Documentation/crypto/krb5.rst | 17 +++- crypto/krb5/krb5_api.c | 54 ++++++++++-- include/crypto/krb5.h | 9 +- include/trace/events/rxrpc.h | 1 + net/rxrpc/ar-internal.h | 14 +-- net/rxrpc/call_event.c | 22 +---- net/rxrpc/call_object.c | 2 + net/rxrpc/conn_event.c | 32 +++---- net/rxrpc/insecure.c | 8 +- net/rxrpc/recvmsg.c | 68 ++++++++++++--- net/rxrpc/rxgk.c | 160 ++++++++++++++-------------------- net/rxrpc/rxgk_app.c | 46 ++++------ net/rxrpc/rxgk_common.h | 66 +++++++------- net/rxrpc/rxkad.c | 115 +++++++++--------------- 14 files changed, 309 insertions(+), 305 deletions(-)
Here are two patches containing better fixes for the in-place decryption of
DATA and RESPONSE packets that can corrupt pagecache spliced into UDP
packets and sent to an AF_RXRPC server [CVE-2026-43500], plus a patch to
precheck the length of rxgk-secured DATA packets.
Of the main patches, one patch fixes DATA decryption by having recvmsg
unconditionally extract the data into a flat bounce buffer and, if need be,
decrypt it there. It doesn't seem to cause a performance problem to do
this even on unencrypted packets; for encrypted packets it makes sure the
content is correctly aligned for crypto which seems to get a small
performance gain.
Further, it means that DATA packets are no longer copied in the I/O thread,
avoiding a slowdown of the protocol engine that runs there.
The other main patch fixes RESPONSE decryption by having the connection
event handler worker copy the data to a flat buffer and, again, decrypt it
there. This simplifies RESPONSE handling.
With these two fixes, the data content of the received sk_buff no longer
gets altered.
David
The patches can be found here also:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes
Changes
=======
ver #4)
- Updated to current net/next, dropping Hyunwoo Kim's patch.
- Don't allocate more than 65535 bytes of buffer so that ->rx_dec_bsize won't
overflow.
- Fixed Sashiko review comments[3]:
- Fix incorrect ticket length limit.
- Don't need the MSG_PEEK limitation; can avoid this by checking seq of
skbuff being recmvsg'd against the one on record for the content of the
decryption buffer and (re-)decrypting if it doesn't match.
ver #3)
- Fixed Sashiko review comments[2]:
- Fix wrong abort codes.
- Fix skipped rxgk_put.
- Fix some mis-sizeofs.
- Fix flipped length check comparison.
ver #2)
- In rxrpc_verify_data():
- Flipped the order of the buffer size comparison.
- Used max() not umin() to calculate the minimum buffer size.
- In rxrpc_verify_response(), returned -ENOMEM rather than uninitialised
ret.
- Removed the xdr wrappers that were added to make backporting easier.
- Fixed Sashiko review comments[1]:
- Added length prechecking of received packets secured with RxGK, thereby
avoiding looking at an unallocated buffer.
- Added missing crypto free.
