subject:"svn commit\: r364409 \- in head\/sys\: kern sys"

Re: svn commit: r364409 - in head/sys: kern sys

2020-08-19 Thread Brandon Bergren

The change you made looks correct to me.

libsysdecode uses pattern matching to find syscall flag definitions for use by 
userspace debug tools. (so stuff like truss can show flag names, etc.) As such, 
anything hidden behind _KERNEL in one of the headers that the tool grovels that 
matches one of the patterns (MSG_ for sys/socket.h in this case) needs to be 
listed by hand so it doesn't automatically get copied into tables.h.

It used to be part of kdump but got split out into a library in 11 so other 
tools could share the same data.

On Wed, Aug 19, 2020, at 10:54 PM, Rick Macklem wrote:
> Done, I guess?
> 
> I had never ever heard of this until now, but. by inspection,
> it seems to want the kernel only MSG_xxx flags listed, so
> I added MSG_TLSAPPDATA.
> 
> If this is not correct, please let me know what needs to be done, rick
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r364409 - in head/sys: kern sys

2020-08-19 Thread Rick Macklem

Done, I guess?

I had never ever heard of this until now, but. by inspection,
it seems to want the kernel only MSG_xxx flags listed, so
I added MSG_TLSAPPDATA.

If this is not correct, please let me know what needs to be done, rick


From: Brandon Bergren 
Sent: Wednesday, August 19, 2020 9:14 PM
To: Rick Macklem; src-committ...@freebsd.org; svn-src-all@freebsd.org; 
svn-src-h...@freebsd.org
Subject: Re: svn commit: r364409 - in head/sys: kern sys

CAUTION: This email originated from outside of the University of Guelph. Do not 
click links or open attachments unless you recognize the sender and know the 
content is safe. If in doubt, forward suspicious emails to ith...@uoguelph.ca


This broke world build.

Please update the blacklist in lib/sysdecode/mktables.

On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote:
> Author: rmacklem
> Date: Wed Aug 19 23:42:33 2020
> New Revision: 364409
> URL: https://svnweb.freebsd.org/changeset/base/364409
>
> Log:
>   Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application 
> TLS
>   data records.
>
>   The kernel RPC cannot process non-application data records when
>   using TLS. It must to an upcall to a userspace daemon that will
>   call SSL_read() to process them.
>
>   This patch adds a new flag called MSG_TLSAPPDATA that the kernel
>   RPC can use to tell sorecieve() to return ENXIO instead of a non-application
>   data record, when that is what is at the top of the receive queue.
>   I put the code in #ifdef KERN_TLS/#endif, although it will build without
>   that, so that it is recognized as only useful when KERN_TLS is enabled.
>   The alternative to doing this is to have the kernel RPC re-queue the
>   non-application data message after receiving it, but that seems more
>   complicated and might introduce message ordering issues when there
>   are multiple non-application data records one after another.
>
>   I do not know what, if any, changes will be required to support TLS1.3.
>
>   Reviewed by:glebius
>   Differential Revision:  https://reviews.freebsd.org/D25923
>
> Modified:
>   head/sys/kern/uipc_socket.c
>   head/sys/sys/socket.h
>
> Modified: head/sys/kern/uipc_socket.c
> ==
> --- head/sys/kern/uipc_socket.c   Wed Aug 19 20:41:22 2020
> (r364408)
> +++ head/sys/kern/uipc_socket.c   Wed Aug 19 23:42:33 2020
> (r364409)
> @@ -2056,6 +2056,32 @@ dontblock:
>   if (m != NULL && m->m_type == MT_CONTROL) {
>   struct mbuf *cm = NULL, *cmn;
>   struct mbuf **cme = &cm;
> +#ifdef KERN_TLS
> + struct cmsghdr *cmsg;
> + struct tls_get_record tgr;
> +
> + /*
> +  * For MSG_TLSAPPDATA, check for a non-application data
> +  * record.  If found, return ENXIO without removing
> +  * it from the receive queue.  This allows a subsequent
> +  * call without MSG_TLSAPPDATA to receive it.
> +  * Note that, for TLS, there should only be a single
> +  * control mbuf with the TLS_GET_RECORD message in it.
> +  */
> + if (flags & MSG_TLSAPPDATA) {
> + cmsg = mtod(m, struct cmsghdr *);
> + if (cmsg->cmsg_type == TLS_GET_RECORD &&
> + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
> + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
> + /* This will need to change for TLS 1.3. */
> + if (tgr.tls_type != TLS_RLTYPE_APP) {
> + SOCKBUF_UNLOCK(&so->so_rcv);
> + error = ENXIO;
> + goto release;
> + }
> + }
> + }
> +#endif
>
>   do {
>   if (flags & MSG_PEEK) {
>
> Modified: head/sys/sys/socket.h
> ==
> --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020(r364408)
> +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020(r364409)
> @@ -468,6 +468,7 @@ struct msghdr {
>  #endif
>  #ifdef _KERNEL
>  #define  MSG_MORETOCOME   0x0010 /* additional data pending */
> +#define  MSG_TLSAPPDATA   0x0020 /* only soreceive() app. data 
> (TLS) */
>  #endif
>
>  /*
>

