From owner-svn-src-all@freebsd.org Thu Aug 20 03:55:01 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BDDAD3AD71B; Thu, 20 Aug 2020 03:55:01 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-to1can01on062b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5d::62b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BX9lS42MNz3Wf5; Thu, 20 Aug 2020 03:55:00 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cfp5zW01BmvyLagKfzgKUqP/izlonOYuBMaDFKQOFA74OrKEtAXt0vl4LxguHWmI8fzj3Or2xJOdohPZDWBE3YDdBK5Q9W3z7TxsPKZkIRz/sYUukmYHRutDx26NADYsD1BGmqCnJ5MguOhR9fFePSaKF3Typ3UcYnn6If1SBC7iC+x6ZCHdLbqiquk4MDhiNPzdOwfNnlV7M4VpvaOc3dIk5UqSBFHzmJXeF+ev72BzIkSUwQ+4MGW1QuVVmVSOfb/hp2TNdr3XqErOH4k4G75ykVHfo4zvhYYp0164bMRJwIKuK3geXZxc9tfznYfJ/mF5yDbfJJeMrkZ3XoEbUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BQqdX9iPyeO1+4aOXJwXH27lYAq3NrYxP0MSlY4SKiA=; b=QeEa23T0QdZ2ITt+G1oCYMSfiUaKvbzWTwxTY6F3BpB9edcXo+a67w/Ez5yc/53/ub5NsQ2BUJK/coQ6ntR1sMwnUfaIbgfSRY6m4m7QHlnYxZA4CA2Mf2LoWVERZgLeROo/i//aI0lLusIRvqOuZy5ZobGsBXsmEkcklkUWQJBl3yxAL6zh45JZaxq/hJUKvWDtc7KIUzC5EzIj/H1jL+t4Eu62hrGNzRraS/xurmwJOV8mLSwicgNpm/L5jI0wH91oWYSJjm2BPWlwnOu9o+uGSoJrq6XGRAU4pvCWHO3cczaNzrt3F/d7SWUDpo1osVpob3klCcyj7jGgzM9Y/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BQqdX9iPyeO1+4aOXJwXH27lYAq3NrYxP0MSlY4SKiA=; b=atnwHBzKm9RkpfGe6SAqjyANINEF3JbdVzCt/iJRD9IYVOahfOqOAgKAsbP7a9mQ7GycylF/1WA62eS/mjeBOJPquqYCqHekYenwv7fc6vQJZNEM+FaBnJsJxsJXeR3c/2B408TQLhF/qP5z89J9o+IzTsKTE6GdVTEAm/WwwFgLA6KYo+NTMFcKM7WrFtXQgIRshFIeEVybG5fQml5EZjyO2uKz7NSyeHPOFkn6FjCdJa2N/5sYf5zaVEEEK7wIZ9aheE/I97Gw+fDQTyr6RFAAntSXrEzBC1qm3yd7zt7NlmjDuu3Yd9nDtyMJXNB1glb5iIcRyrijgJIW8q37pg== Received: from QB1PR01MB3364.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:38::14) by QB1PR01MB3731.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:34::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.25; Thu, 20 Aug 2020 03:54:58 +0000 Received: from QB1PR01MB3364.CANPRD01.PROD.OUTLOOK.COM ([fe80::e89a:a655:91ca:4e63]) by QB1PR01MB3364.CANPRD01.PROD.OUTLOOK.COM ([fe80::e89a:a655:91ca:4e63%5]) with mapi id 15.20.3283.028; Thu, 20 Aug 2020 03:54:57 +0000 From: Rick Macklem To: Brandon Bergren , Rick Macklem , "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Subject: Re: svn commit: r364409 - in head/sys: kern sys Thread-Topic: svn commit: r364409 - in head/sys: kern sys Thread-Index: AQHWdoJvJLvEoJDjUEK6Q3f09mJvEqlAMW6AgAAsdvM= Date: Thu, 20 Aug 2020 03:54:57 +0000 Message-ID: References: <202008192342.07JNgXKj056987@repo.freebsd.org>, <6659148c-b4c4-4f07-a2ae-9ff52dba62ed@www.fastmail.com> In-Reply-To: <6659148c-b4c4-4f07-a2ae-9ff52dba62ed@www.fastmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ef87f6ec-e006-419e-8274-08d844bcce58 x-ms-traffictypediagnostic: QB1PR01MB3731: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: sjrtF9EJ14CDpBomeoZs0O1rYtitTYB4k87UHur6Tl6koUaeHd9uHTnYcNBT9dXPfoq4v1AUJIsbJXAq4KVEGwLswqMqAFvgsMToepePiGQfWpGF2yoEPoq8xTfxeV1HrNGgH2nTBJ+89Kjf61r/HzXL2VRcSQhTxePh0YewTmy7VXmmMPvWM63b4QEHXlyGODHFoQryWOQeC7VEDtv3kZGRk/WYpD+12bvNVvP0XrgvYrATaAawUxuEpnydgcVcaqDyF4lV+3AwlPl9P/81gzuuT5b/p2p+fofXDK7QJTU9HA2TMs9b5Rh4CwTcJoM+6JXLEPMM1xP7c8C3e+96+v8yYWFhCfeR2tL6c+x0KUT9yDvKmjB3eAmPutZFjjHtpxf7dzcVVEn3k4K1ibAiXWtpOg1MGywzu9DWh5l6HjOkU0Q933srvSljcRrd5brAoist2WkcWsHyrNS2cmHH1w== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:QB1PR01MB3364.