lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <acdb1a68-3180-0099-8520-24feb9a71efa@suse.de>
Date: Tue, 13 Jun 2023 10:11:01 +0200
From: Hannes Reinecke <hare@...e.de>
To: Sagi Grimberg <sagi@...mberg.me>, Christoph Hellwig <hch@....de>
Cc: Keith Busch <kbusch@...nel.org>, linux-nvme@...ts.infradead.org,
 Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org
Subject: Re: [PATCH 2/4] net/tls: handle MSG_EOR for tls_device TX flow

On 6/13/23 09:58, Sagi Grimberg wrote:
> 
> 
> On 6/12/23 17:38, Hannes Reinecke wrote:
>> tls_push_data() MSG_MORE / MSG_SENDPAGE_NOTLAST, but bails
>> out on MSG_EOR.
>> But seeing that MSG_EOR is basically the opposite of
>> MSG_MORE / MSG_SENDPAGE_NOTLAST this patch adds handling
>> MSG_EOR by treating it as the absence of MSG_MORE.
>> Consequently we should return an error when both are set.
>>
>> Cc: Jakub Kicinski <kuba@...nel.org>
>> Cc: netdev@...r.kernel.org
>> Signed-off-by: Hannes Reinecke <hare@...e.de>
>> ---
>>   net/tls/tls_device.c | 24 ++++++++++++++++++++----
>>   1 file changed, 20 insertions(+), 4 deletions(-)
>>
>> diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
>> index a7cc4f9faac2..0024febd40de 100644
>> --- a/net/tls/tls_device.c
>> +++ b/net/tls/tls_device.c
>> @@ -448,10 +448,6 @@ static int tls_push_data(struct sock *sk,
>>       int copy, rc = 0;
>>       long timeo;
>> -    if (flags &
>> -        ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | 
>> MSG_SENDPAGE_NOTLAST))
>> -        return -EOPNOTSUPP;
>> -
>>       if (unlikely(sk->sk_err))
>>           return -sk->sk_err;
>> @@ -529,6 +525,10 @@ static int tls_push_data(struct sock *sk,
>>                   more = true;
>>                   break;
>>               }
>> +            if (flags & MSG_EOR) {
>> +                more = false;
>> +                break;
>> +            }
>>               done = true;
>>           }
>> @@ -573,6 +573,14 @@ int tls_device_sendmsg(struct sock *sk, struct 
>> msghdr *msg, size_t size)
>>       union tls_iter_offset iter;
>>       int rc;
>> +    if (msg->msg_flags &
>> +        ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_EOR))
>> +        return -EOPNOTSUPP;
>> +
>> +    if ((msg->msg_flags & MSG_MORE) &&
>> +        (msg->msg_flags & MSG_EOR))
>> +        return -EOPNOTSUPP;
> 
> EINVAL is more appropriate I think...
> 
Guess what, that's what I did initially.
But then when returning EINVAL we would arguably introduce a regression
(as suddenly we'll be returning a different error code as previously).
So with this patch we're backwards compatible.

But that's really a quesion for Jakub: what's more appropriate here?
Return a new error code (which describes the situation better) or stick
with the original one (and retain compability)?

Cheers,

Hannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