[net,0/5] tls: fixes for record type handling with PEEK

Message ID	cover.1708007371.git.sd@queasysnail.net (mailing list archive)
Headers	show Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC00A13472A; Thu, 15 Feb 2024 16:18:00 +0000 (UTC) From: Sabrina Dubroca <sd@queasysnail.net> To: netdev@vger.kernel.org Cc: Sabrina Dubroca <sd@queasysnail.net>, Boris Pismenny <borisp@nvidia.com>, John Fastabend <john.fastabend@gmail.com>, Jakub Kicinski <kuba@kernel.org>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Paolo Abeni <pabeni@redhat.com>, Shuah Khan <shuah@kernel.org>, Vakul Garg <vakul.garg@nxp.com>, linux-kselftest@vger.kernel.org Subject: [PATCH net 0/5] tls: fixes for record type handling with PEEK Date: Thu, 15 Feb 2024 17:17:28 +0100 Message-ID: <cover.1708007371.git.sd@queasysnail.net> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	tls: fixes for record type handling with PEEK \| expand [net,0/5] tls: fixes for record type handling with PEEK [net,1/5] tls: break out of main loop when PEEK gets a non-data record [net,2/5] tls: stop recv() if initial process_rx_list gave us non-DATA [net,3/5] tls: don't skip over different type records from the rx_list [net,4/5] selftests: tls: add test for merging of same-type control messages [net,5/5] selftests: tls: add test for peeking past a record of a different type

Message ID

cover.1708007371.git.sd@queasysnail.net (mailing list archive)

Headers

From: Sabrina Dubroca <sd@queasysnail.net>
To: netdev@vger.kernel.org
Cc: Sabrina Dubroca <sd@queasysnail.net>,
	Boris Pismenny <borisp@nvidia.com>,
	John Fastabend <john.fastabend@gmail.com>,
	Jakub Kicinski <kuba@kernel.org>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Paolo Abeni <pabeni@redhat.com>,
	Shuah Khan <shuah@kernel.org>,
	Vakul Garg <vakul.garg@nxp.com>,
	linux-kselftest@vger.kernel.org
Subject: [PATCH net 0/5] tls: fixes for record type handling with PEEK
Date: Thu, 15 Feb 2024 17:17:28 +0100
Message-ID: <cover.1708007371.git.sd@queasysnail.net>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

tls: fixes for record type handling with PEEK | expand

Message

Sabrina Dubroca Feb. 15, 2024, 4:17 p.m. UTC

There are multiple bugs in tls_sw_recvmsg's handling of record types
when MSG_PEEK flag is used, which can lead to incorrectly merging two
records:
 - consecutive non-DATA records shouldn't be merged, even if they're
   the same type (partly handled by the test at the end of the main
   loop)
 - records of the same type (even DATA) shouldn't be merged if one
   record of a different type comes in between

Sabrina Dubroca (5):
  tls: break out of main loop when PEEK gets a non-data record
  tls: stop recv() if initial process_rx_list gave us non-DATA
  tls: don't skip over different type records from the rx_list
  selftests: tls: add test for merging of same-type control messages
  selftests: tls: add test for peeking past a record of a different type

 net/tls/tls_sw.c                  | 24 +++++++++++------
 tools/testing/selftests/net/tls.c | 45 +++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+), 8 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org Feb. 21, 2024, 10:30 p.m. UTC | #1

Hello:

This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Thu, 15 Feb 2024 17:17:28 +0100 you wrote:
> There are multiple bugs in tls_sw_recvmsg's handling of record types
> when MSG_PEEK flag is used, which can lead to incorrectly merging two
> records:
>  - consecutive non-DATA records shouldn't be merged, even if they're
>    the same type (partly handled by the test at the end of the main
>    loop)
>  - records of the same type (even DATA) shouldn't be merged if one
>    record of a different type comes in between
> 
> [...]

Here is the summary with links:
  - [net,1/5] tls: break out of main loop when PEEK gets a non-data record
    https://git.kernel.org/netdev/net/c/10f41d0710fc
  - [net,2/5] tls: stop recv() if initial process_rx_list gave us non-DATA
    https://git.kernel.org/netdev/net/c/fdfbaec5923d
  - [net,3/5] tls: don't skip over different type records from the rx_list
    https://git.kernel.org/netdev/net/c/ec823bf3a479
  - [net,4/5] selftests: tls: add test for merging of same-type control messages
    https://git.kernel.org/netdev/net/c/7b2a4c2a623a
  - [net,5/5] selftests: tls: add test for peeking past a record of a different type
    https://git.kernel.org/netdev/net/c/2bf6172632e1

You are awesome, thank you!