svn commit: r364409 - in head/sys: kern sys

Brandon Bergren bdragon at imap.cc
Thu Aug 20 01:14:40 UTC 2020 

This broke world build.

Please update the blacklist in lib/sysdecode/mktables.

On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote:
> Author: rmacklem
> Date: Wed Aug 19 23:42:33 2020
> New Revision: 364409
> URL: https://svnweb.freebsd.org/changeset/base/364409
> 
> Log:
>   Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application TLS
>   data records.
>   
>   The kernel RPC cannot process non-application data records when
>   using TLS. It must to an upcall to a userspace daemon that will
>   call SSL_read() to process them.
>   
>   This patch adds a new flag called MSG_TLSAPPDATA that the kernel
>   RPC can use to tell sorecieve() to return ENXIO instead of a non-application
>   data record, when that is what is at the top of the receive queue.
>   I put the code in #ifdef KERN_TLS/#endif, although it will build without
>   that, so that it is recognized as only useful when KERN_TLS is enabled.
>   The alternative to doing this is to have the kernel RPC re-queue the
>   non-application data message after receiving it, but that seems more
>   complicated and might introduce message ordering issues when there
>   are multiple non-application data records one after another.
>   
>   I do not know what, if any, changes will be required to support TLS1.3.
>   
>   Reviewed by:	glebius
>   Differential Revision:	https://reviews.freebsd.org/D25923
> 
> Modified:
>   head/sys/kern/uipc_socket.c
>   head/sys/sys/socket.h
> 
> Modified: head/sys/kern/uipc_socket.c
> ==============================================================================
> --- head/sys/kern/uipc_socket.c	Wed Aug 19 20:41:22 2020	(r364408)
> +++ head/sys/kern/uipc_socket.c	Wed Aug 19 23:42:33 2020	(r364409)
> @@ -2056,6 +2056,32 @@ dontblock:
>  	if (m != NULL && m->m_type == MT_CONTROL) {
>  		struct mbuf *cm = NULL, *cmn;
>  		struct mbuf **cme = &cm;
> +#ifdef KERN_TLS
> +		struct cmsghdr *cmsg;
> +		struct tls_get_record tgr;
> +
> +		/*
> +		 * For MSG_TLSAPPDATA, check for a non-application data
> +		 * record.  If found, return ENXIO without removing
> +		 * it from the receive queue.  This allows a subsequent
> +		 * call without MSG_TLSAPPDATA to receive it.
> +		 * Note that, for TLS, there should only be a single
> +		 * control mbuf with the TLS_GET_RECORD message in it.
> +		 */
> +		if (flags & MSG_TLSAPPDATA) {
> +			cmsg = mtod(m, struct cmsghdr *);
> +			if (cmsg->cmsg_type == TLS_GET_RECORD &&
> +			    cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
> +				memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
> +				/* This will need to change for TLS 1.3. */
> +				if (tgr.tls_type != TLS_RLTYPE_APP) {
> +					SOCKBUF_UNLOCK(&so->so_rcv);
> +					error = ENXIO;
> +					goto release;
> +				}
> +			}
> +		}
> +#endif
>  
>  		do {
>  			if (flags & MSG_PEEK) {
> 
> Modified: head/sys/sys/socket.h
> ==============================================================================
> --- head/sys/sys/socket.h	Wed Aug 19 20:41:22 2020	(r364408)
> +++ head/sys/sys/socket.h	Wed Aug 19 23:42:33 2020	(r364409)
> @@ -468,6 +468,7 @@ struct msghdr {
>  #endif
>  #ifdef _KERNEL
>  #define	MSG_MORETOCOME	 0x00100000	/* additional data pending */
> +#define	MSG_TLSAPPDATA	 0x00200000	/* only soreceive() app. data (TLS) */
>  #endif
>  
>  /*
>

-- 
  Brandon Bergren
  bdragon at imap.cc

More information about the svn-src-all mailing list