From: Hannes Reinecke <hare@suse.de>
To: Christoph Hellwig <hch@lst.de>
Cc: Sagi Grimberg <sagi@grimberg.me>, Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org, Jakub Kicinski <kuba@kernel.org>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, Hannes Reinecke <hare@suse.de>
Subject: [PATCH] net/tls: avoid TCP window full during ->read_sock()
Date: Thu, 3 Aug 2023 12:08:09 +0200 [thread overview]
Message-ID: <20230803100809.29864-1-hare@suse.de> (raw)
When flushing the backlog after decoding each record in ->read_sock()
we may end up with really long records, causing a TCP window full as
the TCP window would only be increased again after we process the
record. So we should rather process the record first to allow the
TCP window to be increased again before flushing the backlog.
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
net/tls/tls_sw.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 9c1f13541708..57db189b29b0 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2240,7 +2240,6 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
tlm = tls_msg(skb);
} else {
struct tls_decrypt_arg darg;
- int to_decrypt;
err = tls_rx_rec_wait(sk, NULL, true, released);
if (err <= 0)
@@ -2248,20 +2247,16 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
memset(&darg.inargs, 0, sizeof(darg.inargs));
- rxm = strp_msg(tls_strp_msg(ctx));
- tlm = tls_msg(tls_strp_msg(ctx));
-
- to_decrypt = rxm->full_len - prot->overhead_size;
-
err = tls_rx_one_record(sk, NULL, &darg);
if (err < 0) {
tls_err_abort(sk, -EBADMSG);
goto read_sock_end;
}
- released = tls_read_flush_backlog(sk, prot, rxm->full_len, to_decrypt,
- decrypted, &flushed_at);
skb = darg.skb;
+ /* TLS 1.3 may have updated the length by more than overhead */
+ rxm = strp_msg(skb);
+ tlm = tls_msg(skb);
decrypted += rxm->full_len;
tls_rx_rec_done(ctx);
@@ -2280,6 +2275,12 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
goto read_sock_requeue;
}
copied += used;
+ /*
+ * flush backlog after processing the TLS record, otherwise we might
+ * end up with really large records and triggering a TCP window full.
+ */
+ released = tls_read_flush_backlog(sk, prot, decrypted - copied, decrypted,
+ copied, &flushed_at);
if (used < rxm->full_len) {
rxm->offset += used;
rxm->full_len -= used;
--
2.35.3
next reply other threads:[~2023-08-03 10:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-03 10:08 Hannes Reinecke [this message]
2023-08-05 0:57 ` [PATCH] net/tls: avoid TCP window full during ->read_sock() Jakub Kicinski
2023-08-07 7:08 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230803100809.29864-1-hare@suse.de \
--to=hare@suse.de \
--cc=edumazet@google.com \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).