If tcp socket has more data than Encrypted Handshake Message then
tls_sw_recvmsg will try to decrypt next record instead of returning
full control message to userspace as mentioned in comment. The next
message - usually Application Data - gets corrupted because it uses
zero copy for decryption that's why the data is not stored in skb
for next iteration. Disable zero copy for this case.
Fixes: 692d7b5d1f91 ("tls: Fix recvmsg() to be able to peek across multiple
records")
Signed-off-by: Vadim Fedorenko <vfedore...@novek.ru>
---
net/tls/tls_sw.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 95ab5545..e040be1 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1808,6 +1808,7 @@ int tls_sw_recvmsg(struct sock *sk,
if (to_decrypt <= len && !is_kvec && !is_peek &&
ctx->control == TLS_RECORD_TYPE_DATA &&
+ (!control || ctx->control == control) &&
prot->version != TLS_1_3_VERSION &&
!bpf_strp_enabled)
zc = true;
--
1.8.3.1
