From 64504ce6c7f2449a6efd21a0d9556ddc12bf98f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Wcis=C5=82o?= Date: Fri, 30 May 2025 03:23:25 +0200 Subject: [PATCH] net: tls, update curr on splice as well MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit jira VULN-6844 cve CVE-2024-0646 commit-author John Fastabend commit c5a595000e2677e865a39f249c056bc05d6e55fd upstream-diff used linux-stable LT-5.15 sha ba5efd8544fa62ae85daeb36077468bf2ce974ab commit c5a595000e2677e865a39f249c056bc05d6e55fd upstream. The curr pointer must also be updated on the splice similar to how we do this for other copy types. Fixes: d829e9c4112b ("tls: convert to generic sk_msg interface") Signed-off-by: John Fastabend Reported-by: Jann Horn Link: https://lore.kernel.org/r/20231206232706.374377-2-john.fastabend@gmail.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman (cherry picked from commit ba5efd8544fa62ae85daeb36077468bf2ce974ab) Signed-off-by: Marcin Wcisło --- net/tls/tls_sw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 7477764aff7b2..35cd4f1124622 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1203,6 +1203,8 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page, } sk_msg_page_add(msg_pl, page, copy, offset); + msg_pl->sg.copybreak = 0; + msg_pl->sg.curr = msg_pl->sg.end; sk_mem_charge(sk, copy); offset += copy;