Re: [PATCH net-next v10 3/7] tls: Re-present partially-consumed records in tls_sw_read_sock()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sabrina Dubroca <sd@queasysnail.net>
To: Chuck Lever <cel@kernel.org>
Cc: John Fastabend <john.fastabend@gmail.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Eric Dumazet <edumazet@google.com>,
	Simon Horman <horms@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	netdev@vger.kernel.org, kernel-tls-handshake@lists.linux.dev,
	Chuck Lever <chuck.lever@oracle.com>,
	Sagi Grimberg <sagi@grimberg.me>
Subject: Re: [PATCH net-next v10 3/7] tls: Re-present partially-consumed records in tls_sw_read_sock()
Date: Tue, 12 May 2026 14:52:59 +0200	[thread overview]
Message-ID: <agMiq7CULgkRzd_E@krikkit> (raw)
In-Reply-To: <20260511-tls-read-sock-v10-3-279fc5015f0e@oracle.com>

2026-05-11, 19:25:54 -0400, Chuck Lever wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> When read_actor() accepts only part of a record but desc->count
> is still non-zero, the receive loop currently falls through to
> the next iteration without freeing or requeuing the partially
> consumed skb. The next iteration overwrites skb, leaking the
> remainder of the current record and silently dropping stream
> data.
> 
> __tcp_read_sock() handles the same case by leaving the unread
> bytes available for the next iteration to re-present, though
> its mechanism (sequence-number re-lookup) differs from the TLS
> path's explicit queue management. Adopt the same loop-level
> behavior here: update rxm->offset and rxm->full_len, requeue
> the skb to the head of rx_list, and continue. The next
> iteration pops the same skb and re-presents the unread bytes
> to read_actor().
> 
> Fixes: 662fbcec32f4 ("net/tls: implement ->read_sock()")

Fixes typically go through "net", not "net-next".

> Cc: Sagi Grimberg <sagi@grimberg.me>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>  net/tls/tls_sw.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
> index 559bef05fee4..40cb0a92d88a 100644
> --- a/net/tls/tls_sw.c
> +++ b/net/tls/tls_sw.c
> @@ -2411,13 +2411,13 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
>  		if (used < rxm->full_len) {
>  			rxm->offset += used;
>  			rxm->full_len -= used;
> -			if (!desc->count)
> -				goto read_sock_requeue;
> -		} else {
> -			consume_skb(skb);
> -			if (!desc->count)
> -				break;
> +			__skb_queue_head(&ctx->rx_list, skb);
> +			skb = NULL;

Here you're NULLing a "stolen" skb...

> +			continue;

It doesn't make much sense to me to loop again if !desc->count, we'll
just dequeue the same skb again and go back to read_actor(). Do we
expect read_actor to do more work if we call it again once dest->count
has reached 0?

>  		}
> +		consume_skb(skb);

...but not here.
(which I don't find particularly useful in either case)

> +		if (!desc->count)
> +			break;

Maybe then change the loop to

    while (desc->count)


We'd end up with

	while (desc->count) {
		// ...
		if (used < rxm->full_len) {
			rxm->offset += used;
			rxm->full_len -= used;
			__skb_queue_head(&ctx->rx_list, skb);
		} else {
			consume_skb(skb);
		}
	}

-- 
Sabrina

next prev parent reply	other threads:[~2026-05-12 12:53 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-11 23:25 [PATCH net-next v10 0/7] tls: receive-path fixes and clean-ups Chuck Lever
2026-05-11 23:25 ` [PATCH net-next v10 1/7] tls: Move decrypt-failure abort into tls_rx_one_record() Chuck Lever
2026-05-11 23:25 ` [PATCH net-next v10 2/7] tls: Avoid evaluating freed skb in tls_sw_read_sock() loop Chuck Lever
2026-05-11 23:25 ` [PATCH net-next v10 3/7] tls: Re-present partially-consumed records in tls_sw_read_sock() Chuck Lever
2026-05-12 12:52   ` Sabrina Dubroca [this message]
2026-05-13  0:17     ` Jakub Kicinski
2026-05-13  1:11       ` Chuck Lever
2026-05-13  1:24         ` Jakub Kicinski
2026-05-11 23:25 ` [PATCH net-next v10 4/7] tls: Factor tls_strp_msg_consume() from tls_strp_msg_done() Chuck Lever
2026-05-11 23:25 ` [PATCH net-next v10 5/7] tls: Suppress spurious saved_data_ready on all receive paths Chuck Lever
2026-05-11 23:25 ` [PATCH net-next v10 6/7] tls: Flush backlog before waiting for a new record Chuck Lever
2026-05-11 23:25 ` [PATCH net-next v10 7/7] tls: Preserve sk_err across recvmsg() when data has been copied Chuck Lever

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=agMiq7CULgkRzd_E@krikkit \
    --to=sd@queasysnail.net \
    --cc=cel@kernel.org \
    --cc=chuck.lever@oracle.com \
    --cc=edumazet@google.com \
    --cc=horms@kernel.org \
    --cc=john.fastabend@gmail.com \
    --cc=kernel-tls-handshake@lists.linux.dev \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=sagi@grimberg.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.