Re: [PATCH net v4 0/3] rxrpc: Better fix for DATA/RESPONSE decrypt vs splice()

[Marc Dionne]

On Fri, May 15, 2026 at 8:05 PM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> Here are two patches containing better fixes for the in-place decryption of
> DATA and RESPONSE packets that can corrupt pagecache spliced into UDP
> packets and sent to an AF_RXRPC server [CVE-2026-43500], plus a patch to
> precheck the length of rxgk-secured DATA packets.
>
> Of the main patches, one patch fixes DATA decryption by having recvmsg
> unconditionally extract the data into a flat bounce buffer and, if need be,
> decrypt it there.  It doesn't seem to cause a performance problem to do
> this even on unencrypted packets; for encrypted packets it makes sure the
> content is correctly aligned for crypto which seems to get a small
> performance gain.
>
> Further, it means that DATA packets are no longer copied in the I/O thread,
> avoiding a slowdown of the protocol engine that runs there.
>
> The other main patch fixes RESPONSE decryption by having the connection
> event handler worker copy the data to a flat buffer and, again, decrypt it
> there.  This simplifies RESPONSE handling.
>
> With these two fixes, the data content of the received sk_buff no longer
> gets altered.
>
> David
>
> The patches can be found here also:
>
>         http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes
>
> Changes
> =======
> ver #4)
> - Updated to current net/next, dropping Hyunwoo Kim's patch.
> - Don't allocate more than 65535 bytes of buffer so that ->rx_dec_bsize won't
>   overflow.
> - Fixed Sashiko review comments[3]:
>   - Fix incorrect ticket length limit.
>   - Don't need the MSG_PEEK limitation; can avoid this by checking seq of
>     skbuff being recmvsg'd against the one on record for the content of the
>     decryption buffer and (re-)decrypting if it doesn't match.
>
> ver #3)
> - Fixed Sashiko review comments[2]:
>   - Fix wrong abort codes.
>   - Fix skipped rxgk_put.
>   - Fix some mis-sizeofs.
>   - Fix flipped length check comparison.
>
> ver #2)
> - In rxrpc_verify_data():
>   - Flipped the order of the buffer size comparison.
>   - Used max() not umin() to calculate the minimum buffer size.
> - In rxrpc_verify_response(), returned -ENOMEM rather than uninitialised
>   ret.
> - Removed the xdr wrappers that were added to make backporting easier.
> - Fixed Sashiko review comments[1]:
>   - Added length prechecking of received packets secured with RxGK, thereby
>     avoiding looking at an unallocated buffer.
>   - Added missing crypto free.
>
> [1] https://sashiko.dev/#/patchset/20260511160753.607296-1-dhowells%40redhat.com
> [2] https://sashiko.dev/#/patchset/20260513131941.1439155-1-dhowells%40redhat.com
> [3] https://sashiko.dev/#/patchset/20260514155304.2249591-1-dhowells%40redhat.com
>
> David Howells (3):
>   crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks
>   rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in
>     recvmsg
>   rxrpc: Fix RESPONSE packet verification to extract skb to a linear
>     buffer
>
>  Documentation/crypto/krb5.rst |  17 +++-
>  crypto/krb5/krb5_api.c        |  54 ++++++++++--
>  include/crypto/krb5.h         |   9 +-
>  include/trace/events/rxrpc.h  |   1 +
>  net/rxrpc/ar-internal.h       |  14 +--
>  net/rxrpc/call_event.c        |  22 +----
>  net/rxrpc/call_object.c       |   2 +
>  net/rxrpc/conn_event.c        |  32 +++----
>  net/rxrpc/insecure.c          |   8 +-
>  net/rxrpc/recvmsg.c           |  68 ++++++++++++---
>  net/rxrpc/rxgk.c              | 160 ++++++++++++++--------------------
>  net/rxrpc/rxgk_app.c          |  46 ++++------
>  net/rxrpc/rxgk_common.h       |  66 +++++++-------
>  net/rxrpc/rxkad.c             | 115 +++++++++---------------
>  14 files changed, 309 insertions(+), 305 deletions(-)

Looks good in testing.

Tested-by: Marc Dionne <marc.dionne@xxxxxxxxxxxx>