From: Sabrina Dubroca <sd@queasysnail.net>
To: Chuck Lever <cel@kernel.org>
Cc: john.fastabend@gmail.com, kuba@kernel.org, davem@davemloft.net,
edumazet@google.com, pabeni@redhat.com, horms@kernel.org,
netdev@vger.kernel.org
Subject: Re: [PATCH net] net/tls: Consume empty data records in tls_sw_read_sock()
Date: Thu, 2 Jul 2026 20:05:17 +0200 [thread overview]
Message-ID: <akaoXcfamBp8_mYe@krikkit> (raw)
In-Reply-To: <20260630191551.875664-1-cel@kernel.org>
2026-06-30, 15:15:51 -0400, Chuck Lever wrote:
> A peer may send a zero-length TLS application_data record; TLS 1.3
> explicitly permits these as a traffic-analysis countermeasure (RFC
> 8446, Section 5.1). After decryption such a record has full_len ==
> 0. tls_sw_read_sock() hands it to the read_actor, which has no
> payload to consume and returns zero. The loop treats a zero return
> as backpressure (used <= 0), requeues the skb at the head of
> rx_list, and stops. rx_list is serviced head-first on the next
> call, so the empty record is dequeued, fails the same way, and is
> requeued again; every later record on the connection is blocked
> behind it.
>
> tls_sw_recvmsg() does not stall on this: a zero-length data record
> copies nothing and falls through to consume_skb(). Mirror that in
> the read_sock() path by recognizing an empty data record before
> the actor runs, consuming it, and continuing.
>
> Fixes: 662fbcec32f4 ("net/tls: implement ->read_sock()")
> Signed-off-by: Chuck Lever <cel@kernel.org>
> ---
> net/tls/tls_sw.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
I think tls_sw_splice_read() suffers from a similar issue (returning 0
even though more data may be available). Sashiko agrees, and also
found a few more pre-existing issues.
--
Sabrina
next prev parent reply other threads:[~2026-07-02 18:05 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-30 19:15 [PATCH net] net/tls: Consume empty data records in tls_sw_read_sock() Chuck Lever
2026-07-02 18:05 ` Sabrina Dubroca [this message]
2026-07-02 19:52 ` Chuck Lever
2026-07-02 21:50 ` Sabrina Dubroca
2026-07-03 21:07 ` Chuck Lever
2026-07-06 19:16 ` Chuck Lever
2026-07-07 7:58 ` Sabrina Dubroca
2026-07-07 8:10 ` Paolo Abeni
2026-07-07 8:20 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=akaoXcfamBp8_mYe@krikkit \
--to=sd@queasysnail.net \
--cc=cel@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.