Commit 646fc4bd authored by Jakub Kicinski's avatar Jakub Kicinski

Merge branch 'tls-recvmsg-fixes'

Sabrina Dubroca says:

====================
tls: recvmsg fixes

The first two fixes are again related to async decrypt. The last one
is unrelated but I stumbled upon it while reading the code.
====================

Link: https://lore.kernel.org/r/cover.1711120964.git.sd@queasysnail.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents c1fd3a94 417e91e8
...@@ -1976,10 +1976,10 @@ int tls_sw_recvmsg(struct sock *sk, ...@@ -1976,10 +1976,10 @@ int tls_sw_recvmsg(struct sock *sk,
if (unlikely(flags & MSG_ERRQUEUE)) if (unlikely(flags & MSG_ERRQUEUE))
return sock_recv_errqueue(sk, msg, len, SOL_IP, IP_RECVERR); return sock_recv_errqueue(sk, msg, len, SOL_IP, IP_RECVERR);
psock = sk_psock_get(sk);
err = tls_rx_reader_lock(sk, ctx, flags & MSG_DONTWAIT); err = tls_rx_reader_lock(sk, ctx, flags & MSG_DONTWAIT);
if (err < 0) if (err < 0)
return err; return err;
psock = sk_psock_get(sk);
bpf_strp_enabled = sk_psock_strp_enabled(psock); bpf_strp_enabled = sk_psock_strp_enabled(psock);
/* If crypto failed the connection is broken */ /* If crypto failed the connection is broken */
...@@ -2152,12 +2152,15 @@ int tls_sw_recvmsg(struct sock *sk, ...@@ -2152,12 +2152,15 @@ int tls_sw_recvmsg(struct sock *sk,
} }
/* Drain records from the rx_list & copy if required */ /* Drain records from the rx_list & copy if required */
if (is_peek || is_kvec) if (is_peek)
err = process_rx_list(ctx, msg, &control, copied + peeked, err = process_rx_list(ctx, msg, &control, copied + peeked,
decrypted - peeked, is_peek, NULL); decrypted - peeked, is_peek, NULL);
else else
err = process_rx_list(ctx, msg, &control, 0, err = process_rx_list(ctx, msg, &control, 0,
async_copy_bytes, is_peek, NULL); async_copy_bytes, is_peek, NULL);
/* we could have copied less than we wanted, and possibly nothing */
decrypted += max(err, 0) - async_copy_bytes;
} }
copied += decrypted; copied += decrypted;
......
...@@ -1615,6 +1615,40 @@ TEST_F(tls, getsockopt) ...@@ -1615,6 +1615,40 @@ TEST_F(tls, getsockopt)
EXPECT_EQ(errno, EINVAL); EXPECT_EQ(errno, EINVAL);
} }
TEST_F(tls, recv_efault)
{
char *rec1 = "1111111111";
char *rec2 = "2222222222";
struct msghdr hdr = {};
struct iovec iov[2];
char recv_mem[12];
int ret;
if (self->notls)
SKIP(return, "no TLS support");
EXPECT_EQ(send(self->fd, rec1, 10, 0), 10);
EXPECT_EQ(send(self->fd, rec2, 10, 0), 10);
iov[0].iov_base = recv_mem;
iov[0].iov_len = sizeof(recv_mem);
iov[1].iov_base = NULL; /* broken iov to make process_rx_list fail */
iov[1].iov_len = 1;
hdr.msg_iovlen = 2;
hdr.msg_iov = iov;
EXPECT_EQ(recv(self->cfd, recv_mem, 1, 0), 1);
EXPECT_EQ(recv_mem[0], rec1[0]);
ret = recvmsg(self->cfd, &hdr, 0);
EXPECT_LE(ret, sizeof(recv_mem));
EXPECT_GE(ret, 9);
EXPECT_EQ(memcmp(rec1, recv_mem, 9), 0);
if (ret > 9)
EXPECT_EQ(memcmp(rec2, recv_mem + 9, ret - 9), 0);
}
FIXTURE(tls_err) FIXTURE(tls_err)
{ {
int fd, cfd; int fd, cfd;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment