From patchwork Sat Feb 23 08:42:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vakul Garg X-Patchwork-Id: 1047321 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=nxp.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=nxp.com header.i=@nxp.com header.b="KCPoVeyE"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 4461tX70x7z9sCH for ; Sat, 23 Feb 2019 19:42:44 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726247AbfBWImm (ORCPT ); Sat, 23 Feb 2019 03:42:42 -0500 Received: from mail-eopbgr140048.outbound.protection.outlook.com ([40.107.14.48]:49829 "EHLO EUR01-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726043AbfBWImm (ORCPT ); Sat, 23 Feb 2019 03:42:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Dau2HpzeOws5tFpYueN4+13AC+mEZ9A2aWPkUfzJ8bk=; b=KCPoVeyE2fz5F8fhX2M/yRYacAtK4SAzi5yqeL5T05H5Sa20hXG97+D4s+ZjLJZSrpv6vfPuNfTZhVF9Q7deSr16Mlnj6ywQk2CP3rxV9Ni/IfYk5PiAMByc8ZxBVuD29VYJHB8HLb2kHRcDEiGfPrT/wux0gsVrkANxQUca3Gk= Received: from DB7PR04MB4252.eurprd04.prod.outlook.com (52.135.131.26) by DB7PR04MB4251.eurprd04.prod.outlook.com (52.135.131.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.14; Sat, 23 Feb 2019 08:42:37 +0000 Received: from DB7PR04MB4252.eurprd04.prod.outlook.com ([fe80::579:53a:ce74:16d7]) by DB7PR04MB4252.eurprd04.prod.outlook.com ([fe80::579:53a:ce74:16d7%3]) with mapi id 15.20.1601.026; Sat, 23 Feb 2019 08:42:37 +0000 From: Vakul Garg To: "netdev@vger.kernel.org" CC: "borisp@mellanox.com" , "aviadye@mellanox.com" , "davejwatson@fb.com" , "davem@davemloft.net" , "doronrk@fb.com" , Vakul Garg Subject: [PATCHv3 net-next] tls: Return type of non-data records retrieved using MSG_PEEK in recvmsg Thread-Topic: [PATCHv3 net-next] tls: Return type of non-data records retrieved using MSG_PEEK in recvmsg Thread-Index: AQHUy1O6icfWy+mBQUaR24DuidDpEw== Date: Sat, 23 Feb 2019 08:42:37 +0000 Message-ID: <20190223084010.17021-1-vakul.garg@nxp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BM1PR01CA0084.INDPRD01.PROD.OUTLOOK.COM (2603:1096:b00:1::24) To DB7PR04MB4252.eurprd04.prod.outlook.com (2603:10a6:5:27::26) authentication-results: spf=none (sender IP is ) smtp.mailfrom=vakul.garg@nxp.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.13.6 x-originating-ip: [92.120.1.70] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6035ff80-09f9-4ab9-1d56-08d6996adce3 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605104)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB7PR04MB4251; x-ms-traffictypediagnostic: DB7PR04MB4251: x-microsoft-exchange-diagnostics: =?iso-8859-1?q?1=3BDB7PR04MB4251=3B23?= =?iso-8859-1?q?=3ATZgEgOPbA9M9gytOwaNhlqHF7Ls93qEUqBpjI0vKBH4Ko296?= =?iso-8859-1?q?AqzaROGTvhw28rRvOHbHA0S4nP7SGu6Shkxt38I1PUDYSeRS705?= =?iso-8859-1?q?8/DNuUndpcLIOi3F7QRK2Ikq2izK0v3MkL6o3XdZcLbVvammeET?= =?iso-8859-1?q?4JX63mMbyHzwXel65w0C9lGBR3ItmxgNT4s1nDbyGvOiLo3Ds/K?= =?iso-8859-1?q?WT/1sc25T2EQzphNDuSJKKom+C2tG48Kar4A+1VlT788C79bE65?= =?iso-8859-1?q?iC5iZez2wWMPu26sXn16Ua41ONhwCnL1IvnZMAT7ITeCgp5KKzR?= =?iso-8859-1?q?cS67Cwi/bHe4noD68h/owwDdMeJu9Enthw9rtjXFcusRDQL3c/l?