git: d16cb228c1a6 - main - ktls: Fix accounting for TLS 1.0 empty fragments.
John Baldwin
jhb at FreeBSD.org
Mon Aug 16 17:49:13 UTC 2021
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=d16cb228c1a62a9641ffb2f0bfcacc3bffec5db1
commit d16cb228c1a62a9641ffb2f0bfcacc3bffec5db1
Author: John Baldwin <jhb at FreeBSD.org>
AuthorDate: 2021-08-16 17:42:46 +0000
Commit: John Baldwin <jhb at FreeBSD.org>
CommitDate: 2021-08-16 17:42:46 +0000
ktls: Fix accounting for TLS 1.0 empty fragments.
TLS 1.0 empty fragment mbufs have no payload and thus m_epg_npgs is
zero. However, these mbufs need to occupy a "unit" of space for the
purposes of M_NOTREADY tracking similar to regular mbufs. Previously
this was done for the page count returned from ktls_frame() and passed
to ktls_enqueue() as well as the page count passed to pru_ready().
However, sbready() and mb_free_notready() only use m_epg_nrdy to
determine the number of "units" of space in an M_EXT mbuf, so when a
TLS 1.0 fragment was marked ready it would mark one unit of the next
mbuf in the socket buffer as ready as well. To fix, set m_epg_nrdy to
1 for empty fragments. This actually simplifies the code as now only
ktls_frame() has to handle TLS 1.0 fragments explicitly and the rest
of the KTLS functions can just use m_epg_nrdy.
Reviewed by: gallatin
MFC after: 2 weeks
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D31536
---
sys/kern/uipc_ktls.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index 79da902095b3..34b4b15153ce 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -1633,12 +1633,12 @@ ktls_frame(struct mbuf *top, struct ktls_session *tls, int *enq_cnt,
*/
if (tls->mode == TCP_TLS_MODE_SW) {
m->m_flags |= M_NOTREADY;
- m->m_epg_nrdy = m->m_epg_npgs;
if (__predict_false(tls_len == 0)) {
/* TLS 1.0 empty fragment. */
- *enq_cnt += 1;
+ m->m_epg_nrdy = 1;
} else
- *enq_cnt += m->m_epg_npgs;
+ m->m_epg_nrdy = m->m_epg_npgs;
+ *enq_cnt += m->m_epg_nrdy;
}
}
}
@@ -2181,11 +2181,7 @@ ktls_encrypt(struct ktls_wq *wq, struct mbuf *top)
break;
}
- if (__predict_false(m->m_epg_npgs == 0)) {
- /* TLS 1.0 empty fragment. */
- npages++;
- } else
- npages += m->m_epg_npgs;
+ npages += m->m_epg_nrdy;
/*
* Drop a reference to the session now that it is no
More information about the dev-commits-src-all
mailing list