v2: patch#3 changed to remove unused recv_cbuf member of nvmet_tcp_cmd This is a multi-component patch series: NFS client, NFS server, NvME (target), net. tls_alert_recv() has been originally written to retrieve TLS alert payload out of the msg iterator's kvec buffer. Yet, the callers of tls_alert_recv() have not been careful enough to make sure that msg has always been initialized with a kvec-backed iterator (ie., some times bvec was used). Furthermore, callers didn't account for the fact that the msg iterator's kvec is advanced by sock_recvmsg upon filling up the provided space by the copy. All that lead to the ability to construct a malicious payload that would trigger badness in tls_alert_recv(). This patch series attempts to address it in a couple of steps. First, there are patches for each of the current consumers (NFS server, NFS client, NvME target) of tls_alert_recv to address an immediate problem which I think should be backported. Note, patch#3 is NvME patch that had no testing. Compile only patch. Second, the last patch builds on top of the fixes but changes tls_alert_recv to force the callers to provide the kvec directly in hopes that any future users of tls_alert_recv would be more congnizant of providing location to the actual TLS alert payload. Again note that nvme changes in patch#4 are compile only. Olga Kornievskaia (4): sunrpc: fix handling of server side tls alerts sunrpc: fix client side handling of tls alerts nvmet-tcp: fix handling of tls alerts net/handshake: change tls_alert_recv to receive a kvec Olga Kornievskaia (4): sunrpc: fix handling of server side tls alerts sunrpc: fix client side handling of tls alerts nvmet-tcp: fix handling of tls alerts net/handshake: change tls_alert_recv to receive a kvec drivers/nvme/target/tcp.c | 38 ++++++++++++++------------ include/net/handshake.h | 2 +- net/handshake/alert.c | 6 ++--- net/sunrpc/svcsock.c | 56 ++++++++++++++++++++++++++++----------- net/sunrpc/xprtsock.c | 51 ++++++++++++++++++++++++----------- 5 files changed, 101 insertions(+), 52 deletions(-) -- 2.47.1
