The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=d16cb228c1a62a9641ffb2f0bfcacc3bffec5db1
commit d16cb228c1a62a9641ffb2f0bfcacc3bffec5db1 Author: John Baldwin <[email protected]> AuthorDate: 2021-08-16 17:42:46 +0000 Commit: John Baldwin <[email protected]> CommitDate: 2021-08-16 17:42:46 +0000 ktls: Fix accounting for TLS 1.0 empty fragments. TLS 1.0 empty fragment mbufs have no payload and thus m_epg_npgs is zero. However, these mbufs need to occupy a "unit" of space for the purposes of M_NOTREADY tracking similar to regular mbufs. Previously this was done for the page count returned from ktls_frame() and passed to ktls_enqueue() as well as the page count passed to pru_ready(). However, sbready() and mb_free_notready() only use m_epg_nrdy to determine the number of "units" of space in an M_EXT mbuf, so when a TLS 1.0 fragment was marked ready it would mark one unit of the next mbuf in the socket buffer as ready as well. To fix, set m_epg_nrdy to 1 for empty fragments. This actually simplifies the code as now only ktls_frame() has to handle TLS 1.0 fragments explicitly and the rest of the KTLS functions can just use m_epg_nrdy. Reviewed by: gallatin MFC after: 2 weeks Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D31536 --- sys/kern/uipc_ktls.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index 79da902095b3..34b4b15153ce 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -1633,12 +1633,12 @@ ktls_frame(struct mbuf *top, struct ktls_session *tls, int *enq_cnt, */ if (tls->mode == TCP_TLS_MODE_SW) { m->m_flags |= M_NOTREADY; - m->m_epg_nrdy = m->m_epg_npgs; if (__predict_false(tls_len == 0)) { /* TLS 1.0 empty fragment. */ - *enq_cnt += 1; + m->m_epg_nrdy = 1; } else - *enq_cnt += m->m_epg_npgs; + m->m_epg_nrdy = m->m_epg_npgs; + *enq_cnt += m->m_epg_nrdy; } } } @@ -2181,11 +2181,7 @@ ktls_encrypt(struct ktls_wq *wq, struct mbuf *top) break; } - if (__predict_false(m->m_epg_npgs == 0)) { - /* TLS 1.0 empty fragment. */ - npages++; - } else - npages += m->m_epg_npgs; + npages += m->m_epg_nrdy; /* * Drop a reference to the session now that it is no _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all To unsubscribe, send any mail to "[email protected]"
