From: Hannes Reinecke <hare@suse.de>
To: Sagi Grimberg <sagi@grimberg.me>
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org,
Chuck Lever <chuck.lever@oracle.com>,
kernel-tls-handshake@lists.linux.dev,
Hannes Reinecke <hare@suse.de>
Subject: [PATCH 07/18] net/tls: sanitize MSG_EOR handling
Date: Mon, 17 Apr 2023 15:02:51 +0200 [thread overview]
Message-ID: <20230417130302.86274-8-hare@suse.de> (raw)
In-Reply-To: <20230417130302.86274-1-hare@suse.de>
The TLS stack is using MSG_EOR internally, so the flag cannot be
set for sendmsg()/sendpage(). But to avoid having the caller to
check whether TLS is active modify the code to clear the MSG_EOR
flag. And blank out MSG_MORE / MSG_SENDPAGE_NOTLAST, too, as they
conflict with MSG_EOR anyway.
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
net/tls/tls_device.c | 10 ++++++++++
net/tls/tls_sw.c | 21 +++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index a7cc4f9faac2..38e44e216865 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -576,6 +576,10 @@ int tls_device_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
mutex_lock(&tls_ctx->tx_lock);
lock_sock(sk);
+ /* MSG_EOR conflicts with MSG_MORE, so clear both */
+ if (msg->msg_flags & MSG_EOR)
+ msg->msg_flags &= ~(MSG_EOR | MSG_MORE);
+
if (unlikely(msg->msg_controllen)) {
rc = tls_process_cmsg(sk, msg, &record_type);
if (rc)
@@ -604,6 +608,12 @@ int tls_device_sendpage(struct sock *sk, struct page *page,
if (flags & MSG_SENDPAGE_NOTLAST)
flags |= MSG_MORE;
+ /*
+ * MSG_EOR conflicts with MSG_MORE/MSG_SENDPAGE_NOTLAST,
+ * so clear all of them */
+ if (flags & MSG_EOR)
+ flags &= ~(MSG_EOR | MSG_SENDPAGE_NOTLAST | MSG_MORE);
+
mutex_lock(&tls_ctx->tx_lock);
lock_sock(sk);
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 827292e29f99..d0e6b7a04176 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -952,6 +952,11 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
int ret = 0;
int pending;
+ if (msg->msg_flags & MSG_EOR) {
+ eor = true;
+ /* MSG_EOR conflicts with MSG_MORE, so clear both */
+ msg->msg_flags &= ~(MSG_EOR | MSG_MORE);
+ }
if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
MSG_CMSG_COMPAT))
return -EOPNOTSUPP;
@@ -1274,6 +1279,14 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
int tls_sw_sendpage_locked(struct sock *sk, struct page *page,
int offset, size_t size, int flags)
{
+ /*
+ * MSG_EOR is invalid for TLS, and conflicts
+ * with MSG_MORE / MSG_SENDPAGE_NOTLAST.
+ * So clear all of them.
+ */
+ if (flags & MSG_EOR)
+ flags &= ~(MSG_MORE | MSG_SENDPAGE_NOTLAST | MSG_EOR);
+
if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
MSG_SENDPAGE_NOTLAST | MSG_SENDPAGE_NOPOLICY |
MSG_NO_SHARED_FRAGS))
@@ -1288,6 +1301,14 @@ int tls_sw_sendpage(struct sock *sk, struct page *page,
struct tls_context *tls_ctx = tls_get_ctx(sk);
int ret;
+ /*
+ * MSG_EOR is invalid for TLS, and conflicts
+ * with MSG_MORE / MSG_SENDPAGE_NOTLAST.
+ * So clear all of them.
