git: aae23f64c28b - stable/13 - ktls: Fix accounting for TLS 1.0 empty fragments.
John Baldwin
jhb at FreeBSD.org
Mon Aug 30 23:13:19 UTC 2021
The branch stable/13 has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=aae23f64c28b6654e35de56c4a2e056162ce20e4
commit aae23f64c28b6654e35de56c4a2e056162ce20e4
Author: John Baldwin <jhb at FreeBSD.org>
AuthorDate: 2021-08-16 17:42:46 +0000
Commit: John Baldwin <jhb at FreeBSD.org>
CommitDate: 2021-08-30 22:13:37 +0000
ktls: Fix accounting for TLS 1.0 empty fragments.
TLS 1.0 empty fragment mbufs have no payload and thus m_epg_npgs is
zero. However, these mbufs need to occupy a "unit" of space for the
purposes of M_NOTREADY tracking similar to regular mbufs. Previously
this was done for the page count returned from ktls_frame() and passed
to ktls_enqueue() as well as the page count passed to pru_ready().
However, sbready() and mb_free_notready() only use m_epg_nrdy to
determine the number of "units" of space in an M_EXT mbuf, so when a
TLS 1.0 fragment was marked ready it would mark one unit of the next
mbuf in the socket buffer as ready as well. To fix, set m_epg_nrdy to
1 for empty fragments. This actually simplifies the code as now only
ktls_frame() has to handle TLS 1.0 fragments explicitly and the rest
of the KTLS functions can just use m_epg_nrdy.
Reviewed by: gallatin
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D31536
(cherry picked from commit d16cb228c1a62a9641ffb2f0bfcacc3bffec5db1)
---
sys/kern/uipc_ktls.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index 43870ab8bf4d..2605fb5b70b7 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -1579,12 +1579,12 @@ ktls_frame(struct mbuf *top, struct ktls_session *tls, int *enq_cnt,
*/
if (tls->mode == TCP_TLS_MODE_SW) {
m->m_flags |= M_NOTREADY;
- m->m_epg_nrdy = m->m_epg_npgs;
if (__predict_false(tls_len == 0)) {
/* TLS 1.0 empty fragment. */
- *enq_cnt += 1;
+ m->m_epg_nrdy = 1;
} else
- *enq_cnt += m->m_epg_npgs;
+ m->m_epg_nrdy = m->m_epg_npgs;
+ *enq_cnt += m->m_epg_nrdy;
}
}
}
@@ -2049,11 +2049,7 @@ retry_page:
dst_iov[i].iov_len = len;
}
- if (__predict_false(m->m_epg_npgs == 0)) {
- /* TLS 1.0 empty fragment. */
- npages++;
- } else
- npages += i;
+ npages += m->m_epg_nrdy;
error = (*tls->sw_encrypt)(tls,
(const struct tls_record_layer *)m->m_epg_hdr,
More information about the dev-commits-src-all
mailing list