summaryrefslogtreecommitdiffstats
path: root/net/tls
diff options
context:
space:
mode:
authorHannes Reinecke <hare@suse.de>2023-08-07 09:10:22 +0200
committerJakub Kicinski <kuba@kernel.org>2023-08-08 15:53:49 -0700
commitba4a734e1aa073b06412fc80ad81b54c4644d093 (patch)
treeef3e519258fc15b5e1280de3fa7ed083f543d592 /net/tls
parent794529c448008d8bc24d6e06c7528b7dbec99dfd (diff)
downloadlinux-ba4a734e1aa073b06412fc80ad81b54c4644d093.tar.gz
linux-ba4a734e1aa073b06412fc80ad81b54c4644d093.tar.bz2
linux-ba4a734e1aa073b06412fc80ad81b54c4644d093.zip
net/tls: avoid TCP window full during ->read_sock()
When flushing the backlog after decoding a record we don't really know how much data the caller want us to evaluate, so use INT_MAX and 0 as arguments to tls_read_flush_backlog() to ensure we flush at 128k of data. Otherwise we might be reading too much data and trigger a TCP window full. Suggested-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Hannes Reinecke <hare@suse.de> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Link: https://lore.kernel.org/r/20230807071022.10091-1-hare@suse.de Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/tls')
-rw-r--r--net/tls/tls_sw.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 9c1f13541708..5c122d7bb784 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2240,7 +2240,6 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
tlm = tls_msg(skb);
} else {
struct tls_decrypt_arg darg;
- int to_decrypt;
err = tls_rx_rec_wait(sk, NULL, true, released);
if (err <= 0)
@@ -2248,20 +2247,18 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
memset(&darg.inargs, 0, sizeof(darg.inargs));
- rxm = strp_msg(tls_strp_msg(ctx));
- tlm = tls_msg(tls_strp_msg(ctx));
-
- to_decrypt = rxm->full_len - prot->overhead_size;
-
err = tls_rx_one_record(sk, NULL, &darg);
if (err < 0) {
tls_err_abort(sk, -EBADMSG);
goto read_sock_end;
}
- released = tls_read_flush_backlog(sk, prot, rxm->full_len, to_decrypt,
- decrypted, &flushed_at);
+ released = tls_read_flush_backlog(sk, prot, INT_MAX,
+ 0, decrypted,
+ &flushed_at);
skb = darg.skb;
+ rxm = strp_msg(skb);
+ tlm = tls_msg(skb);
decrypted += rxm->full_len;
tls_rx_rec_done(ctx);