Re: svn commit: r364409 - in head/sys: kern sys
The change you made looks correct to me. libsysdecode uses pattern matching to find syscall flag definitions for use by userspace debug tools. (so stuff like truss can show flag names, etc.) As such, anything hidden behind _KERNEL in one of the headers that the tool grovels that matches one of the patterns (MSG_ for sys/socket.h in this case) needs to be listed by hand so it doesn't automatically get copied into tables.h. It used to be part of kdump but got split out into a library in 11 so other tools could share the same data. On Wed, Aug 19, 2020, at 10:54 PM, Rick Macklem wrote: > Done, I guess? > > I had never ever heard of this until now, but. by inspection, > it seems to want the kernel only MSG_xxx flags listed, so > I added MSG_TLSAPPDATA. > > If this is not correct, please let me know what needs to be done, rick ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r364409 - in head/sys: kern sys
Done, I guess? I had never ever heard of this until now, but. by inspection, it seems to want the kernel only MSG_xxx flags listed, so I added MSG_TLSAPPDATA. If this is not correct, please let me know what needs to be done, rick From: Brandon Bergren Sent: Wednesday, August 19, 2020 9:14 PM To: Rick Macklem; src-committ...@freebsd.org; svn-src-all@freebsd.org; svn-src-h...@freebsd.org Subject: Re: svn commit: r364409 - in head/sys: kern sys CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to ith...@uoguelph.ca This broke world build. Please update the blacklist in lib/sysdecode/mktables. On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote: > Author: rmacklem > Date: Wed Aug 19 23:42:33 2020 > New Revision: 364409 > URL: https://svnweb.freebsd.org/changeset/base/364409 > > Log: > Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application > TLS > data records. > > The kernel RPC cannot process non-application data records when > using TLS. It must to an upcall to a userspace daemon that will > call SSL_read() to process them. > > This patch adds a new flag called MSG_TLSAPPDATA that the kernel > RPC can use to tell sorecieve() to return ENXIO instead of a non-application > data record, when that is what is at the top of the receive queue. > I put the code in #ifdef KERN_TLS/#endif, although it will build without > that, so that it is recognized as only useful when KERN_TLS is enabled. > The alternative to doing this is to have the kernel RPC re-queue the > non-application data message after receiving it, but that seems more > complicated and might introduce message ordering issues when there > are multiple non-application data records one after another. > > I do not know what, if any, changes will be required to support TLS1.3. > > Reviewed by:glebius > Differential Revision: https://reviews.freebsd.org/D25923 > > Modified: > head/sys/kern/uipc_socket.c > head/sys/sys/socket.h > > Modified: head/sys/kern/uipc_socket.c > == > --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020 > (r364408) > +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020 > (r364409) > @@ -2056,6 +2056,32 @@ dontblock: > if (m != NULL && m->m_type == MT_CONTROL) { > struct mbuf *cm = NULL, *cmn; > struct mbuf **cme = &cm; > +#ifdef KERN_TLS > + struct cmsghdr *cmsg; > + struct tls_get_record tgr; > + > + /* > + * For MSG_TLSAPPDATA, check for a non-application data > + * record. If found, return ENXIO without removing > + * it from the receive queue. This allows a subsequent > + * call without MSG_TLSAPPDATA to receive it. > + * Note that, for TLS, there should only be a single > + * control mbuf with the TLS_GET_RECORD message in it. > + */ > + if (flags & MSG_TLSAPPDATA) { > + cmsg = mtod(m, struct cmsghdr *); > + if (cmsg->cmsg_type == TLS_GET_RECORD && > + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) { > + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr)); > + /* This will need to change for TLS 1.3. */ > + if (tgr.tls_type != TLS_RLTYPE_APP) { > + SOCKBUF_UNLOCK(&so->so_rcv); > + error = ENXIO; > + goto release; > + } > + } > + } > +#endif > > do { > if (flags & MSG_PEEK) { > > Modified: head/sys/sys/socket.h > == > --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020(r364408) > +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020(r364409) > @@ -468,6 +468,7 @@ struct msghdr { > #endif > #ifdef _KERNEL > #define MSG_MORETOCOME 0x0010 /* additional data pending */ > +#define MSG_TLSAPPDATA 0x0020 /* only soreceive() app. data > (TLS) */ > #endif > > /* > -- Brandon Bergren bdra...@imap.cc ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r364409 - in head/sys: kern sys
