lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <26cb6ed1-4c32-6042-1d45-97b15a94ef57@suse.de>
Date:   Thu, 30 Mar 2023 19:26:25 +0200
From:   Hannes Reinecke <hare@...e.de>
To:     Sagi Grimberg <sagi@...mberg.me>, Christoph Hellwig <hch@....de>,
        Boris Pismenny <borisp@...dia.com>, john.fastabend@...il.com,
        "kuba@...nel.org" <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>
Cc:     Keith Busch <kbusch@...nel.org>, linux-nvme@...ts.infradead.org,
        Chuck Lever <chuck.lever@...cle.com>,
        kernel-tls-handshake@...ts.linux.dev,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS

On 3/30/23 17:24, Sagi Grimberg wrote:
> 
>> kTLS does not support MSG_EOR flag for sendmsg(), and in general
>> is really picky about invalid MSG_XXX flags.
> 
> CC'ing TLS folks.
> 
> Can't tls simply ignore MSG_EOR instead of consumers having to be 
> careful over it?
> 
>> So ensure that the MSG_EOR flags is blanked out for TLS, and that
>> the MSG_SENDPAGE_LAST is only set if we actually do sendpage().
> 
> You mean MSG_SENDPAGE_NOTLAST.
> 
> It is also a bit annoying that a tls socket dictates different behavior
> than a normal socket.
> 
> The current logic is rather simple:
> if more data comming:
>      flags = MSG_MORE | MSG_SENDPAGE_NOTLAST
> else:
>      flags = MSG_EOR
> 
> Would like to keep it that way for tls as well. Can someone
> explain why this is a problem with tls?

TLS is using MSG_EOR internally (to control the flow of the underlying 
tcp stream), so it's meaningless for the ULP.
I've no idea about SENDPAGE_NOTLAST; that one is particularly annoying
as we have to check whether we do sendpage() or sendmsg().

But TLS really should blank out invalid flags, as it has different rules 
for them than anyone else. And the caller really shouldn't be burdened
with checking whether TLS is enabled or not.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@...e.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