From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from fout-b8-smtp.messagingengine.com (fout-b8-smtp.messagingengine.com [202.12.124.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7743E32937A for ; Thu, 2 Jul 2026 18:05:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.151 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783015524; cv=none; b=EoaYOl+lveInZ5WcMM/UC7LcfqIfGcihym7pZDPfVlVXpIDJGHeW/OWukHbSTpJnm2ZRyQ67fQWa/vgivlTaRRye5rmbgNKVnCAvWRfrOFuU/pIOhRbA/jr7QRcnRTXW36TswUdNgU7xRmZQLo1R0RZzc5IZ4UohlOxwtPCLWI8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783015524; c=relaxed/simple; bh=ay6NJKkDQizb5EQ1lM5X3BJfLV8jZQnbR96BcuA03dY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=mMG0XC9ygKFuoD4yf01fdLeICDXxsmxHcltalm3WdYjGD/wE4pCeMqDuIsrXC8H9SefApltaIfS7BkfLKaGtTIjzAfeeDJHF+Aa0UzWKYAUjY/efnYnxBLzPXqmawQKXB5qRyqr3OHoPi6NhZknoXiRTjH5MvTEXxB3jXt2G2IE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=queasysnail.net; spf=pass smtp.mailfrom=queasysnail.net; dkim=pass (2048-bit key) header.d=queasysnail.net header.i=@queasysnail.net header.b=NFYfDvoQ; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=oKror4K3; arc=none smtp.client-ip=202.12.124.151 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=queasysnail.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=queasysnail.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=queasysnail.net header.i=@queasysnail.net header.b="NFYfDvoQ"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="oKror4K3" Received: from phl-compute-03.internal (phl-compute-03.internal [10.202.2.43]) by mailfout.stl.internal (Postfix) with ESMTP id 967861D00086; Thu, 2 Jul 2026 14:05:20 -0400 (EDT) Received: from phl-frontend-04 ([10.202.2.163]) by phl-compute-03.internal (MEProxy); Thu, 02 Jul 2026 14:05:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=queasysnail.net; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1783015520; x= 1783101920; bh=VQ37vJ23hrjvK+nRNASQiJ26vFguBJ/W07YUaAa5YI4=; b=N FYfDvoQiyLzx2Wpl68G/u3FwwE7kCCvuvpFHE33FvqboFh2rVWWdKKrVCNtlZcAl xrOPk1aiObkEPaAGwBKscsQPLggwDX0hfbdURVaxffdLrCpG5KXqVmt8BPAiF216 zj6la47jyU0xZEE1AG6s2CqaRXv2W3AtZ/jGWlOQsdwgUsEnIuR9AGzxAI0drYSp mpQKYVwmxx/5ia9qOFRmRQ7bFraLSlDyw5rv8I2T1RSbyThIQ14sBfxXKvkQf59w hvAUbgXdpZDzR9Wm3tQ5qkNZJCi3VoulTDi2K7iAOd/TI6d7u0jw2B+3DH6o9WkL XMar0SBasw4zr5enMQR+Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1783015520; x=1783101920; bh=VQ37vJ23hrjvK+nRNASQiJ26vFguBJ/W07Y UaAa5YI4=; b=oKror4K3HD876y4/6iaJ2uZDX6mkBjUmWZO5HK7+IuHItgDobbv dObJfsCCBtv+Qguu8ALfs0uXTiu/X/2JHMZcvhKh8UiGEW1DTTcB7KGEzuWAcbap ktZTGV9JRN9oS0FsGWOb+snlPZUDpAVntJHYtD33iuDKCsCZPRH+JM64PDz/w62S j8iPGtoc9ABrEuy3raN3/dlOpAVAZ4ROaGOFP1TtcXkbzINhXx4CS44yp7MS5OvO RDch7H5fl3dv8Vg7af4OuuzMsicwQt2aGNJ1/p/VyUuQcBDUbYxH7+/OVkTPWNE3 LE5bKdOxgTcOW6IDTpdHGxK6EBAVTqUkVjQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: dmFkZTE56gm/OCh4BAfqn5/e91qV1mIatQrhMrwmRutGnFI9cE+etz40wLwftfzG6YFwQV QXtcgqpEG2UDB1bDzbXDSPvNYfn081NQ69Acn5fiPIHhfy2Ygr1CAhi3BM2fqjU0rfv906 dpbJesBnwSw0OsCjSu3rfME7QnqnAQfySO+nYe52WEgmXEUJXEvwI/9CBYxeJbDGA4+blB RGrZ5Tuk8sSKVtGZnMNCafsN2gUjUiORcNU/FylVLK0P3x04nLVjLKqZV8sKKcaNr0IKbH kkcEWeknXOrlNJU5D71MeONuPwyv8cpp/m719I5SubbS+K4C+jZHPvz9TbdF+Cupx9qgR3 hS3+YCuq/vaNeRhew2+egnd1ZNwi1iih3heX1E10mb5pw0QG7CIh1CGw8J0gl/d/nzZelj 4hQlFsbECwgzFLmlFVKOaZ3A9wivUp7cx3MNniBH7y3OKDOqaP+Pu3OYlYs4/pXpJilybz Iej8PwMvpgf7F6D8d1N7VYC/WlBDfwEpFsaciTb+HXyTaqHflsVE9pX9cXffyTQpFlPwER pB3/AAxqvR7y1jEoMqoSjo5UFTKHTeYa+WuE1DwYO0hEbtSvr9YmUkkz9AS16RlS2z95Lw eexDB68zGs6eyuEtdyJp0A0SYSFeCy+27pGizUzyoYSJ0ZuOqZGl/KNL22xg X-ME-Proxy: Feedback-ID: i934648bf:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 2 Jul 2026 14:05:19 -0400 (EDT) Date: Thu, 2 Jul 2026 20:05:17 +0200 From: Sabrina Dubroca To: Chuck Lever Cc: john.fastabend@gmail.com, kuba@kernel.org, davem@davemloft.net, edumazet@google.com, pabeni@redhat.com, horms@kernel.org, netdev@vger.kernel.org Subject: Re: [PATCH net] net/tls: Consume empty data records in tls_sw_read_sock() Message-ID: References: <20260630191551.875664-1-cel@kernel.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20260630191551.875664-1-cel@kernel.org> 2026-06-30, 15:15:51 -0400, Chuck Lever wrote: > A peer may send a zero-length TLS application_data record; TLS 1.3 > explicitly permits these as a traffic-analysis countermeasure (RFC > 8446, Section 5.1). After decryption such a record has full_len == > 0. tls_sw_read_sock() hands it to the read_actor, which has no > payload to consume and returns zero. The loop treats a zero return > as backpressure (used <= 0), requeues the skb at the head of > rx_list, and stops. rx_list is serviced head-first on the next > call, so the empty record is dequeued, fails the same way, and is > requeued again; every later record on the connection is blocked > behind it. > > tls_sw_recvmsg() does not stall on this: a zero-length data record > copies nothing and falls through to consume_skb(). Mirror that in > the read_sock() path by recognizing an empty data record before > the actor runs, consuming it, and continuing. > > Fixes: 662fbcec32f4 ("net/tls: implement ->read_sock()") > Signed-off-by: Chuck Lever > --- > net/tls/tls_sw.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) Reviewed-by: Sabrina Dubroca I think tls_sw_splice_read() suffers from a similar issue (returning 0 even though more data may be available). Sashiko agrees, and also found a few more pre-existing issues. -- Sabrina