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(396003)(366004)(39860400002)(136003)(346002)(376002)(91956017)(966005)(76116006)(8676002)(71200400001)(64756008)(66556008)(9686003)(66946007)(478600001)(7696005)(55016002)(66446008)(66476007)(2906002)(786003)(86362001)(316002)(110136005)(33656002)(186003)(8936002)(53546011)(52536014)(6506007)(83380400001)(5660300002)(21314003); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: +s7sJlO+oKZTWQLeXbNf4BL3ZDjXAiLUdfiqndyWUjfDBHVfm594mbKFlQlkjy12V7mv3t0bkHghjt37cUfnFHrrx2wXD77uuQ18bWDDInM73h3nIVjxbZ19XeQ6AplA4UDkyWedwpm+yq0lsQWwI2Z3LaanVX7OCkGe+XoDVVB+OaQuY3I0uUsLMpB+CCYGYYUsn2///EMNWlZpe8c0tM+c4ayy6r8oeJtV9OoArYP6Lychs+Ed0U45Ys72rkvl4kS5s28wQrUkZ7FegZZRcm6cDWV1CUhxxO3C4O8yQJQk8X3+bIEtrMJA4PD2yDNE6em0aU4Rk+GOKXRAcFR8y82B8QnWnU30ya1Sh82i8Fun5Ct42IQaCEL+Ed46MeniSLIvl6s5t9LwZ+ajNUPhBTThEuapeStaH9jbssR2suGFFtg684UU6SpJ7LyHQKule5ewHr2c6kDmwXEnxc1Qnoz/YJSzAmnOYWAjKcztp083z2353rsPvJCJKYjVjFfcbgWPLXE9Kqd9Q8bCjZUxTRMa2gGtSJAA9ytnMw6jClOWIUPUCvdPmErrkySs2PLqX9aUbvI1CAmb+lroiJDD8w7TNIZr9P8M0aKVQSEBWcH0PNPp4vXOOGu/OmyIFgbnZPYx0lkt/JAFUzGDlS4+bIqdMCt2Pc8MTG2+84VDAymSr2qLxGst530cogCAe3YKMNeYnAGa8hkTLEFSAnIL2A== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: QB1PR01MB3364.CANPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: ef87f6ec-e006-419e-8274-08d844bcce58 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Aug 2020 03:54:57.8453 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Jsw6TNFfeRlZFB9dN7poGxw7xkXhJCwARWK4n9Vf+twzuWyV+XoIQ6s4ouP3xKnVrTIy1cr72hLUDdLA0iheQw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB3731 X-Rspamd-Queue-Id: 4BX9lS42MNz3Wf5 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=uoguelph.ca header.s=selector1 header.b=atnwHBzK; dmarc=none; spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates 2a01:111:f400:fe5d::62b as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca X-Spamd-Result: default: False [-4.12 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.002]; R_DKIM_ALLOW(-0.20)[uoguelph.ca:s=selector1]; FREEFALL_USER(0.00)[rmacklem]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a01:111:f400::/48]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[uoguelph.ca]; RCPT_COUNT_FIVE(0.00)[5]; DWL_DNSWL_LOW(-1.00)[uoguelph.ca:dkim]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[uoguelph.ca:+]; NEURAL_HAM_SHORT(-0.61)[-0.614]; FREEMAIL_TO(0.00)[imap.cc,FreeBSD.org,freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:8075, ipnet:2a01:111:f000::/36, country:US]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; MAILMAN_DEST(0.00)[svn-src-all,svn-src-head] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2020 03:55:01 -0000 Done, I guess? I had never ever heard of this until now, but. by inspection, it seems to want the kernel only MSG_xxx flags listed, so I added MSG_TLSAPPDATA. If this is not correct, please let me know what needs to be done, rick ________________________________________ From: Brandon Bergren Sent: Wednesday, August 19, 2020 9:14 PM To: Rick Macklem; src-committers@freebsd.org; svn-src-all@freebsd.org; svn-= src-head@freebsd.org Subject: Re: svn commit: r364409 - in head/sys: kern sys CAUTION: This email