line
@@ -37,6 +37,7 @@ 
	EM(rxkad_abort_1_short_encdata,		"rxkad1-short-encdata")	\

	EM(rxkad_abort_1_short_header,		"rxkad1-short-hdr")	\

	EM(rxkad_abort_2_short_check,		"rxkad2-short-check")	\

	EM(rxkad_abort_2_crypto_unaligned,	"rxkad2-crypto-unaligned") \

	EM(rxkad_abort_2_short_data,		"rxkad2-short-data")	\

	EM(rxkad_abort_2_short_header,		"rxkad2-short-hdr")	\

	EM(rxkad_abort_2_short_len,		"rxkad2-short-len")	\

net/rxrpc/rxkad.c

+7 −2
Original line number Diff line number Diff line
@@ -510,6 +510,9 @@ static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, 
		return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,

					  rxkad_abort_2_short_header);



	/* Don't let the crypto algo see a misaligned length. */

	sp->len = round_down(sp->len, 8);



	/* Decrypt the skbuff in-place.  TODO: We really want to decrypt

	 * directly into the target buffer.

	 */
@@ -543,8 +546,10 @@ static int rxkad_verify_packet_2(struct rxrpc_call *call, struct sk_buff *skb, 
	if (sg != _sg)

		kfree(sg);

	if (ret < 0) {

		WARN_ON_ONCE(ret != -ENOMEM);

		if (ret == -ENOMEM)

			return ret;

		return rxrpc_abort_eproto(call, skb, RXKADSEALEDINCON,

					  rxkad_abort_2_crypto_unaligned);

	}



	/* Extract the decrypted packet length */