--
  Brandon Bergren
  bdra...@imap.cc

___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r364409 - in head/sys: kern sys

2020-08-19 Thread Brandon Bergren

This broke world build.

Please update the blacklist in lib/sysdecode/mktables.

On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote:
> Author: rmacklem
> Date: Wed Aug 19 23:42:33 2020
> New Revision: 364409
> URL: https://svnweb.freebsd.org/changeset/base/364409
> 
> Log:
>   Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application 
> TLS
>   data records.
>   
>   The kernel RPC cannot process non-application data records when
>   using TLS. It must to an upcall to a userspace daemon that will
>   call SSL_read() to process them.
>   
>   This patch adds a new flag called MSG_TLSAPPDATA that the kernel
>   RPC can use to tell sorecieve() to return ENXIO instead of a non-application
>   data record, when that is what is at the top of the receive queue.
>   I put the code in #ifdef KERN_TLS/#endif, although it will build without
>   that, so that it is recognized as only useful when KERN_TLS is enabled.
>   The alternative to doing this is to have the kernel RPC re-queue the
>   non-application data message after receiving it, but that seems more
>   complicated and might introduce message ordering issues when there
>   are multiple non-application data records one after another.
>   
>   I do not know what, if any, changes will be required to support TLS1.3.
>   
>   Reviewed by:glebius
>   Differential Revision:  https://reviews.freebsd.org/D25923
> 
> Modified:
>   head/sys/kern/uipc_socket.c
>   head/sys/sys/socket.h
> 
> Modified: head/sys/kern/uipc_socket.c
> ==
> --- head/sys/kern/uipc_socket.c   Wed Aug 19 20:41:22 2020
> (r364408)
> +++ head/sys/kern/uipc_socket.c   Wed Aug 19 23:42:33 2020
> (r364409)
> @@ -2056,6 +2056,32 @@ dontblock:
>   if (m != NULL && m->m_type == MT_CONTROL) {
>   struct mbuf *cm = NULL, *cmn;
>   struct mbuf **cme = &cm;
> +#ifdef KERN_TLS
> + struct cmsghdr *cmsg;
> + struct tls_get_record tgr;
> +
> + /*
> +  * For MSG_TLSAPPDATA, check for a non-application data
> +  * record.  If found, return ENXIO without removing
> +  * it from the receive queue.  This allows a subsequent
> +  * call without MSG_TLSAPPDATA to receive it.
> +  * Note that, for TLS, there should only be a single
> +  * control mbuf with the TLS_GET_RECORD message in it.
> +  */
> + if (flags & MSG_TLSAPPDATA) {
> + cmsg = mtod(m, struct cmsghdr *);
> + if (cmsg->cmsg_type == TLS_GET_RECORD &&
> + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
> + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
> + /* This will need to change for TLS 1.3. */
> + if (tgr.tls_type != TLS_RLTYPE_APP) {
> + SOCKBUF_UNLOCK(&so->so_rcv);
> + error = ENXIO;
> + goto release;
> + }
> + }
> + }
> +#endif
>  
>   do {
>   if (flags & MSG_PEEK) {
> 
> Modified: head/sys/sys/socket.h
> ==
> --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020(r364408)
> +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020(r364409)
> @@ -468,6 +468,7 @@ struct msghdr {
>  #endif
>  #ifdef _KERNEL
>  #define  MSG_MORETOCOME   0x0010 /* additional data pending */
> +#define  MSG_TLSAPPDATA   0x0020 /* only soreceive() app. data 
> (TLS) */
>  #endif
>  
>  /*
>