= =?iso-8859-1?q?7DlsuNhESj68AdryKBZrkH1oUKBQ5qr26djCE7DDRRPveLss20M?= =?iso-8859-1?q?MhbEEqMJRo0LFQi4uXMdC6fhn/i8nRSGibeqSTW/vod+SmEN+CA?= =?iso-8859-1?q?+I/nHjVAdx1oGOtyWzq4jYX2Mgfiwd9EU4ZO/j9pUXj4eio8v9k?= =?iso-8859-1?q?gy6/Y3ziOVKN0BkKEOz4vy1tGKTSjaZmM2FBWXjvG2su3lp6ydo?= =?iso-8859-1?q?12APGM6ftJg0ryJC0fkvZlYp6ioQ7zUirq2+7Yob1ZA8lYxfMrI?= =?iso-8859-1?q?Cihm+eMYASl7bQ1+gf+nByufHsrplRGROMWacPXsx1buGQ0F0k9?= =?iso-8859-1?q?V69SsYScYSNErNyP+yTjldAPW2QSubfiWwdeCCBlv00+vFmR2It?= =?iso-8859-1?q?DVTHZTsMaJfqSBNf26OiGQov6pPJyxc0d9cfzJDZ38YitGVFpB/?= =?iso-8859-1?q?VGNB+BDqtETaGPz9SJEbHHEosWXyjH1MAcvKZN/2FfUNsLR8Gwn?= =?iso-8859-1?q?Ux2KA43dEh3Xvfz+alSwJifCyfhsmhxiUYXSngxXuiuw1IrEOQI?= =?iso-8859-1?q?KDNl7pMY09ua2uq+IPIFDagO5qa5dZjWSBw9OthZKjxmAhjLUDE?= =?iso-8859-1?q?bcHwsW46UD9IJWd+aikghYMAW1dJJE4T80ZtYjPEyQJ3FK9B4xa?= =?iso-8859-1?q?0yEcan6fAIt1a7ocAGjKAaq+Ah1AuNCZMU4mx8dDTtvmPJX1ryh?= =?iso-8859-1?q?zv3F9MsTLlWe6D5C6n8kOBEvLV7D/zmpJ3BM/SgiddDf7Ipl1PP?= =?iso-8859-1?q?sGN1QZBUCf6mfQlwLCp8+1h/d/DSyyzANjs0i7NlarXw5OivOSj?= =?iso-8859-1?q?3aCT8JpBuBv25uK3kVWa9zdQpUvRnQ7cRD7g2CVMJxBx+eCpOsz?= =?iso-8859-1?q?mSmt9n3WVbyNhWG9+02lkKviIS5LvZzQnceVHV3UYzHmEV7Qt5l?= =?iso-8859-1?q?7xvdNenl0KdilcI2hgPu4wgxV4PHvXUf20ErlHoDgR8Cd/5a0Jt?= =?iso-8859-1?q?soCRSDIG?= x-microsoft-antispam-prvs: x-forefront-prvs: 0957AD37A0 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(366004)(346002)(396003)(39860400002)(136003)(199004)(189003)(86362001)(52116002)(8676002)(36756003)(7736002)(1730700003)(97736004)(68736007)(4326008)(6486002)(2906002)(14444005)(305945005)(486006)(256004)(81156014)(81166006)(2501003)(2616005)(476003)(105586002)(5660300002)(8936002)(106356001)(50226002)(6506007)(102836004)(44832011)(5640700003)(1076003)(2351001)(99286004)(25786009)(71190400001)(478600001)(54906003)(386003)(316002)(3846002)(6436002)(6916009)(71200400001)(6116002)(14454004)(186003)(6512007)(66066001)(53936002)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR04MB4251; H:DB7PR04MB4252.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: OjOWKExzaj5AA3KXPhUzTif3656lztvO5ivuspbYCuj253foXOi0Hmy4tz1yk+fsF/9MZqa/EqprB/CU/LUhH/3tYrpwr0t5WkPM5PAYcMeY3fJxJ9w/BxiubGPip/E5Myu4TDzDYRrnaXm/gRg8CVoOYjXZZEHPpa9TPYnpd/mlcbtuaE9vSMWQ99PnoC6wAj5Itluw4lvI1wgqo8QKCZypv23t9hnniv+AQfO/ybZfmU6sqty3wO9q6RUw5MjqJvs/Qg5AIC//lFOlSi97+BpgLb11TdoGeslNgSd7MGgZzLqKs4UV47CeFuZtq1LkuQ+XTAV/4MfxeLMneg4SKrNN+s82OB1aqCMi8h/epilV+IjOG4vbciTh/6OwAjSBOCQTbsvg/6QnifAt5TwW8Ou6gMyqPMmPaMUsKLSe2V8= MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6035ff80-09f9-4ab9-1d56-08d6996adce3 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2019 08:42:35.6938 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR04MB4251 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The patch enables returning 'type' in msghdr for records that are retrieved with MSG_PEEK in recvmsg. Further it prevents records peeked from socket from getting clubbed with any other record of different type when records are subsequently dequeued from strparser. For each record, we now retain its type