Subject: [VARIANT] simulate crypto backlog congestion (-EBUSY) for async kTLS decrypt

This is a minimal, build-time instrumentation patch used ONLY to deterministically
exercise the "failed backlog decryption" use-after-free path in net/tls/tls_sw.c
that is fixed by upstream commit 13114dc5543069f7b97991e3b79937b6da05f5b0
("tls: fix use-after-free on failed backlog decryption") and is NOT covered by the
CVE-2024-26582 fix commit 32b55c5ff9103b8508c1e04bfa5a08c64e7a925f (free_sgout).

Rationale:
  The real -EBUSY condition is returned by the crypto API when an async AEAD
  request is enqueued to a congested backlog queue (CRYPTO_TFM_REQ_MAY_BACKLOG,
  as set by kTLS). Under load with hardware/async crypto accelerators (or a
  congested cryptd workqueue) crypto_aead_decrypt() returns -EBUSY instead of
  -EINPROGRESS. That condition is non-deterministic in a single-CPU/QEMU loopback
  test, so we force -EINPROGRESS -> -EBUSY for async decrypts to reproduce the
  exact code path the maintainer describes in commit 13114dc. This is analogous
  to the reproduction's crypto/simd.c patch that forces the cryptd async path to
  simulate an async/hardware crypto accelerator.

Effect (on a kernel with 32b55c5 but WITHOUT 13114dc, e.g. v6.6.18):
  When an async decrypt is backlogged and a pending async decrypt fails
  (-EBADMSG, e.g. from a malformed/mismatched-key record), tls_decrypt_done()
  already freed the destination pages (dctx->free_sgout) during the backlog wait.
  tls_do_decryption() then returns -EBADMSG, tls_decrypt_sg() jumps to
  exit_free_pages and frees the SAME pages again (and kfree()'s the aead_req/dctx
  a second time) => use-after-free / double-free. KASAN reports it.

This patch does NOT change the page-freeing logic (free_sgout); it only makes the
backlog (-EBUSY) path reachable on demand. On a kernel that also has 13114dc
(async_done), the exit_free_pages path is skipped and no double-free occurs.

--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -282,6 +282,11 @@ static int tls_do_decryption(struct sock *sk,
 
 	ret = crypto_aead_decrypt(aead_req);
+	/* [VARIANT] force the backlog (-EBUSY) path for async decrypts to
+	 * reproduce the failed-backlog-decryption UAF (13114dc) that
+	 * 32b55c5 (free_sgout) does not cover. */
+	if (darg->async && ret == -EINPROGRESS)
+		ret = -EBUSY;
 	if (ret == -EBUSY) {
 		ret = tls_decrypt_async_wait(ctx);
 		ret = ret ?: -EINPROGRESS;
