[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 9 Sep 2023 15:58:41 +0800
From: "liujian (CE)" <liujian56@...wei.com>
To: Sabrina Dubroca <sd@...asysnail.net>
CC: <borisp@...dia.com>, <john.fastabend@...il.com>, <kuba@...nel.org>,
<davem@...emloft.net>, <edumazet@...gle.com>, <pabeni@...hat.com>,
<vfedorenko@...ek.ru>, <netdev@...r.kernel.org>
Subject: Re: [PATCH net] tls: do not return error when the tls_bigint
overflows in tls_advance_record_sn()
On 2023/9/9 0:41, Sabrina Dubroca wrote:
> 2023-09-07, 20:59:51 +0800, liujian (CE) wrote:
>> By the way, does the return of EBADMSG mean that the tls link needs to
>> renegotiate the encryption information or re-establish the link?
>
> We currently don't support key updates so closing this socket is the
> only option for now. AFAIU when we set EBADMSG, we can't fix that socket.
>
Got it, thank you for your explanation.
>> And is this okay?
>
> Yes, this is what I had in mind.
>
Will send v2, thanks.
>> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
>> index 1ed4a611631f..d1fc295b83b5 100644
>> --- a/net/tls/tls_sw.c
>> +++ b/net/tls/tls_sw.c
>> @@ -817,7 +817,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg,
>> struct sock *sk,
>> psock = sk_psock_get(sk);
>> if (!psock || !policy) {
>> err = tls_push_record(sk, flags, record_type);
>> - if (err && sk->sk_err == EBADMSG) {
>> + if (err && err != -EINPROGRESS && sk->sk_err == EBADMSG) {
>> *copied -= sk_msg_free(sk, msg);
>> tls_free_open_rec(sk);
>> err = -sk->sk_err;
>> @@ -846,7 +846,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg,
>> struct sock *sk,
>> switch (psock->eval) {
>> case __SK_PASS:
>> err = tls_push_record(sk, flags, record_type);
>> - if (err && sk->sk_err == EBADMSG) {
>> + if (err && err != -EINPROGRESS && sk->sk_err == EBADMSG) {
>> *copied -= sk_msg_free(sk, msg);
>> tls_free_open_rec(sk);
>> err = -sk->sk_err;
>
Powered by blists - more mailing lists