Re: [PATCH net v4 0/3] rxrpc: Better fix for DATA/RESPONSE decrypt vs splice()

Next message: patchwork-bot+netdevbpf: "Re: [PATCHv2 net] net: ag71xx: check error for platform_get_irq"
Previous message: Tejun Heo: "[PATCH 2/8] bpf: Recover arena kernel faults with scratch page"
In reply to: Marc Dionne: "Re: [PATCH net v4 0/3] rxrpc: Better fix for DATA/RESPONSE decrypt vs splice()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+netdevbpf

Date: Wed May 20 2026 - 20:00:32 EST

Hello:

This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@xxxxxxxxxx>:

On Sat, 16 May 2026 00:05:12 +0100 you wrote:
> Here are two patches containing better fixes for the in-place decryption of
> DATA and RESPONSE packets that can corrupt pagecache spliced into UDP
> packets and sent to an AF_RXRPC server [CVE-2026-43500], plus a patch to
> precheck the length of rxgk-secured DATA packets.
>
> Of the main patches, one patch fixes DATA decryption by having recvmsg
> unconditionally extract the data into a flat bounce buffer and, if need be,
> decrypt it there. It doesn't seem to cause a performance problem to do
> this even on unencrypted packets; for encrypted packets it makes sure the
> content is correctly aligned for crypto which seems to get a small
> performance gain.
>
> [...]

Here is the summary with links:
- [net,v4,1/3] crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks
https://git.kernel.org/netdev/net/c/2b50aceafe66
- [net,v4,2/3] rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg
https://git.kernel.org/netdev/net/c/d2bc90cf6c75
- [net,v4,3/3] rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer
https://git.kernel.org/netdev/net/c/8bfab4b6ffc2

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html