net/tls: Fix flipped sign in tls_err_abort() calls

mainline inclusion
from mainline-v5.15
commit da353fac
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RCYN


CVE: CVE-2021-47496

--------------------------------

sk->sk_err appears to expect a positive value, a convention that ktls
doesn't always follow and that leads to memory corruption in other code.
For instance,

    [kworker]
    tls_encrypt_done(..., err=<negative error from crypto request>)
      tls_err_abort(.., err)
        sk->sk_err = err;

    [task]
    splice_from_pipe_feed
      ...
        tls_sw_do_sendpage
          if (sk->sk_err) {
            ret = -sk->sk_err;  // ret is positive

    splice_from_pipe_feed (continued)
      ret = actor(...)  // ret is still positive and interpreted as bytes
                        // written, resulting in underflow of buf->len and
                        // sd->len, leading to huge buf->offset and bogus
                        // addresses computed in later calls to actor()

Fix all tls_err_abort() callers to pass a negative error code
consistently and centralize the error-prone sign flip there, throwing in
a warning to catch future misuse and uninlining the function so it
really does only warn once.

Cc: stable@vger.kernel.org
Fixes: c46234eb ("tls: RX path for ktls")
Reported-by:  <syzbot+b187b77c8474f9648fae@syzkaller.appspotmail.com>
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Conflicts:
	include/net/tls.h
	net/tls/tls_sw.c
[The version does not include commit e3ae2365 and a42055e8.]
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>