| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250729024150.222513-5-wilfred.opensource@gmail.com>
Date: Tue, 29 Jul 2025 12:41:50 +1000
From: Wilfred Mallawa <wilfred.opensource@...il.com>
To: alistair.francis@....com,
dlemoal@...nel.org,
chuck.lever@...cle.com,
davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com,
horms@...nel.org,
donald.hunter@...il.com,
corbet@....net,
kbusch@...nel.org,
axboe@...nel.dk,
hch@....de,
sagi@...mberg.me,
kch@...dia.com,
borisp@...dia.com,
john.fastabend@...il.com,
jlayton@...nel.org,
neil@...wn.name,
okorniev@...hat.com,
Dai.Ngo@...cle.com,
tom@...pey.com,
trondmy@...nel.org,
anna@...nel.org,
kernel-tls-handshake@...ts.linux.dev,
netdev@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org,
linux-nvme@...ts.infradead.org,
linux-nfs@...r.kernel.org,
Wilfred Mallawa <wilfred.mallawa@....com>
Subject: [RFC 2/4] net/tls/tls_sw: use the record size limit specified
From: Wilfred Mallawa <wilfred.mallawa@....com>
Currently, for tls_sw, the kernel uses the default 16K
TLS_MAX_PAYLOAD_SIZE for records. However, if an endpoint has specified
a record size much lower than that, it is currently not respected.
This patch adds support to using the record size limit specified by an
endpoint if it has been set.
Signed-off-by: Wilfred Mallawa <wilfred.mallawa@....com>
---
include/net/tls.h | 1 +
net/tls/tls_sw.c | 10 +++++++++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/include/net/tls.h b/include/net/tls.h
index 857340338b69..6248beb4a6c1 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -241,6 +241,7 @@ struct tls_context {
struct scatterlist *partially_sent_record;
u16 partially_sent_offset;
+ u32 tls_record_size_limit;
bool splicing_pages;
bool pending_open_record_frags;
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index fc88e34b7f33..4c64f1436832 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1024,6 +1024,7 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
ssize_t copied = 0;
struct sk_msg *msg_pl, *msg_en;
struct tls_rec *rec;
+ u32 tls_record_size_limit;
int required_size;
int num_async = 0;
bool full_record;
@@ -1045,6 +1046,13 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
}
}
+ if (tls_ctx->tls_record_size_limit > 0) {
+ tls_record_size_limit = min(tls_ctx->tls_record_size_limit,
+ TLS_MAX_PAYLOAD_SIZE);
+ } else {
+ tls_record_size_limit = TLS_MAX_PAYLOAD_SIZE;
+ }
+
while (msg_data_left(msg)) {
if (sk->sk_err) {
ret = -sk->sk_err;
@@ -1066,7 +1074,7 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
orig_size = msg_pl->sg.size;
full_record = false;
try_to_copy = msg_data_left(msg);
- record_room = TLS_MAX_PAYLOAD_SIZE - msg_pl->sg.size;
+ record_room = tls_record_size_limit - msg_pl->sg.size;
if (try_to_copy >= record_room) {
try_to_copy = record_room;
full_record = true;
--
2.50.1
Powered by blists - more mailing lists