in sk_buff's control buffer cb[]. Inside control buffer, record's full length and offset are already stored by strparser in 'struct strp_msg'. We store record type after 'struct strp_msg' inside 'struct tls_msg'. For tls1.2, the type is stored just after record dequeue. For tls1.3, the type is stored after record has been decrypted. Inside process_rx_list(), before processing a non-data record, we check that we must be able to return back the record type to the user application. If not, the decrypted records in tls context's rx_list is left there without consuming any data. Fixes: 692d7b5d1f912 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Vakul Garg --- Changes in v2: - Modified 'Fixed:' line to use full commit header line. Changes in v3: - Added a missing ' " ' in Fixed: line. include/net/tls.h | 10 +++++++ net/tls/tls_sw.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 77 insertions(+), 11 deletions(-) diff --git a/include/net/tls.h b/include/net/tls.h index a8b37226a287..9f4117ae2297 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -129,6 +129,11 @@ struct tls_rec { u8 aead_req_ctx[]; }; +struct tls_msg { + struct strp_msg rxm; + u8 control; +}; + struct tx_work { struct delayed_work work; struct sock *sk; @@ -333,6 +338,11 @@ int tls_push_partial_record(struct sock *sk, struct tls_context *ctx, int tls_push_pending_closed_record(struct sock *sk, struct tls_context *ctx, int flags, long *timeo); +static inline struct tls_msg *tls_msg(struct sk_buff *skb) +{ + return (struct tls_msg *)strp_msg(skb); +} + static inline bool tls_is_pending_closed_record(struct tls_context *ctx) { return test_bit(TLS_PENDING_CLOSED_RECORD, &ctx->flags); diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 71be8acfbc9b..1cc830582fa8 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1530,22 +1530,38 @@ static bool tls_sw_advance_skb(struct sock *sk, struct sk_buff *skb, } /* This function traverses the rx_list in tls receive context to copies the - * decrypted data records into the buffer provided by caller zero copy is not + * decrypted records into the buffer provided by caller zero copy is not * true. Further, the records are removed from the rx_list if it is not a peek * case and the record has been consumed completely. */ static int process_rx_list(struct tls_sw_context_rx *ctx, struct msghdr *msg, + u8 *control, + bool *cmsg, size_t skip, size_t len, bool zc, bool is_peek) { struct sk_buff *skb = skb_peek(&ctx->rx_list); + u8 ctrl = *control; + u8 msgc = *cmsg; + struct tls_msg *tlm; ssize_t copied = 0; + /* Set the record type in 'control' if caller didn't pass it */ + if (!ctrl && skb) { + tlm = tls_msg(skb); + ctrl = tlm->control; + } + while (skip && skb) { struct strp_msg *rxm = strp_msg(skb); + tlm = tls_msg(skb); + + /* Cannot process a record of different type */ + if (ctrl != tlm->control) + return 0; if (skip < rxm->full_len) break; @@ -1559,6 +1575,27 @@ static int process_rx_list(struct tls_sw_context_rx *ctx, struct strp_msg *rxm = strp_msg(skb); int chunk = min_t(unsigned int, rxm->full_len - skip, len); + tlm = tls_msg(skb); + + /* Cannot process a record of different type */ + if (ctrl != tlm->control) + return 0; + + /* Set record type if not already done. For a non-data record, + * do not proceed if record type could not be copied. + */ + if (!msgc) { + int cerr = put_cmsg(msg, SOL_TLS, TLS_GET_RECORD_TYPE, + sizeof(ctrl), &ctrl); + msgc = true; + if (ctrl != TLS_RECORD_TYPE_DATA) { + if (cerr || msg->msg_flags & MSG_CTRUNC) + return -EIO; + + *cmsg = msgc; + } + } + if (!zc || (rxm->full_len - skip) > len) { int err = skb_copy_datagram_msg(skb, rxm->offset + skip, msg, chunk); @@ -1597,6 +1634,7 @@ static int process_rx_list(struct tls_sw_context_rx *ctx, skb = next_skb; } + *control = ctrl; return copied; } @@ -1614,6 +1652,7 @@ int tls_sw_recvmsg(struct sock *sk, unsigned char control = 0; ssize_t decrypted = 0; struct strp_msg *rxm; + struct tls_msg *tlm; struct sk_buff *skb; ssize_t copied = 0; bool cmsg = false; @@ -1632,7 +1671,8 @@ int tls_sw_recvmsg(struct sock *sk, lock_sock(sk); /* Process pending decrypted records. It must be non-zero-copy */ - err = process_rx_list(ctx, msg, 0, len, false, is_peek); + err = process_rx_list(ctx, msg, &control, &cmsg, 0, len, false, + is_peek); if (err < 0) { tls_err_abort(sk, err); goto end; @@ -1668,6 +1708,12 @@ int tls_sw_recvmsg(struct sock *sk, } } goto recv_end; + } else { + tlm = tls_msg(skb); + if (prot->version == TLS_1_3_VERSION) + tlm->control = 0; + else + tlm->control = ctx->control; } rxm = strp_msg(skb); @@ -1694,22 +1740,34 @@ int tls_sw_recvmsg(struct sock *sk, if (err == -EINPROGRESS) num_async++; + else if (prot->version == TLS_1_3_VERSION) + tlm->control = ctx->control; + + /* If the type of records being processed is not known yet, + * set it to record type just dequeued. If it is already known, + * but does not match the record type just dequeued, go to end. + * We always get record type here since for tls1.2, record type + * is known just after record is dequeued from stream parser. + * For tls1.3, we disable async. + */ + + if (!control) + control = tlm->control; + else if (control != tlm->control) + goto recv_end; if (!cmsg) { int cerr; cerr = put_cmsg(msg, SOL_TLS, TLS_GET_RECORD_TYPE, - sizeof(ctx->control), &ctx->control); + sizeof(control), &control); cmsg = true; - control = ctx->control; - if (ctx->control != TLS_RECORD_TYPE_DATA) { + if (control != TLS_RECORD_TYPE_DATA) { if (cerr || msg->msg_flags & MSG_CTRUNC) { err = -EIO; goto recv_end; } } - } else if (control != ctx->control) { - goto recv_end; } if (async) @@ -1784,18 +1842,16 @@ int tls_sw_recvmsg(struct sock *sk, /* Drain records from the rx_list & copy if required */ if (is_peek || is_kvec) - err = process_rx_list(ctx, msg, copied, + err = process_rx_list(ctx, msg, &control, &cmsg, copied, decrypted, false, is_peek); else - err = process_rx_list(ctx, msg, 0, + err = process_rx_list(ctx, msg, &control, &cmsg, 0, decrypted, true, is_peek); if (err < 0) { tls_err_abort(sk, err); copied = 0; goto end; } - - WARN_ON(decrypted != err); } copied += decrypted;