Commit 5ef7f6b3 authored by David S. Miller's avatar David S. Miller

Merge branch 'tls-splice-hint-fixes'

John Fastabend says:

====================
tls fixes for SPLICE with more hint

Syzbot found a splat where it tried to splice data over a tls socket
with the more hint and sending greater than the number of frags that
fit in a msg scatterlist. This resulted in an error where we do not
correctly send the data when the msg sg is full. The more flag being
just a hint not a strict contract. This then results in the syzbot
warning on the next send.

Edward generated an initial patch for this which checked for a full
msg on entry to the sendmsg hook.  This fixed the WARNING, but didn't
fully resolve the issue because the full msg_pl scatterlist was never
sent resulting in a stuck socket. In this series instead avoid the
situation by forcing the send on the splice that fills the scatterlist.

Also in original thread I mentioned it didn't seem to be enough to
simply fix the send on full sg problem. That was incorrect and was
really a bug in my test program that was hanging the test program.
I had setup a repair socket and wasn't handling it correctly so my
tester got stuck.

Thanks. Please review. Fix in patch 1 and test in patch 2.

v2: use SPLICE_F_ flag names instead of cryptic 0xe
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 894d7508 034ea130
...@@ -1052,7 +1052,11 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg, ...@@ -1052,7 +1052,11 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
if (ret < 0) if (ret < 0)
goto send_end; goto send_end;
tls_ctx->pending_open_record_frags = true; tls_ctx->pending_open_record_frags = true;
if (full_record || eor || sk_msg_full(msg_pl))
if (sk_msg_full(msg_pl))
full_record = true;
if (full_record || eor)
goto copied; goto copied;
continue; continue;
} }
......
...@@ -707,6 +707,20 @@ TEST_F(tls, splice_from_pipe) ...@@ -707,6 +707,20 @@ TEST_F(tls, splice_from_pipe)
EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0); EXPECT_EQ(memcmp(mem_send, mem_recv, send_len), 0);
} }
TEST_F(tls, splice_more)
{
unsigned int f = SPLICE_F_NONBLOCK | SPLICE_F_MORE | SPLICE_F_GIFT;
int send_len = TLS_PAYLOAD_MAX_LEN;
char mem_send[TLS_PAYLOAD_MAX_LEN];
int i, send_pipe = 1;
int p[2];
ASSERT_GE(pipe(p), 0);
EXPECT_GE(write(p[1], mem_send, send_len), 0);
for (i = 0; i < 32; i++)
EXPECT_EQ(splice(p[0], NULL, self->fd, NULL, send_pipe, f), 1);
}
TEST_F(tls, splice_from_pipe2) TEST_F(tls, splice_from_pipe2)
{ {
int send_len = 16000; int send_len = 16000;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment