[PATCH net v4 0/3] rxrpc: Better fix for DATA/RESPONSE decrypt vs splice()
patchwork-bot+netdevbpf at kernel.org
patchwork-bot+netdevbpf at kernel.org
Wed May 20 17:00:15 PDT 2026
Hello:
This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba at kernel.org>:
On Sat, 16 May 2026 00:05:12 +0100 you wrote:
> Here are two patches containing better fixes for the in-place decryption of
> DATA and RESPONSE packets that can corrupt pagecache spliced into UDP
> packets and sent to an AF_RXRPC server [CVE-2026-43500], plus a patch to
> precheck the length of rxgk-secured DATA packets.
>
> Of the main patches, one patch fixes DATA decryption by having recvmsg
> unconditionally extract the data into a flat bounce buffer and, if need be,
> decrypt it there. It doesn't seem to cause a performance problem to do
> this even on unencrypted packets; for encrypted packets it makes sure the
> content is correctly aligned for crypto which seems to get a small
> performance gain.
>
> [...]
Here is the summary with links:
- [net,v4,1/3] crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks
https://git.kernel.org/netdev/net/c/2b50aceafe66
- [net,v4,2/3] rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg
https://git.kernel.org/netdev/net/c/d2bc90cf6c75
- [net,v4,3/3] rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer
https://git.kernel.org/netdev/net/c/8bfab4b6ffc2
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
More information about the linux-afs
mailing list