lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202509030542.ZW9r1S1c-lkp@intel.com>
Date: Wed, 3 Sep 2025 05:24:16 +0800
From: kernel test robot <lkp@...el.com>
To: Wilfred Mallawa <wilfred.opensource@...il.com>,
	"David S . Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Jonathan Corbet <corbet@....net>,
	John Fastabend <john.fastabend@...il.com>
Cc: oe-kbuild-all@...ts.linux.dev, Simon Horman <horms@...nel.org>,
	netdev@...r.kernel.org, linux-doc@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Alistair Francis <alistair.francis@....com>,
	Damien Le'Moal <dlemoal@...nel.org>,
	Wilfred Mallawa <wilfred.mallawa@....com>
Subject: Re: [PATCH v2] net/tls: support maximum record size limit

Hi Wilfred,

kernel test robot noticed the following build warnings:

[auto build test WARNING on net-next/main]
[also build test WARNING on net/main linus/master horms-ipvs/master v6.17-rc4 next-20250902]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Wilfred-Mallawa/net-tls-support-maximum-record-size-limit/20250902-114005
base:   net-next/main
patch link:    https://lore.kernel.org/r/20250902033809.177182-2-wilfred.opensource%40gmail.com
patch subject: [PATCH v2] net/tls: support maximum record size limit
config: i386-buildonly-randconfig-001-20250903 (https://download.01.org/0day-ci/archive/20250903/202509030542.ZW9r1S1c-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14+deb12u1) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250903/202509030542.ZW9r1S1c-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202509030542.ZW9r1S1c-lkp@intel.com/

All warnings (new ones prefixed by >>):

   net/tls/tls_sw.c: In function 'tls_sw_sendmsg_locked':
>> net/tls/tls_sw.c:1036:13: warning: variable 'record_size_limit' set but not used [-Wunused-but-set-variable]
    1036 |         u16 record_size_limit;
         |             ^~~~~~~~~~~~~~~~~