[1] https://sashiko.dev/#/patchset/20260511160753.607296-1-dhowells%40redhat.com
[2] https://sashiko.dev/#/patchset/20260513131941.1439155-1-dhowells%40redhat.com
[3] https://sashiko.dev/#/patchset/20260514155304.2249591-1-dhowells%40redhat.com
David Howells (3):
crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks
rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in
recvmsg
rxrpc: Fix RESPONSE packet verification to extract skb to a linear
buffer
Documentation/crypto/krb5.rst | 17 +++-
crypto/krb5/krb5_api.c | 54 ++++++++++--
include/crypto/krb5.h | 9 +-
include/trace/events/rxrpc.h | 1 +
net/rxrpc/ar-internal.h | 14 +--
net/rxrpc/call_event.c | 22 +----
net/rxrpc/call_object.c | 2 +
net/rxrpc/conn_event.c | 32 +++----
net/rxrpc/insecure.c | 8 +-
net/rxrpc/recvmsg.c | 68 ++++++++++++---
net/rxrpc/rxgk.c | 160 ++++++++++++++--------------------
net/rxrpc/rxgk_app.c | 46 ++++------
net/rxrpc/rxgk_common.h | 66 +++++++-------
net/rxrpc/rxkad.c | 115 +++++++++---------------
14 files changed, 309 insertions(+), 305 deletions(-)
On Fri, May 15, 2026 at 8:05 PM David Howells <dhowells@redhat.com> wrote: > > Here are two patches containing better fixes for the in-place decryption of > DATA and RESPONSE packets that can corrupt pagecache spliced into UDP > packets and sent to an AF_RXRPC server [CVE-2026-43500], plus a patch to > precheck the length of rxgk-secured DATA packets. > > Of the main patches, one patch fixes DATA decryption by having recvmsg > unconditionally extract the data into a flat bounce buffer and, if need be, > decrypt it there. It doesn't seem to cause a performance problem to do > this even on unencrypted packets; for encrypted packets it makes sure the > content is correctly aligned for crypto which seems to get a small > performance gain. > > Further, it means that DATA packets are no longer copied in the I/O thread, > avoiding a slowdown of the protocol engine that runs there. > > The other main patch fixes RESPONSE decryption by having the connection > event handler worker copy the data to a flat buffer and, again, decrypt it > there. This simplifies RESPONSE handling. > > With these two fixes, the data content of the received sk_buff no longer > gets altered. > > David > > The patches can be found here also: > > http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes > > Changes > ======= > ver #4) > - Updated to current net/next, dropping Hyunwoo Kim's patch. > - Don't allocate more than 65535 bytes of buffer so that ->rx_dec_bsize won't > overflow. > - Fixed Sashiko review comments[3]: > - Fix incorrect ticket length limit. > - Don't need the MSG_PEEK limitation; can avoid this by checking seq of > skbuff being recmvsg'd against the one on record for the content of the > decryption buffer and (re-)decrypting if it doesn't match. > > ver #3) > - Fixed Sashiko review comments[2]: > - Fix wrong abort codes. > - Fix skipped rxgk_put. > - Fix some mis-sizeofs. > - Fix flipped length check comparison. > > ver #2) > - In rxrpc_verify_data(): > - Flipped the order of the buffer size comparison. > - Used max() not umin() to calculate the minimum buffer size. > - In rxrpc_verify_response(), returned -ENOMEM rather than uninitialised > ret. > - Removed the xdr wrappers that were added to make backporting easier. > - Fixed Sashiko review comments[1]: > - Added length prechecking of received packets secured with RxGK, thereby > avoiding looking at an unallocated buffer. > - Added missing crypto free. > > [1] https://sashiko.dev/#/patchset/20260511160753.607296-1-dhowells%40redhat.com > [2] https://sashiko.dev/#/patchset/20260513131941.1439155-1-dhowells%40redhat.com > [3] https://sashiko.dev/#/patchset/20260514155304.2249591-1-dhowells%40redhat.com > > David Howells (3): > crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks > rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in > recvmsg > rxrpc: Fix RESPONSE packet verification to extract skb to a linear > buffer > > Documentation/crypto/krb5.rst | 17 +++- > crypto/krb5/krb5_api.c | 54 ++++++++++-- > include/crypto/krb5.h | 9 +- > include/trace/events/rxrpc.h | 1 + > net/rxrpc/ar-internal.h | 14 +-- > net/rxrpc/call_event.c | 22 +---- > net/rxrpc/call_object.c | 2 + > net/rxrpc/conn_event.c | 32 +++---- > net/rxrpc/insecure.c | 8 +- > net/rxrpc/recvmsg.c | 68 ++++++++++++--- > net/rxrpc/rxgk.c | 160 ++++++++++++++-------------------- > net/rxrpc/rxgk_app.c | 46 ++++------ > net/rxrpc/rxgk_common.h | 66 +++++++------- > net/rxrpc/rxkad.c | 115 +++++++++--------------- > 14 files changed, 309 insertions(+), 305 deletions(-) Looks good in testing. Tested-by: Marc Dionne <marc.dionne@auristor.com>
