Commit ba4a734e authored by Hannes Reinecke's avatar Hannes Reinecke Committed by Jakub Kicinski
Browse files

net/tls: avoid TCP window full during ->read_sock() 



When flushing the backlog after decoding a record we don't really
know how much data the caller want us to evaluate, so use INT_MAX
and 0 as arguments to tls_read_flush_backlog() to ensure we flush
at 128k of data. Otherwise we might be reading too much data and
trigger a TCP window full.

Suggested-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarHannes Reinecke <hare@suse.de>
Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
Link: https://lore.kernel.org/r/20230807071022.10091-1-hare@suse.de


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 794529c4

net/tls/tls_sw.c

+5 −8
Original line number Diff line number Diff line
@@ -2240,7 +2240,6 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc, 
			tlm = tls_msg(skb);

		} else {

			struct tls_decrypt_arg darg;

			int to_decrypt;



			err = tls_rx_rec_wait(sk, NULL, true, released);

			if (err <= 0)
@@ -2248,20 +2247,18 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc, 


			memset(&darg.inargs, 0, sizeof(darg.inargs));



			rxm = strp_msg(tls_strp_msg(ctx));

			tlm = tls_msg(tls_strp_msg(ctx));



			to_decrypt = rxm->full_len - prot->overhead_size;



			err = tls_rx_one_record(sk, NULL, &darg);

			if (err < 0) {

				tls_err_abort(sk, -EBADMSG);

				goto read_sock_end;

			}



			released = tls_read_flush_backlog(sk, prot, rxm->full_len, to_decrypt,

							  decrypted, &flushed_at);

			released = tls_read_flush_backlog(sk, prot, INT_MAX,

							  0, decrypted,

							  &flushed_at);

			skb = darg.skb;

			rxm = strp_msg(skb);

			tlm = tls_msg(skb);

			decrypted += rxm->full_len;



			tls_rx_rec_done(ctx);