Re: [PATCH net v4 0/3] rxrpc: Better fix for DATA/RESPONSE decrypt vs splice()
From: Jeffrey E Altman <hidden>
Date: 2026-05-20 14:04:51
Also in:
lkml
On 5/15/2026 7:05 PM, David Howells wrote:
Here are two patches containing better fixes for the in-place decryption of DATA and RESPONSE packets that can corrupt pagecache spliced into UDP packets and sent to an AF_RXRPC server [CVE-2026-43500], plus a patch to precheck the length of rxgk-secured DATA packets. Of the main patches, one patch fixes DATA decryption by having recvmsg unconditionally extract the data into a flat bounce buffer and, if need be, decrypt it there. It doesn't seem to cause a performance problem to do this even on unencrypted packets; for encrypted packets it makes sure the content is correctly aligned for crypto which seems to get a small performance gain. Further, it means that DATA packets are no longer copied in the I/O thread, avoiding a slowdown of the protocol engine that runs there. The other main patch fixes RESPONSE decryption by having the connection event handler worker copy the data to a flat buffer and, again, decrypt it there. This simplifies RESPONSE handling. With these two fixes, the data content of the received sk_buff no longer gets altered. David The patches can be found here also: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes Changes ======= ver #4) - Updated to current net/next, dropping Hyunwoo Kim's patch. - Don't allocate more than 65535 bytes of buffer so that ->rx_dec_bsize won't overflow. - Fixed Sashiko review comments[3]: - Fix incorrect ticket length limit. - Don't need the MSG_PEEK limitation; can avoid this by checking seq of skbuff being recmvsg'd against the one on record for the content of the decryption buffer and (re-)decrypting if it doesn't match. ver #3) - Fixed Sashiko review comments[2]: - Fix wrong abort codes. - Fix skipped rxgk_put. - Fix some mis-sizeofs. - Fix flipped length check comparison. ver #2) - In rxrpc_verify_data(): - Flipped the order of the buffer size comparison. - Used max() not umin() to calculate the minimum buffer size. - In rxrpc_verify_response(), returned -ENOMEM rather than uninitialised ret. - Removed the xdr wrappers that were added to make backporting easier. - Fixed Sashiko review comments[1]: - Added length prechecking of received packets secured with RxGK, thereby avoiding looking at an unallocated buffer. - Added missing crypto free. [1] https://sashiko.dev/#/patchset/20260511160753.607296-1-dhowells%40redhat.com [2] https://sashiko.dev/#/patchset/20260513131941.1439155-1-dhowells%40redhat.com [3] https://sashiko.dev/#/patchset/20260514155304.2249591-1-dhowells%40redhat.com David Howells (3): crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer Documentation/crypto/krb5.rst | 17 +++- crypto/krb5/krb5_api.c | 54 ++++++++++-- include/crypto/krb5.h | 9 +- include/trace/events/rxrpc.h | 1 + net/rxrpc/ar-internal.h | 14 +-- net/rxrpc/call_event.c | 22 +---- net/rxrpc/call_object.c | 2 + net/rxrpc/conn_event.c | 32 +++---- net/rxrpc/insecure.c | 8 +- net/rxrpc/recvmsg.c | 68 ++++++++++++--- net/rxrpc/rxgk.c | 160 ++++++++++++++-------------------- net/rxrpc/rxgk_app.c | 46 ++++------ net/rxrpc/rxgk_common.h | 66 +++++++------- net/rxrpc/rxkad.c | 115 +++++++++--------------- 14 files changed, 309 insertions(+), 305 deletions(-)
Reviewed-by: Jeffrey Altman <redacted>