On 5/15/2026 7:05 PM, David Howells wrote: > Here are two patches containing better fixes for the in-place decryption of > DATA and RESPONSE packets that can corrupt pagecache spliced into UDP > packets and sent to an AF_RXRPC server [CVE-2026-43500], plus a patch to > precheck the length of rxgk-secured DATA packets. > > Of the main patches, one patch fixes DATA decryption by having recvmsg > unconditionally extract the data into a flat bounce buffer and, if need be, > decrypt it there. It doesn't seem to cause a performance problem to do > this even on unencrypted packets; for encrypted packets it makes sure the > content is correctly aligned for crypto which seems to get a small > performance gain. > > Further, it means that DATA packets are no longer copied in the I/O thread, > avoiding a slowdown of the protocol engine that runs there. > > The other main patch fixes RESPONSE decryption by having the connection > event handler worker copy the data to a flat buffer and, again, decrypt it > there. This simplifies RESPONSE handling. > > With these two fixes, the data content of the received sk_buff no longer > gets altered. > > David > > The patches can be found here also: > > http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes > > Changes > ======= > ver #4) > - Updated to current net/next, dropping Hyunwoo Kim's patch. > - Don't allocate more than 65535 bytes of buffer so that ->rx_dec_bsize won't > overflow. > - Fixed Sashiko review comments[3]: > - Fix incorrect ticket length limit. > - Don't need the MSG_PEEK limitation; can avoid this by checking seq of > skbuff being recmvsg'd against the one on record for the content of the > decryption buffer and (re-)decrypting if it doesn't match. > > ver #3) > - Fixed Sashiko review comments[2]: > - Fix wrong abort codes. > - Fix skipped rxgk_put. > - Fix some mis-sizeofs. > - Fix flipped length check comparison. > > ver #2) > - In rxrpc_verify_data(): > - Flipped the order of the buffer size comparison. > - Used max() not umin() to calculate the minimum buffer size. > - In rxrpc_verify_response(), returned -ENOMEM rather than uninitialised > ret. > - Removed the xdr wrappers that were added to make backporting easier. > - Fixed Sashiko review comments[1]: > - Added length prechecking of received packets secured with RxGK, thereby > avoiding looking at an unallocated buffer. > - Added missing crypto free. > > [1] https://sashiko.dev/#/patchset/20260511160753.607296-1-dhowells%40redhat.com > [2] https://sashiko.dev/#/patchset/20260513131941.1439155-1-dhowells%40redhat.com > [3] https://sashiko.dev/#/patchset/20260514155304.2249591-1-dhowells%40redhat.com > > David Howells (3): > crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks > rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in > recvmsg > rxrpc: Fix RESPONSE packet verification to extract skb to a linear > buffer > > Documentation/crypto/krb5.rst | 17 +++- > crypto/krb5/krb5_api.c | 54 ++++++++++-- > include/crypto/krb5.h | 9 +- > include/trace/events/rxrpc.h | 1 + > net/rxrpc/ar-internal.h | 14 +-- > net/rxrpc/call_event.c | 22 +---- > net/rxrpc/call_object.c | 2 + > net/rxrpc/conn_event.c | 32 +++---- > net/rxrpc/insecure.c | 8 +- > net/rxrpc/recvmsg.c | 68 ++++++++++++--- > net/rxrpc/rxgk.c | 160 ++++++++++++++-------------------- > net/rxrpc/rxgk_app.c | 46 ++++------ > net/rxrpc/rxgk_common.h | 66 +++++++------- > net/rxrpc/rxkad.c | 115 +++++++++--------------- > 14 files changed, 309 insertions(+), 305 deletions(-) > Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
© 2016 - 2026 Red Hat, Inc.