Date: Mon, 30 Aug 2021 23:13:18 GMT From: John Baldwin <jhb@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: aae23f64c28b - stable/13 - ktls: Fix accounting for TLS 1.0 empty fragments. Message-ID: <202108302313.17UNDIFV076625@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=aae23f64c28b6654e35de56c4a2e056162ce20e4 commit aae23f64c28b6654e35de56c4a2e056162ce20e4 Author: John Baldwin <jhb@FreeBSD.org> AuthorDate: 2021-08-16 17:42:46 +0000 Commit: John Baldwin <jhb@FreeBSD.org> CommitDate: 2021-08-30 22:13:37 +0000 ktls: Fix accounting for TLS 1.0 empty fragments. TLS 1.0 empty fragment mbufs have no payload and thus m_epg_npgs is zero. However, these mbufs need to occupy a "unit" of space for the purposes of M_NOTREADY tracking similar to regular mbufs. Previously this was done for the page count returned from ktls_frame() and passed to ktls_enqueue() as well as the page count passed to pru_ready(). However, sbready() and mb_free_notready() only use m_epg_nrdy to determine the number of "units" of space in an M_EXT mbuf, so when a TLS 1.0 fragment was marked ready it would mark one unit of the next mbuf in the socket buffer as ready as well. To fix, set m_epg_nrdy to 1 for empty fragments. This actually simplifies the code as now only ktls_frame() has to handle TLS 1.0 fragments explicitly and the rest of the KTLS functions can just use m_epg_nrdy. Reviewed by: gallatin Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D31536 (cherry picked from commit d16cb228c1a62a9641ffb2f0bfcacc3bffec5db1) --- sys/kern/uipc_ktls.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index 43870ab8bf4d..2605fb5b70b7 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -1579,12 +1579,12 @@ ktls_frame(struct mbuf *top, struct ktls_session *tls, int *enq_cnt, */ if (tls->mode == TCP_TLS_MODE_SW) { m->m_flags |= M_NOTREADY; - m->m_epg_nrdy = m->m_epg_npgs; if (__predict_false(tls_len == 0)) { /* TLS 1.0 empty fragment. */ - *enq_cnt += 1; + m->m_epg_nrdy = 1; } else - *enq_cnt += m->m_epg_npgs; + m->m_epg_nrdy = m->m_epg_npgs; + *enq_cnt += m->m_epg_nrdy; } } } @@ -2049,11 +2049,7 @@ retry_page: dst_iov[i].iov_len = len; } - if (__predict_false(m->m_epg_npgs == 0)) { - /* TLS 1.0 empty fragment. */ - npages++; - } else - npages += i; + npages += m->m_epg_nrdy; error = (*tls->sw_encrypt)(tls, (const struct tls_record_layer *)m->m_epg_hdr,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108302313.17UNDIFV076625>