From: Sabrina Dubroca <sd@queasysnail.net>
To: "liujian (CE)" <liujian56@huawei.com>
Cc: borisp@nvidia.com, john.fastabend@gmail.com, kuba@kernel.org,
davem@davemloft.net, edumazet@google.com, pabeni@redhat.com,
vfedorenko@novek.ru, netdev@vger.kernel.org
Subject: Re: [PATCH net] tls: do not return error when the tls_bigint overflows in tls_advance_record_sn()
Date: Fri, 8 Sep 2023 18:41:57 +0200 [thread overview]
Message-ID: <ZPtO1VDcYSIFVnie@hog> (raw)
In-Reply-To: <a6dec380-1ebc-d495-da67-7bd61525d4a8@huawei.com>
2023-09-07, 20:59:51 +0800, liujian (CE) wrote:
> By the way, does the return of EBADMSG mean that the tls link needs to
> renegotiate the encryption information or re-establish the link?
We currently don't support key updates so closing this socket is the
only option for now. AFAIU when we set EBADMSG, we can't fix that socket.
> And is this okay?
Yes, this is what I had in mind.
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
> index 1ed4a611631f..d1fc295b83b5 100644
> --- a/net/tls/tls_sw.c
> +++ b/net/tls/tls_sw.c
> @@ -817,7 +817,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg,
> struct sock *sk,
> psock = sk_psock_get(sk);
> if (!psock || !policy) {
> err = tls_push_record(sk, flags, record_type);
> - if (err && sk->sk_err == EBADMSG) {
> + if (err && err != -EINPROGRESS && sk->sk_err == EBADMSG) {
> *copied -= sk_msg_free(sk, msg);
> tls_free_open_rec(sk);
> err = -sk->sk_err;
> @@ -846,7 +846,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg,
> struct sock *sk,
> switch (psock->eval) {
> case __SK_PASS:
> err = tls_push_record(sk, flags, record_type);
> - if (err && sk->sk_err == EBADMSG) {
> + if (err && err != -EINPROGRESS && sk->sk_err == EBADMSG) {
> *copied -= sk_msg_free(sk, msg);
> tls_free_open_rec(sk);
> err = -sk->sk_err;
--
Sabrina
next prev parent reply other threads:[~2023-09-08 16:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-06 6:52 [PATCH net] tls: do not return error when the tls_bigint overflows in tls_advance_record_sn() Liu Jian
2023-09-06 11:02 ` Sabrina Dubroca
2023-09-06 15:02 ` Jakub Kicinski
2023-09-06 15:14 ` Sabrina Dubroca
2023-09-07 12:59 ` liujian (CE)
2023-09-08 16:41 ` Sabrina Dubroca [this message]
2023-09-09 7:58 ` liujian (CE)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZPtO1VDcYSIFVnie@hog \
--to=sd@queasysnail.net \
--cc=borisp@nvidia.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=liujian56@huawei.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=vfedorenko@novek.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.