Rohit Maheshwari f3844aed8e net/tls: Fix to avoid gettig invalid tls record ... [ Upstream commit 06f5201c63 ] Current code doesn't check if tcp sequence number is starting from (/after) 1st record's start sequnce number. It only checks if seq number is before 1st record's end sequnce number. This problem will always be a possibility in re-transmit case. If a record which belongs to a requested seq number is already deleted, tls_get_record will start looking into list and as per the check it will look if seq number is before the end seq of 1st record, which will always be true and will return 1st record always, it should in fact return NULL. As part of the fix, start looking each record only if the sequence number lies in the list else return NULL. There is one more check added, driver look for the start marker record to handle tcp packets which are before the tls offload start sequence number, hence return 1st record if the record is tls start marker and seq number is before the 1st record's starting sequence number. Fixes: e8f6979981 ("net/tls: Add generic NIC offload infrastructure") Signed-off-by: Rohit Maheshwari <rohitm@chelsio.com> Reviewed-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-03-05 16:43:32 +01:00
..
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
Makefile	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
tls_device.c	net/tls: Fix to avoid gettig invalid tls record	2020-03-05 16:43:32 +01:00
tls_device_fallback.c	net: Use skb_frag_off accessors	2019-07-30 14:21:32 -07:00
tls_main.c	bpf: Sockmap/tls, push write_space updates through ulp updates	2020-01-23 08:22:45 +01:00
tls_sw.c	net/tls: fix async operation	2020-01-29 16:45:28 +01:00