From: "liujian (CE)" <liujian56@huawei.com>
To: Sabrina Dubroca <sd@queasysnail.net>
Cc: <borisp@nvidia.com>, <john.fastabend@gmail.com>,
<kuba@kernel.org>, <davem@davemloft.net>, <edumazet@google.com>,
<pabeni@redhat.com>, <vfedorenko@novek.ru>,
<netdev@vger.kernel.org>
Subject: Re: [PATCH net] tls: do not return error when the tls_bigint overflows in tls_advance_record_sn()
Date: Sat, 9 Sep 2023 15:58:41 +0800 [thread overview]
Message-ID: <c1a566db-4e6a-c437-b5db-bb380c74c452@huawei.com> (raw)
In-Reply-To: <ZPtO1VDcYSIFVnie@hog>
On 2023/9/9 0:41, Sabrina Dubroca wrote:
> 2023-09-07, 20:59:51 +0800, liujian (CE) wrote:
>> By the way, does the return of EBADMSG mean that the tls link needs to
>> renegotiate the encryption information or re-establish the link?
>
> We currently don't support key updates so closing this socket is the
> only option for now. AFAIU when we set EBADMSG, we can't fix that socket.
>
Got it, thank you for your explanation.
>> And is this okay?
>
> Yes, this is what I had in mind.
>
Will send v2, thanks.
>> diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
>> index 1ed4a611631f..d1fc295b83b5 100644
>> --- a/net/tls/tls_sw.c
>> +++ b/net/tls/tls_sw.c
>> @@ -817,7 +817,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg,
>> struct sock *sk,
>> psock = sk_psock_get(sk);
>> if (!psock || !policy) {
>> err = tls_push_record(sk, flags, record_type);
>> - if (err && sk->sk_err == EBADMSG) {
>> + if (err && err != -EINPROGRESS && sk->sk_err == EBADMSG) {
>> *copied -= sk_msg_free(sk, msg);
>> tls_free_open_rec(sk);
>> err = -sk->sk_err;
>> @@ -846,7 +846,7 @@ static int bpf_exec_tx_verdict(struct sk_msg *msg,
>> struct sock *sk,
>> switch (psock->eval) {
>> case __SK_PASS:
>> err = tls_push_record(sk, flags, record_type);
>> - if (err && sk->sk_err == EBADMSG) {
>> + if (err && err != -EINPROGRESS && sk->sk_err == EBADMSG) {
>> *copied -= sk_msg_free(sk, msg);
>> tls_free_open_rec(sk);
>> err = -sk->sk_err;
>
prev parent reply other threads:[~2023-09-09 7:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-06 6:52 [PATCH net] tls: do not return error when the tls_bigint overflows in tls_advance_record_sn() Liu Jian
2023-09-06 11:02 ` Sabrina Dubroca
2023-09-06 15:02 ` Jakub Kicinski
2023-09-06 15:14 ` Sabrina Dubroca
2023-09-07 12:59 ` liujian (CE)
2023-09-08 16:41 ` Sabrina Dubroca
2023-09-09 7:58 ` liujian (CE) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c1a566db-4e6a-c437-b5db-bb380c74c452@huawei.com \
--to=liujian56@huawei.com \
--cc=borisp@nvidia.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sd@queasysnail.net \
--cc=vfedorenko@novek.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).