+ */
+ if (flags & MSG_EOR)
+ flags &= ~(MSG_MORE | MSG_SENDPAGE_NOTLAST | MSG_EOR);
+
if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
MSG_SENDPAGE_NOTLAST | MSG_SENDPAGE_NOPOLICY))
return -EOPNOTSUPP;
--
2.35.3
next prev parent reply other threads:[~2023-04-17 13:03 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-17 13:02 [PATCHv3 00/18] nvme: In-kernel TLS support for TCP Hannes Reinecke
2023-04-17 13:02 ` [PATCH 01/18] nvme-keyring: register '.nvme' keyring Hannes Reinecke
2023-04-17 13:02 ` [PATCH 02/18] nvme-keyring: define a 'psk' keytype Hannes Reinecke
2023-04-17 13:02 ` [PATCH 03/18] nvme: add TCP TSAS definitions Hannes Reinecke
2023-04-17 13:02 ` [PATCH 04/18] nvme-tcp: add definitions for TLS cipher suites Hannes Reinecke
2023-04-17 13:02 ` [PATCH 05/18] nvme-keyring: implement nvme_tls_psk_default() Hannes Reinecke
2023-04-17 13:02 ` [PATCH 06/18] net/tls: implement ->read_sock() Hannes Reinecke
2023-04-17 15:14 ` Sagi Grimberg
2023-04-17 13:02 ` Hannes Reinecke [this message]
2023-04-17 15:19 ` [PATCH 07/18] net/tls: sanitize MSG_EOR handling Sagi Grimberg
2023-04-17 20:10 ` Jakub Kicinski
2023-04-18 10:07 ` Sagi Grimberg
2023-04-18 10:24 ` Hannes Reinecke
2023-04-18 10:39 ` Hannes Reinecke
2023-04-18 10:43 ` Sagi Grimberg
2023-04-18 11:02 ` Hannes Reinecke
2023-04-18 18:28 ` Jakub Kicinski
2023-04-17 13:02 ` [PATCH 08/18] nvme-tcp: do not set MSG_SENDPAGE_NOTLAST Hannes Reinecke
2023-04-17 15:10 ` Sagi Grimberg
2023-04-17 15:25 ` Hannes Reinecke
2023-04-17 15:28 ` Sagi Grimberg
2023-04-17 15:35 ` Hannes Reinecke
2023-04-17 20:16 ` Jakub Kicinski
2023-04-18 10:33 ` Hannes Reinecke
2023-04-18 18:21 ` Jakub Kicinski
2023-04-18 18:25 ` Hannes Reinecke
2023-04-17 13:02 ` [PATCH 09/18] security/keys: export key_lookup() Hannes Reinecke
2023-04-17 13:02 ` [PATCH 10/18] nvme/tcp: allocate socket file Hannes Reinecke
2023-04-17 13:02 ` [PATCH 11/18] nvme-tcp: enable TLS handshake upcall Hannes Reinecke
2023-04-17 15:26 ` Sagi Grimberg
2023-04-17 15:28 ` Hannes Reinecke
2023-04-17 15:31 ` Sagi Grimberg
2023-04-17 15:36 ` Hannes Reinecke
2023-04-18 5:52 ` Daniel Wagner
2023-04-18 9:38 ` Hannes Reinecke
2023-04-18 10:12 ` Sagi Grimberg
2023-04-18 10:28 ` Hannes Reinecke
2023-04-18 10:32 ` Sagi Grimberg
2023-04-18 10:33 ` Hannes Reinecke
2023-04-17 13:02 ` [PATCH 12/18] nvme-tcp: control message handling for recvmsg() Hannes Reinecke
2023-04-17 15:24 ` Sagi Grimberg
2023-04-17 15:26 ` Hannes Reinecke
2023-04-17 13:02 ` [PATCH 13/18] nvme-fabrics: parse options 'keyring' and 'tls_key' Hannes Reinecke
2023-04-17 13:02 ` [PATCH 14/18] nvmet: make TCP sectype settable via configfs Hannes Reinecke
2023-04-17 13:02 ` [PATCH 15/18] nvmet-tcp: allocate socket file Hannes Reinecke
2023-04-17 15:29 ` Sagi Grimberg
2023-04-17 13:03 ` [PATCH 16/18] nvmet-tcp: enable TLS handshake upcall Hannes Reinecke
2023-04-17 13:03 ` [PATCH 17/18] nvmet-tcp: control messages for recvmsg() Hannes Reinecke
2023-04-17 13:03 ` [PATCH 18/18] nvmet-tcp: add configfs attribute 'param_keyring' Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230417130302.86274-8-hare@suse.de \
--to=hare@suse.de \
--cc=chuck.lever@oracle.com \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.