originated from outside of the University of Guelph. Do= not click links or open attachments unless you recognize the sender and kn= ow the content is safe. If in doubt, forward suspicious emails to IThelp@uo= guelph.ca This broke world build. Please update the blacklist in lib/sysdecode/mktables. On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote: > Author: rmacklem > Date: Wed Aug 19 23:42:33 2020 > New Revision: 364409 > URL: https://svnweb.freebsd.org/changeset/base/364409 > > Log: > Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-applicat= ion TLS > data records. > > The kernel RPC cannot process non-application data records when > using TLS. It must to an upcall to a userspace daemon that will > call SSL_read() to process them. > > This patch adds a new flag called MSG_TLSAPPDATA that the kernel > RPC can use to tell sorecieve() to return ENXIO instead of a non-applic= ation > data record, when that is what is at the top of the receive queue. > I put the code in #ifdef KERN_TLS/#endif, although it will build withou= t > that, so that it is recognized as only useful when KERN_TLS is enabled. > The alternative to doing this is to have the kernel RPC re-queue the > non-application data message after receiving it, but that seems more > complicated and might introduce message ordering issues when there > are multiple non-application data records one after another. > > I do not know what, if any, changes will be required to support TLS1.3. > > Reviewed by: glebius > Differential Revision: https://reviews.freebsd.org/D25923 > > Modified: > head/sys/kern/uipc_socket.c > head/sys/sys/socket.h > > Modified: head/sys/kern/uipc_socket.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020 (r3= 64408) > +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020 (r3= 64409) > @@ -2056,6 +2056,32 @@ dontblock: > if (m !=3D NULL && m->m_type =3D=3D MT_CONTROL) { > struct mbuf *cm =3D NULL, *cmn; > struct mbuf **cme =3D &cm; > +#ifdef KERN_TLS > + struct cmsghdr *cmsg; > + struct tls_get_record tgr; > + > + /* > + * For MSG_TLSAPPDATA, check for a non-application data > + * record. If found, return ENXIO without removing > + * it from the receive queue. This allows a subsequent > + * call without MSG_TLSAPPDATA to receive it. > + * Note that, for TLS, there should only be a single > + * control mbuf with the TLS_GET_RECORD message in it. > + */ > + if (flags & MSG_TLSAPPDATA) { > + cmsg =3D mtod(m, struct cmsghdr *); > + if (cmsg->cmsg_type =3D=3D TLS_GET_RECORD && > + cmsg->cmsg_len =3D=3D CMSG_LEN(sizeof(tgr))) { > + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr)); > + /* This will need to change for TLS 1.3. */ > + if (tgr.tls_type !=3D TLS_RLTYPE_APP) { > + SOCKBUF_UNLOCK(&so->so_rcv); > + error =3D ENXIO; > + goto release; > + } > + } > + } > +#endif > > do { > if (flags & MSG_PEEK) { > > Modified: head/sys/sys/socket.h > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020 (r364408) > +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020 (r364409) > @@ -468,6 +468,7 @@ struct msghdr { > #endif > #ifdef _KERNEL > #define MSG_MORETOCOME 0x00100000 /* additional data pending = */ > +#define MSG_TLSAPPDATA 0x00200000 /* only soreceive() app. da= ta (TLS) */ > #endif > > /* > -- Brandon Bergren bdragon@imap.cc