svn commit: r364409 - in head/sys: kern sys
Rick Macklem
rmacklem at uoguelph.ca
Thu Aug 20 03:55:01 UTC 2020
Done, I guess?
I had never ever heard of this until now, but. by inspection,
it seems to want the kernel only MSG_xxx flags listed, so
I added MSG_TLSAPPDATA.
If this is not correct, please let me know what needs to be done, rick
________________________________________
From: Brandon Bergren <bdragon at imap.cc>
Sent: Wednesday, August 19, 2020 9:14 PM
To: Rick Macklem; src-committers at freebsd.org; svn-src-all at freebsd.org; svn-src-head at freebsd.org
Subject: Re: svn commit: r364409 - in head/sys: kern sys
CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp at uoguelph.ca
This broke world build.
Please update the blacklist in lib/sysdecode/mktables.
On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote:
> Author: rmacklem
> Date: Wed Aug 19 23:42:33 2020
> New Revision: 364409
> URL: https://svnweb.freebsd.org/changeset/base/364409
>
> Log:
> Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application TLS
> data records.
>
> The kernel RPC cannot process non-application data records when
> using TLS. It must to an upcall to a userspace daemon that will
> call SSL_read() to process them.
>
> This patch adds a new flag called MSG_TLSAPPDATA that the kernel
> RPC can use to tell sorecieve() to return ENXIO instead of a non-application
> data record, when that is what is at the top of the receive queue.
> I put the code in #ifdef KERN_TLS/#endif, although it will build without
> that, so that it is recognized as only useful when KERN_TLS is enabled.
> The alternative to doing this is to have the kernel RPC re-queue the
> non-application data message after receiving it, but that seems more
> complicated and might introduce message ordering issues when there
> are multiple non-application data records one after another.
>
> I do not know what, if any, changes will be required to support TLS1.3.
>
> Reviewed by: glebius
> Differential Revision: https://reviews.freebsd.org/D25923
>
> Modified:
> head/sys/kern/uipc_socket.c
> head/sys/sys/socket.h
>
> Modified: head/sys/kern/uipc_socket.c
> ==============================================================================
> --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020 (r364408)
> +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020 (r364409)
> @@ -2056,6 +2056,32 @@ dontblock:
> if (m != NULL && m->m_type == MT_CONTROL) {
> struct mbuf *cm = NULL, *cmn;
> struct mbuf **cme = &cm;
> +#ifdef KERN_TLS
> + struct cmsghdr *cmsg;
> + struct tls_get_record tgr;
> +
> + /*
> + * For MSG_TLSAPPDATA, check for a non-application data
> + * record. If found, return ENXIO without removing
> + * it from the receive queue. This allows a subsequent
> + * call without MSG_TLSAPPDATA to receive it.
> + * Note that, for TLS, there should only be a single
> + * control mbuf with the TLS_GET_RECORD message in it.
> + */
> + if (flags & MSG_TLSAPPDATA) {
> + cmsg = mtod(m, struct cmsghdr *);
> + if (cmsg->cmsg_type == TLS_GET_RECORD &&
> + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
> + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
> + /* This will need to change for TLS 1.3. */
> + if (tgr.tls_type != TLS_RLTYPE_APP) {
> + SOCKBUF_UNLOCK(&so->so_rcv);
> + error = ENXIO;
> + goto release;
> + }
> + }
> + }
> +#endif
>
> do {
> if (flags & MSG_PEEK) {
>
> Modified: head/sys/sys/socket.h
> ==============================================================================
> --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020 (r364408)
> +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020 (r364409)
> @@ -468,6 +468,7 @@ struct msghdr {
> #endif
> #ifdef _KERNEL
> #define MSG_MORETOCOME 0x00100000 /* additional data pending */
> +#define MSG_TLSAPPDATA 0x00200000 /* only soreceive() app. data (TLS) */
> #endif
>
> /*
>
--
Brandon Bergren
bdragon at imap.cc
More information about the svn-src-all
mailing list