proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-11-23 15:09:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
65466904b0
mirror_ubuntu-kernels/net/tls
History
Jakub Kicinski b93235e689 tls: cap the output scatter list to something reasonable 
TLS recvmsg() passes user pages as destination for decrypt.
The decrypt operation is repeated record by record, each
record being 16kB, max. TLS allocates an sg_table and uses
iov_iter_get_pages() to populate it with enough pages to
fit the decrypted record.

Even though we decrypt a single message at a time we size
the sg_table based on the entire length of the iovec.
This leads to unnecessarily large allocations, risking
triggering OOM conditions.

Use iov_iter_truncate() / iov_iter_reexpand() to construct
a "capped" version of iov_iter_npages(). Alternatively we
could parametrize iov_iter_npages() to take the size as
arg instead of using i->count, or do something else..

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-02-04 10:14:07 +00:00
..
Kconfig net/tls: Select SOCK_RX_QUEUE_MAPPING from TLS_DEVICE 2021-02-11 19:08:06 -08:00
Makefile net/tls: add skeleton of MIB statistics 2019-10-05 16:29:00 -07:00
tls_device_fallback.c net/tls: Fix use-after-free after the TLS device goes down and up 2021-06-01 15:58:05 -07:00
tls_device.c skbuff: add a parameter to __skb_frag_unref 2021-06-07 14:11:47 -07:00
tls_main.c tls: fix replacing proto_ops 2021-11-25 19:28:16 -08:00
tls_proc.c net: fix proc_fs init handling in af_packet and tls 2020-12-14 19:39:30 -08:00
tls_sw.c tls: cap the output scatter list to something reasonable 2022-02-04 10:14:07 +00:00
tls_toe.c net/tls: rename tls_hw_* functions tls_toe_* 2019-10-04 14:07:07 -07:00
trace.c net/tls: add tracing for device/offload events 2019-10-05 16:29:00 -07:00
trace.h net/tls: add device decrypted trace point 2019-10-05 16:29:00 -07:00