[PATCH 07/18] net/tls: sanitize MSG_EOR handling

Mon Apr 17 06:02:51 PDT 2023

The TLS stack is using MSG_EOR internally, so the flag cannot be
set for sendmsg()/sendpage(). But to avoid having the caller to
check whether TLS is active modify the code to clear the MSG_EOR
flag. And blank out MSG_MORE / MSG_SENDPAGE_NOTLAST, too, as they
conflict with MSG_EOR anyway.

Signed-off-by: Hannes Reinecke <hare at suse.de>
---
 net/tls/tls_device.c | 10 ++++++++++
 net/tls/tls_sw.c     | 21 +++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index a7cc4f9faac2..38e44e216865 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -576,6 +576,10 @@ int tls_device_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
 	mutex_lock(&tls_ctx->tx_lock);
 	lock_sock(sk);
 
+	/* MSG_EOR conflicts with MSG_MORE, so clear both */
+	if (msg->msg_flags & MSG_EOR)
+		msg->msg_flags &= ~(MSG_EOR | MSG_MORE);
+
 	if (unlikely(msg->msg_controllen)) {
 		rc = tls_process_cmsg(sk, msg, &record_type);
 		if (rc)
@@ -604,6 +608,12 @@ int tls_device_sendpage(struct sock *sk, struct page *page,
 	if (flags & MSG_SENDPAGE_NOTLAST)
 		flags |= MSG_MORE;
 
+	/*
+	 * MSG_EOR conflicts with MSG_MORE/MSG_SENDPAGE_NOTLAST,
+	 * so clear all of them */
+	if (flags & MSG_EOR)
+		flags &= ~(MSG_EOR | MSG_SENDPAGE_NOTLAST | MSG_MORE);
+
 	mutex_lock(&tls_ctx->tx_lock);
 	lock_sock(sk);
 
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 827292e29f99..d0e6b7a04176 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -952,6 +952,11 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
 	int ret = 0;
 	int pending;
 
+	if (msg->msg_flags & MSG_EOR) {
+		eor = true;
+		/* MSG_EOR conflicts with MSG_MORE, so clear both */
+		msg->msg_flags &= ~(MSG_EOR | MSG_MORE);
+	}
 	if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
 			       MSG_CMSG_COMPAT))
 		return -EOPNOTSUPP;
@@ -1274,6 +1279,14 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
 int tls_sw_sendpage_locked(struct sock *sk, struct page *page,
 			   int offset, size_t size, int flags)
 {
+	/*
+	 * MSG_EOR is invalid for TLS, and conflicts
+	 * with MSG_MORE / MSG_SENDPAGE_NOTLAST.
+	 * So clear all of them.
+	 */
+	if (flags & MSG_EOR)
+		flags &= ~(MSG_MORE | MSG_SENDPAGE_NOTLAST | MSG_EOR);
+
 	if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
 		      MSG_SENDPAGE_NOTLAST | MSG_SENDPAGE_NOPOLICY |
 		      MSG_NO_SHARED_FRAGS))
@@ -1288,6 +1301,14 @@ int tls_sw_sendpage(struct sock *sk, struct page *page,
 	struct tls_context *tls_ctx = tls_get_ctx(sk);
 	int ret;
 
+	/*
+	 * MSG_EOR is invalid for TLS, and conflicts
+	 * with MSG_MORE / MSG_SENDPAGE_NOTLAST.
+	 * So clear all of them.
+	 */
+	if (flags & MSG_EOR)
+		flags &= ~(MSG_MORE | MSG_SENDPAGE_NOTLAST | MSG_EOR);
+
 	if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
 		      MSG_SENDPAGE_NOTLAST | MSG_SENDPAGE_NOPOLICY))
 		return -EOPNOTSUPP;
-- 
2.35.3


