Date: Thu, 20 Aug 2020 03:54:57 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: Brandon Bergren <bdragon@imap.cc>, Rick Macklem <rmacklem@FreeBSD.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r364409 - in head/sys: kern sys Message-ID: <QB1PR01MB3364B01560828F340F25B07EDD5A0@QB1PR01MB3364.CANPRD01.PROD.OUTLOOK.COM> In-Reply-To: <6659148c-b4c4-4f07-a2ae-9ff52dba62ed@www.fastmail.com> References: <202008192342.07JNgXKj056987@repo.freebsd.org>, <6659148c-b4c4-4f07-a2ae-9ff52dba62ed@www.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Done, I guess? I had never ever heard of this until now, but. by inspection, it seems to want the kernel only MSG_xxx flags listed, so I added MSG_TLSAPPDATA. If this is not correct, please let me know what needs to be done, rick ________________________________________ From: Brandon Bergren <bdragon@imap.cc> Sent: Wednesday, August 19, 2020 9:14 PM To: Rick Macklem; src-committers@freebsd.org; svn-src-all@freebsd.org; svn-= src-head@freebsd.org Subject: Re: svn commit: r364409 - in head/sys: kern sys CAUTION: This email originated from outside of the University of Guelph. Do= not click links or open attachments unless you recognize the sender and kn= ow the content is safe. If in doubt, forward suspicious emails to IThelp@uo= guelph.ca This broke world build. Please update the blacklist in lib/sysdecode/mktables. On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote: > Author: rmacklem > Date: Wed Aug 19 23:42:33 2020 > New Revision: 364409 > URL: https://svnweb.freebsd.org/changeset/base/364409 > > Log: > Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-applicat= ion TLS > data records. > > The kernel RPC cannot process non-application data records when > using TLS. It must to an upcall to a userspace daemon that will > call SSL_read() to process them. > > This patch adds a new flag called MSG_TLSAPPDATA that the kernel > RPC can use to tell sorecieve() to return ENXIO instead of a non-applic= ation > data record, when that is what is at the top of the receive queue. > I put the code in #ifdef KERN_TLS/#endif, although it will build withou= t > that, so that it is recognized as only useful when KERN_TLS is enabled. > The alternative to doing this is to have the kernel RPC re-queue the > non-application data message after receiving it, but that seems more > complicated and might introduce message ordering issues when there > are multiple non-application data records one after another. > > I do not know what, if any, changes will be required to support TLS1.3. > > Reviewed by: glebius > Differential Revision: https://reviews.freebsd.org/D25923 > > Modified: > head/sys/kern/uipc_socket.c > head/sys/sys/socket.h > > Modified: head/sys/kern/uipc_socket.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020 (r3= 64408) > +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020 (r3= 64409) > @@ -2056,6 +2056,32 @@ dontblock: > if (m !=3D NULL && m->m_type =3D=3D MT_CONTROL) { > struct mbuf *cm =3D NULL, *cmn; > struct mbuf **cme =3D &cm; > +#ifdef KERN_TLS > + struct cmsghdr *cmsg; > + struct tls_get_record tgr; > + > + /* > + * For MSG_TLSAPPDATA, check for a non-application data > + * record. If found, return ENXIO without removing > + * it from the receive queue. This allows a subsequent > + * call without MSG_TLSAPPDATA to receive it. > + * Note that, for TLS, there should only be a single > + * control mbuf with the TLS_GET_RECORD message in it. > + */ > + if (flags & MSG_TLSAPPDATA) { > + cmsg =3D mtod(m, struct cmsghdr *); > + if (cmsg->cmsg_type =3D=3D TLS_GET_RECORD && > + cmsg->cmsg_len =3D=3D CMSG_LEN(sizeof(tgr))) { > + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr)); > + /* This will need to change for TLS 1.3. */ > + if (tgr.tls_type !=3D TLS_RLTYPE_APP) { > + SOCKBUF_UNLOCK(&so->so_rcv); > + error =3D ENXIO; > + goto release; > + } > + } > + } > +#endif > > do { > if (flags & MSG_PEEK) { > > Modified: head/sys/sys/socket.h > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020 (r364408) > +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020 (r364409) > @@ -468,6 +468,7 @@ struct msghdr { > #endif > #ifdef _KERNEL > #define MSG_MORETOCOME 0x00100000 /* additional data pending = */ > +#define MSG_TLSAPPDATA 0x00200000 /* only soreceive() app. da= ta (TLS) */ > #endif > > /* > -- Brandon Bergren bdragon@imap.cc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?QB1PR01MB3364B01560828F340F25B07EDD5A0>