vim +/record_size_limit +1036 net/tls/tls_sw.c

  1024	
  1025	static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
  1026					 size_t size)
  1027	{
  1028		long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
  1029		struct tls_context *tls_ctx = tls_get_ctx(sk);
  1030		struct tls_prot_info *prot = &tls_ctx->prot_info;
  1031		struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
  1032		bool async_capable = ctx->async_capable;
  1033		unsigned char record_type = TLS_RECORD_TYPE_DATA;
  1034		bool is_kvec = iov_iter_is_kvec(&msg->msg_iter);
  1035		bool eor = !(msg->msg_flags & MSG_MORE);
> 1036		u16 record_size_limit;
  1037		size_t try_to_copy;
  1038		ssize_t copied = 0;
  1039		struct sk_msg *msg_pl, *msg_en;
  1040		struct tls_rec *rec;
  1041		int required_size;
  1042		int num_async = 0;
  1043		bool full_record;
  1044		int record_room;
  1045		int num_zc = 0;
  1046		int orig_size;
  1047		int ret = 0;
  1048	
  1049		if (!eor && (msg->msg_flags & MSG_EOR))
  1050			return -EINVAL;
  1051	
  1052		if (unlikely(msg->msg_controllen)) {
  1053			ret = tls_process_cmsg(sk, msg, &record_type);
  1054			if (ret) {
  1055				if (ret == -EINPROGRESS)
  1056					num_async++;
  1057				else if (ret != -EAGAIN)
  1058					goto send_end;
  1059			}
  1060		}
  1061	
  1062		record_size_limit = tls_ctx->record_size_limit ?
  1063				    tls_ctx->record_size_limit : TLS_MAX_PAYLOAD_SIZE;
  1064	
  1065		while (msg_data_left(msg)) {
  1066			if (sk->sk_err) {
  1067				ret = -sk->sk_err;
  1068				goto send_end;
  1069			}
  1070	
  1071			if (ctx->open_rec)
  1072				rec = ctx->open_rec;
  1073			else
  1074				rec = ctx->open_rec = tls_get_rec(sk);
  1075			if (!rec) {
  1076				ret = -ENOMEM;
  1077				goto send_end;
  1078			}
  1079	
  1080			msg_pl = &rec->msg_plaintext;
  1081			msg_en = &rec->msg_encrypted;
  1082	
  1083			orig_size = msg_pl->sg.size;
  1084			full_record = false;
  1085			try_to_copy = msg_data_left(msg);
  1086			record_room = TLS_MAX_PAYLOAD_SIZE - msg_pl->sg.size;
  1087			if (try_to_copy >= record_room) {
  1088				try_to_copy = record_room;
  1089				full_record = true;
  1090			}
  1091	
  1092			required_size = msg_pl->sg.size + try_to_copy +
  1093					prot->overhead_size;
  1094	
  1095			if (!sk_stream_memory_free(sk))
  1096				goto wait_for_sndbuf;
  1097	
  1098	alloc_encrypted:
  1099			ret = tls_alloc_encrypted_msg(sk, required_size);
  1100			if (ret) {
  1101				if (ret != -ENOSPC)
  1102					goto wait_for_memory;
  1103	
  1104				/* Adjust try_to_copy according to the amount that was
  1105				 * actually allocated. The difference is due
  1106				 * to max sg elements limit
  1107				 */
  1108				try_to_copy -= required_size - msg_en->sg.size;
  1109				full_record = true;
  1110			}
  1111	
  1112			if (try_to_copy && (msg->msg_flags & MSG_SPLICE_PAGES)) {
  1113				ret = tls_sw_sendmsg_splice(sk, msg, msg_pl,
  1114							    try_to_copy, &copied);
  1115				if (ret < 0)
  1116					goto send_end;
  1117				tls_ctx->pending_open_record_frags = true;
  1118	
  1119				if (sk_msg_full(msg_pl))
  1120					full_record = true;
  1121	
  1122				if (full_record || eor)
  1123					goto copied;
  1124				continue;
  1125			}
  1126	
  1127			if (!is_kvec && (full_record || eor) && !async_capable) {
  1128				u32 first = msg_pl->sg.end;
  1129	
  1130				ret = sk_msg_zerocopy_from_iter(sk, &msg->msg_iter,
  1131								msg_pl, try_to_copy);
  1132				if (ret)
  1133					goto fallback_to_reg_send;
  1134	
  1135				num_zc++;
  1136				copied += try_to_copy;
  1137	
  1138				sk_msg_sg_copy_set(msg_pl, first);
  1139				ret = bpf_exec_tx_verdict(msg_pl, sk, full_record,
  1140							  record_type, &copied,
  1141							  msg->msg_flags);
  1142				if (ret) {
  1143					if (ret == -EINPROGRESS)
  1144						num_async++;
  1145					else if (ret == -ENOMEM)
  1146						goto wait_for_memory;
  1147					else if (ctx->open_rec && ret == -ENOSPC) {
  1148						if (msg_pl->cork_bytes) {
  1149							ret = 0;
  1150							goto send_end;
  1151						}
  1152						goto rollback_iter;
  1153					} else if (ret != -EAGAIN)
  1154						goto send_end;
  1155				}
  1156				continue;
  1157	rollback_iter:
  1158				copied -= try_to_copy;
  1159				sk_msg_sg_copy_clear(msg_pl, first);
  1160				iov_iter_revert(&msg->msg_iter,
  1161						msg_pl->sg.size - orig_size);
  1162	fallback_to_reg_send:
  1163				sk_msg_trim(sk, msg_pl, orig_size);
  1164			}
  1165	
  1166			required_size = msg_pl->sg.size + try_to_copy;
  1167	
  1168			ret = tls_clone_plaintext_msg(sk, required_size);
  1169			if (ret) {
  1170				if (ret != -ENOSPC)
  1171					goto send_end;
  1172	
  1173				/* Adjust try_to_copy according to the amount that was
  1174				 * actually allocated. The difference is due
  1175				 * to max sg elements limit
  1176				 */
  1177				try_to_copy -= required_size - msg_pl->sg.size;
  1178				full_record = true;
  1179				sk_msg_trim(sk, msg_en,
  1180					    msg_pl->sg.size + prot->overhead_size);
  1181			}
  1182	
  1183			if (try_to_copy) {
  1184				ret = sk_msg_memcopy_from_iter(sk, &msg->msg_iter,
  1185							       msg_pl, try_to_copy);
  1186				if (ret < 0)
  1187					goto trim_sgl;
  1188			}
  1189	
  1190			/* Open records defined only if successfully copied, otherwise
  1191			 * we would trim the sg but not reset the open record frags.
  1192			 */
  1193			tls_ctx->pending_open_record_frags = true;
  1194			copied += try_to_copy;
  1195	copied:
  1196			if (full_record || eor) {
  1197				ret = bpf_exec_tx_verdict(msg_pl, sk, full_record,
  1198							  record_type, &copied,
  1199							  msg->msg_flags);
  1200				if (ret) {
  1201					if (ret == -EINPROGRESS)
  1202						num_async++;
  1203					else if (ret == -ENOMEM)
  1204						goto wait_for_memory;
  1205					else if (ret != -EAGAIN) {
  1206						if (ret == -ENOSPC)
  1207							ret = 0;
  1208						goto send_end;
  1209					}
  1210				}
  1211			}
  1212	
  1213			continue;
  1214	
  1215	wait_for_sndbuf:
  1216			set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
  1217	wait_for_memory:
  1218			ret = sk_stream_wait_memory(sk, &timeo);
  1219			if (ret) {
  1220	trim_sgl:
  1221				if (ctx->open_rec)
  1222					tls_trim_both_msgs(sk, orig_size);
  1223				goto send_end;
  1224			}
  1225	
  1226			if (ctx->open_rec && msg_en->sg.size < required_size)
  1227				goto alloc_encrypted;
  1228		}
  1229	
  1230		if (!num_async) {
  1231			goto send_end;
  1232		} else if (num_zc || eor) {
  1233			int err;
  1234	
  1235			/* Wait for pending encryptions to get completed */
  1236			err = tls_encrypt_async_wait(ctx);
  1237			if (err) {
  1238				ret = err;
  1239				copied = 0;
  1240			}
  1241		}
  1242	
  1243		/* Transmit if any encryptions have completed */
  1244		if (test_and_clear_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) {
  1245			cancel_delayed_work(&ctx->tx_work.work);
  1246			tls_tx_records(sk, msg->msg_flags);
  1247		}
  1248	
  1249	send_end:
  1250		ret = sk_stream_error(sk, msg->msg_flags, ret);
  1251		return copied > 0 ? copied : ret;
  1252	}
  1253	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