[PATCH 1/2] rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
Greg KH
gregkh at linuxfoundation.org
Mon May 11 00:28:11 PDT 2026
On Mon, May 11, 2026 at 03:18:32PM +0800, Wentao Guan wrote:
> From: David Howells <dhowells at redhat.com>
>
> The security operations that verify the RESPONSE packets decrypt bits of it
> in place - however, the sk_buff may be shared with a packet sniffer, which
> would lead to the sniffer seeing an apparently corrupt packet (actually
> decrypted).
>
> Fix this by handing a copy of the packet off to the specific security
> handler if the packet was cloned.
>
> Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
> Closes: https://sashiko.dev/#/patchset/20260408121252.2249051-1-dhowells%40redhat.com
> Signed-off-by: David Howells <dhowells at redhat.com>
> cc: Marc Dionne <marc.dionne at auristor.com>
> cc: Jeffrey Altman <jaltman at auristor.com>
> cc: Simon Horman <horms at kernel.org>
> cc: linux-afs at lists.infradead.org
> cc: stable at kernel.org
> Link: https://patch.msgid.link/20260422161438.2593376-5-dhowells@redhat.com
> Signed-off-by: Jakub Kicinski <kuba at kernel.org>
> (cherry picked from commit 24481a7f573305706054c59e275371f8d0fe919f)
> Stable-dep-of: aa54b1d27fe0 ("rxrpc: Also unshare DATA/RESPONSE packets when
> paged frags are present")
> Signed-off-by: Wentao Guan <guanwentao at uniontech.com>
> ---
> net/rxrpc/conn_event.c | 29 ++++++++++++++++++++++++++++-
> 1 file changed, 28 insertions(+), 1 deletion(-)
What branch(es) are you wanting this applied to?
thanks,
greg k-h
More information about the linux-afs
mailing list