This broke world build. Please update the blacklist in lib/sysdecode/mktables. On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote: > Author: rmacklem > Date: Wed Aug 19 23:42:33 2020 > New Revision: 364409 > URL: https://svnweb.freebsd.org/changeset/base/364409 > > Log: > Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application > TLS > data records. > > The kernel RPC cannot process non-application data records when > using TLS. It must to an upcall to a userspace daemon that will > call SSL_read() to process them. > > This patch adds a new flag called MSG_TLSAPPDATA that the kernel > RPC can use to tell sorecieve() to return ENXIO instead of a non-application > data record, when that is what is at the top of the receive queue. > I put the code in #ifdef KERN_TLS/#endif, although it will build without > that, so that it is recognized as only useful when KERN_TLS is enabled. > The alternative to doing this is to have the kernel RPC re-queue the > non-application data message after receiving it, but that seems more > complicated and might introduce message ordering issues when there > are multiple non-application data records one after another. > > I do not know what, if any, changes will be required to support TLS1.3. > > Reviewed by:glebius > Differential Revision: https://reviews.freebsd.org/D25923 > > Modified: > head/sys/kern/uipc_socket.c > head/sys/sys/socket.h > > Modified: head/sys/kern/uipc_socket.c > == > --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020 > (r364408) > +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020 > (r364409) > @@ -2056,6 +2056,32 @@ dontblock: > if (m != NULL && m->m_type == MT_CONTROL) { > struct mbuf *cm = NULL, *cmn; > struct mbuf **cme = &cm; > +#ifdef KERN_TLS > + struct cmsghdr *cmsg; > + struct tls_get_record tgr; > + > + /* > + * For MSG_TLSAPPDATA, check for a non-application data > + * record. If found, return ENXIO without removing > + * it from the receive queue. This allows a subsequent > + * call without MSG_TLSAPPDATA to receive it. > + * Note that, for TLS, there should only be a single > + * control mbuf with the TLS_GET_RECORD message in it. > + */ > + if (flags & MSG_TLSAPPDATA) { > + cmsg = mtod(m, struct cmsghdr *); > + if (cmsg->cmsg_type == TLS_GET_RECORD && > + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) { > + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr)); > + /* This will need to change for TLS 1.3. */ > + if (tgr.tls_type != TLS_RLTYPE_APP) { > + SOCKBUF_UNLOCK(&so->so_rcv); > + error = ENXIO; > + goto release; > + } > + } > + } > +#endif > > do { > if (flags & MSG_PEEK) { > > Modified: head/sys/sys/socket.h > == > --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020(r364408) > +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020(r364409) > @@ -468,6 +468,7 @@ struct msghdr { > #endif > #ifdef _KERNEL > #define MSG_MORETOCOME 0x0010 /* additional data pending */ > +#define MSG_TLSAPPDATA 0x0020 /* only soreceive() app. data > (TLS) */ > #endif > > /* > -- Brandon Bergren bdra...@imap.cc ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r364409 - in head/sys: kern sys
Author: rmacklem Date: Wed Aug 19 23:42:33 2020 New Revision: 364409 URL: https://svnweb.freebsd.org/changeset/base/364409 Log: Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application TLS data records. The kernel RPC cannot process non-application data records when using TLS. It must to an upcall to a userspace daemon that will call SSL_read() to process them. This patch adds a new flag called MSG_TLSAPPDATA that the kernel RPC can use to tell sorecieve() to return ENXIO instead of a non-application data record, when that is what is at the top of the receive queue. I put the code in #ifdef KERN_TLS/#endif, although it will build without that, so that it is recognized as only useful when KERN_TLS is enabled. The alternative to doing this is to have the kernel RPC re-queue the non-application data message after receiving it, but that seems more complicated and might introduce message ordering issues when there are multiple non-application data records one after another. I do not know what, if any, changes will be required to support TLS1.3. Reviewed by: glebius Differential Revision:https://reviews.freebsd.org/D25923 Modified: head/sys/kern/uipc_socket.c head/sys/sys/socket.h Modified: head/sys/kern/uipc_socket.c == --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020(r364408) +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020(r364409) @@ -2056,6 +2056,32 @@ dontblock: if (m != NULL && m->m_type == MT_CONTROL) { struct mbuf *cm = NULL, *cmn; struct mbuf **cme = &cm; +#ifdef KERN_TLS + struct cmsghdr *cmsg; + struct tls_get_record tgr; + + /* +* For MSG_TLSAPPDATA, check for a non-application data +* record. If found, return ENXIO without removing +* it from the receive queue. This allows a subsequent +* call without MSG_TLSAPPDATA to receive it. +* Note that, for TLS, there should only be a single +* control mbuf with the TLS_GET_RECORD message in it. +*/ + if (flags & MSG_TLSAPPDATA) { + cmsg = mtod(m, struct cmsghdr *); + if (cmsg->cmsg_type == TLS_GET_RECORD && + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) { + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr)); + /* This will need to change for TLS 1.3. */ + if (tgr.tls_type != TLS_RLTYPE_APP) { + SOCKBUF_UNLOCK(&so->so_rcv); + error = ENXIO; + goto release; + } + } + } +#endif do { if (flags & MSG_PEEK) { Modified: head/sys/sys/socket.h == --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020(r364408) +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020(r364409) @@ -468,6 +468,7 @@ struct msghdr { #endif #ifdef _KERNEL #defineMSG_MORETOCOME 0x0010 /* additional data pending */ +#defineMSG_TLSAPPDATA 0x0020 /* only soreceive() app. data (TLS) */ #endif /* ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"