-- 
  Brandon Bergren
  bdra...@imap.cc
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r364409 - in head/sys: kern sys

2020-08-19 Thread Rick Macklem

Author: rmacklem
Date: Wed Aug 19 23:42:33 2020
New Revision: 364409
URL: https://svnweb.freebsd.org/changeset/base/364409

Log:
  Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application TLS
  data records.
  
  The kernel RPC cannot process non-application data records when
  using TLS. It must to an upcall to a userspace daemon that will
  call SSL_read() to process them.
  
  This patch adds a new flag called MSG_TLSAPPDATA that the kernel
  RPC can use to tell sorecieve() to return ENXIO instead of a non-application
  data record, when that is what is at the top of the receive queue.
  I put the code in #ifdef KERN_TLS/#endif, although it will build without
  that, so that it is recognized as only useful when KERN_TLS is enabled.
  The alternative to doing this is to have the kernel RPC re-queue the
  non-application data message after receiving it, but that seems more
  complicated and might introduce message ordering issues when there
  are multiple non-application data records one after another.
  
  I do not know what, if any, changes will be required to support TLS1.3.
  
  Reviewed by:  glebius
  Differential Revision:https://reviews.freebsd.org/D25923

Modified:
  head/sys/kern/uipc_socket.c
  head/sys/sys/socket.h

Modified: head/sys/kern/uipc_socket.c
==
--- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020(r364408)
+++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020(r364409)
@@ -2056,6 +2056,32 @@ dontblock:
if (m != NULL && m->m_type == MT_CONTROL) {
struct mbuf *cm = NULL, *cmn;
struct mbuf **cme = &cm;
+#ifdef KERN_TLS
+   struct cmsghdr *cmsg;
+   struct tls_get_record tgr;
+
+   /*
+* For MSG_TLSAPPDATA, check for a non-application data
+* record.  If found, return ENXIO without removing
+* it from the receive queue.  This allows a subsequent
+* call without MSG_TLSAPPDATA to receive it.
+* Note that, for TLS, there should only be a single
+* control mbuf with the TLS_GET_RECORD message in it.
+*/
+   if (flags & MSG_TLSAPPDATA) {
+   cmsg = mtod(m, struct cmsghdr *);
+   if (cmsg->cmsg_type == TLS_GET_RECORD &&
+   cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) {
+   memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr));
+   /* This will need to change for TLS 1.3. */
+   if (tgr.tls_type != TLS_RLTYPE_APP) {
+   SOCKBUF_UNLOCK(&so->so_rcv);
+   error = ENXIO;
+   goto release;
+   }
+   }
+   }
+#endif
 
do {
if (flags & MSG_PEEK) {

Modified: head/sys/sys/socket.h
==
--- head/sys/sys/socket.h   Wed Aug 19 20:41:22 2020(r364408)
+++ head/sys/sys/socket.h   Wed Aug 19 23:42:33 2020(r364409)
@@ -468,6 +468,7 @@ struct msghdr {
 #endif
 #ifdef _KERNEL
 #defineMSG_MORETOCOME   0x0010 /* additional data pending */
+#defineMSG_TLSAPPDATA   0x0020 /* only soreceive() app. data 
(TLS) */
 #endif
 
 /*
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r364409 - in head/sys: kern sys

Re: svn commit: r364409 - in head/sys: kern sys

Re: svn commit: r364409 - in head/sys: kern sys

svn commit: r364409 - in head/sys: kern sys

4 matches

Site Navigation

Mail list logo

Footer information