From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6141A3955D5; Mon, 25 May 2026 20:30:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779741030; cv=none; b=UcdxFXsDx5z0kTqaeUdMcIO0g49EQ4I5Ik2DBg5a+2XEaLKcO9XzzDp5M5bXcp8LoXdkapqK3xPYbGd/biQO0xbOyFyeHoZHVoPnj5prVjEE9vVIRjEjgpkpq8R5ORTnXkI9aI3poz4f3ADQbN7ddPVMtmNWsaRY2Knbak8M/tw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779741030; c=relaxed/simple; bh=0WaWRxHBFl1JaQtnfdsveWSUkhyLcusZa4kO1gdJjtI=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XZVf2V3Q2eSWbibOWtdTeeT2ayW/M8Z7R3x6PNDW9KntKL2fuXzcis6DQtrE1dyxBkeBE1kYQX4Duj/X5rkUpyVKOABf5gKKjbhqRJd9t9o/p9wffQmIh+kJDWXoPDbzaiGa5sBWrM9l0KjgWba0gLAZHrFrqN8dRIA9DXFZscs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Nc/02I2X; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Nc/02I2X" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B35421F00A3D; Mon, 25 May 2026 20:30:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel.org; s=k20260515; t=1779741029; bh=0WaWRxHBFl1JaQtnfdsveWSUkhyLcusZa4kO1gdJjtI=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=Nc/02I2XFVJiatDMFP5VygLJJKycokachH1SOvzsgTl2PC1rHBRW7XgQqU1I8dBfM nT5lwCw42ktihGNOAquHqLTZ1+FtyQjsFM9aNlQMZO/356YkqmHxLfLTaAWxvg6MNl wqCKRzAPTH5p0f+LicOlOyY0nyiauKPqSeJlADAhX8a10Ya8n5vepIjLHPCCHv3w14 KxK9pMZLScq3GrduBc4A2it9x8uW45M5+wKalZdWFED4XaZ7th2EVSG0NOHJgJ2Usr 0UJVeig5KCOlcQHweYmUwjW/KbFD7htxsxn7Dzj4xRpr+raqknYLkEe/RUquE6OWe2 WHQlYsncsZ2CQ== Date: Mon, 25 May 2026 13:30:28 -0700 From: Jakub Kicinski To: Christopher Lusk Cc: John Fastabend , Sabrina Dubroca , "David S. Miller" , Eric Dumazet , Paolo Abeni , Simon Horman , Shuah Khan , Alexei Starovoitov , Daniel Borkmann , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH net v2 1/2] net: tls: preserve split open record on async encrypt Message-ID: <20260525133028.58494274@kernel.org> In-Reply-To: <20260521025840.976378-2-clusk@northecho.dev> References: <20260521025840.976378-1-clusk@northecho.dev> <20260521025840.976378-2-clusk@northecho.dev> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Wed, 20 May 2026 22:58:39 -0400 Christopher Lusk wrote: > When the BPF sk_msg verdict sets apply_bytes smaller than the current > open record, tls_push_record() splits ctx->open_rec into the record > being encrypted and a remainder record. The synchronous path reattaches > the remainder to ctx->open_rec before continuing. The current understanding is that this code has no real users. So let's try clear async_capable if BPF is attached and avoid all these bugs in record handling, please? The savings from zero copy are negligible.