git: aae23f64c28b - stable/13 - ktls: Fix accounting for TLS 1.0 empty fragments.

John Baldwin jhb at FreeBSD.org
Mon Aug 30 23:13:19 UTC 2021 

The branch stable/13 has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=aae23f64c28b6654e35de56c4a2e056162ce20e4

commit aae23f64c28b6654e35de56c4a2e056162ce20e4
Author:     John Baldwin <jhb at FreeBSD.org>
AuthorDate: 2021-08-16 17:42:46 +0000
Commit:     John Baldwin <jhb at FreeBSD.org>
CommitDate: 2021-08-30 22:13:37 +0000

    ktls: Fix accounting for TLS 1.0 empty fragments.
    
    TLS 1.0 empty fragment mbufs have no payload and thus m_epg_npgs is
    zero.  However, these mbufs need to occupy a "unit" of space for the
    purposes of M_NOTREADY tracking similar to regular mbufs.  Previously
    this was done for the page count returned from ktls_frame() and passed
    to ktls_enqueue() as well as the page count passed to pru_ready().
    
    However, sbready() and mb_free_notready() only use m_epg_nrdy to
    determine the number of "units" of space in an M_EXT mbuf, so when a
    TLS 1.0 fragment was marked ready it would mark one unit of the next
    mbuf in the socket buffer as ready as well.  To fix, set m_epg_nrdy to
    1 for empty fragments.  This actually simplifies the code as now only
    ktls_frame() has to handle TLS 1.0 fragments explicitly and the rest
    of the KTLS functions can just use m_epg_nrdy.
    
    Reviewed by:    gallatin
    Sponsored by:   Netflix
    Differential Revision:  https://reviews.freebsd.org/D31536
    
    (cherry picked from commit d16cb228c1a62a9641ffb2f0bfcacc3bffec5db1)
---
 sys/kern/uipc_ktls.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index 43870ab8bf4d..2605fb5b70b7 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -1579,12 +1579,12 @@ ktls_frame(struct mbuf *top, struct ktls_session *tls, int *enq_cnt,
 		 */
 		if (tls->mode == TCP_TLS_MODE_SW) {
 			m->m_flags |= M_NOTREADY;
-			m->m_epg_nrdy = m->m_epg_npgs;
 			if (__predict_false(tls_len == 0)) {
 				/* TLS 1.0 empty fragment. */
-				*enq_cnt += 1;
+				m->m_epg_nrdy = 1;
 			} else
-				*enq_cnt += m->m_epg_npgs;
+				m->m_epg_nrdy = m->m_epg_npgs;
+			*enq_cnt += m->m_epg_nrdy;
 		}
 	}
 }
@@ -2049,11 +2049,7 @@ retry_page:
 			dst_iov[i].iov_len = len;
 		}
 
-		if (__predict_false(m->m_epg_npgs == 0)) {
-			/* TLS 1.0 empty fragment. */
-			npages++;
-		} else
-			npages += i;
+		npages += m->m_epg_nrdy;
 
 		error = (*tls->sw_encrypt)(tls,
 		    (const struct tls_record_layer *)m->m_epg_hdr,

More information about the dev-commits-src-all mailing list