Patch "rxrpc: Fix re-decryption of RESPONSE packets" has been added to the 6.18-stable tree
gregkh at linuxfoundation.org
gregkh at linuxfoundation.org
Fri May 1 05:06:33 PDT 2026
This is a note to let you know that I've just added the patch titled
rxrpc: Fix re-decryption of RESPONSE packets
to the 6.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
rxrpc-fix-re-decryption-of-response-packets.patch
and it can be found in the queue-6.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable at vger.kernel.org> know about it.
>From 0422e7a4883f25101903f3e8105c0808aa5f4ce9 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells at redhat.com>
Date: Thu, 23 Apr 2026 21:09:07 +0100
Subject: rxrpc: Fix re-decryption of RESPONSE packets
From: David Howells <dhowells at redhat.com>
commit 0422e7a4883f25101903f3e8105c0808aa5f4ce9 upstream.
If a RESPONSE packet gets a temporary failure during processing, it may end
up in a partially decrypted state - and then get requeued for a retry.
Fix this by just discarding the packet; we will send another CHALLENGE
packet and thereby elicit a further response. Similarly, discard an
incoming CHALLENGE packet if we get an error whilst generating a RESPONSE;
the server will send another CHALLENGE.
Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
Closes: https://sashiko.dev/#/patchset/20260422161438.2593376-4-dhowells@redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
cc: Simon Horman <horms at kernel.org>
cc: linux-afs at lists.infradead.org
cc: stable at kernel.org
Link: https://patch.msgid.link/20260423200909.3049438-3-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
---
include/trace/events/rxrpc.h | 1 -
net/rxrpc/conn_event.c | 14 ++------------
2 files changed, 2 insertions(+), 13 deletions(-)
--- a/include/trace/events/rxrpc.h
+++ b/include/trace/events/rxrpc.h
@@ -285,7 +285,6 @@
EM(rxrpc_conn_put_unidle, "PUT unidle ") \
EM(rxrpc_conn_put_work, "PUT work ") \
EM(rxrpc_conn_queue_challenge, "QUE chall ") \
- EM(rxrpc_conn_queue_retry_work, "QUE retry-wk") \
EM(rxrpc_conn_queue_rx_work, "QUE rx-work ") \
EM(rxrpc_conn_see_new_service_conn, "SEE new-svc ") \
EM(rxrpc_conn_see_reap_service, "SEE reap-svc") \
--- a/net/rxrpc/conn_event.c
+++ b/net/rxrpc/conn_event.c
@@ -389,7 +389,6 @@ again:
static void rxrpc_do_process_connection(struct rxrpc_connection *conn)
{
struct sk_buff *skb;
- int ret;
if (test_and_clear_bit(RXRPC_CONN_EV_CHALLENGE, &conn->events))
rxrpc_secure_connection(conn);
@@ -398,17 +397,8 @@ static void rxrpc_do_process_connection(
* connection that each one has when we've finished with it */
while ((skb = skb_dequeue(&conn->rx_queue))) {
rxrpc_see_skb(skb, rxrpc_skb_see_conn_work);
- ret = rxrpc_process_event(conn, skb);
- switch (ret) {
- case -ENOMEM:
- case -EAGAIN:
- skb_queue_head(&conn->rx_queue, skb);
- rxrpc_queue_conn(conn, rxrpc_conn_queue_retry_work);
- break;
- default:
- rxrpc_free_skb(skb, rxrpc_skb_put_conn_work);
- break;
- }
+ rxrpc_process_event(conn, skb);
+ rxrpc_free_skb(skb, rxrpc_skb_put_conn_work);
}
}
Patches currently in stable-queue which might be from dhowells at redhat.com are
queue-6.18/rxrpc-fix-re-decryption-of-response-packets.patch
queue-6.18/rxrpc-fix-rxrpc_input_call_event-to-only-unshare-data-packets.patch
queue-6.18/rxrpc-fix-rxkad-crypto-unalignment-handling.patch
queue-6.18/rxrpc-fix-memory-leaks-in-rxkad_verify_response.patch
queue-6.18/fs-afs-revert-mmap_prepare-change.patch
queue-6.18/rxrpc-fix-potential-uaf-after-skb_unshare-failure.patch
queue-6.18/rxrpc-fix-conn-level-packet-handling-to-unshare-response-packets.patch
queue-6.18/rxrpc-fix-error-handling-in-rxgk_extract_token.patch
More information about the linux-afs
mailing list