This broke world build. Please update the blacklist in lib/sysdecode/mktables.
On Wed, Aug 19, 2020, at 6:42 PM, Rick Macklem wrote: > Author: rmacklem > Date: Wed Aug 19 23:42:33 2020 > New Revision: 364409 > URL: https://svnweb.freebsd.org/changeset/base/364409 > > Log: > Add the MSG_TLSAPPDATA flag to indicate "return ENXIO" for non-application > TLS > data records. > > The kernel RPC cannot process non-application data records when > using TLS. It must to an upcall to a userspace daemon that will > call SSL_read() to process them. > > This patch adds a new flag called MSG_TLSAPPDATA that the kernel > RPC can use to tell sorecieve() to return ENXIO instead of a non-application > data record, when that is what is at the top of the receive queue. > I put the code in #ifdef KERN_TLS/#endif, although it will build without > that, so that it is recognized as only useful when KERN_TLS is enabled. > The alternative to doing this is to have the kernel RPC re-queue the > non-application data message after receiving it, but that seems more > complicated and might introduce message ordering issues when there > are multiple non-application data records one after another. > > I do not know what, if any, changes will be required to support TLS1.3. > > Reviewed by: glebius > Differential Revision: https://reviews.freebsd.org/D25923 > > Modified: > head/sys/kern/uipc_socket.c > head/sys/sys/socket.h > > Modified: head/sys/kern/uipc_socket.c > ============================================================================== > --- head/sys/kern/uipc_socket.c Wed Aug 19 20:41:22 2020 > (r364408) > +++ head/sys/kern/uipc_socket.c Wed Aug 19 23:42:33 2020 > (r364409) > @@ -2056,6 +2056,32 @@ dontblock: > if (m != NULL && m->m_type == MT_CONTROL) { > struct mbuf *cm = NULL, *cmn; > struct mbuf **cme = &cm; > +#ifdef KERN_TLS > + struct cmsghdr *cmsg; > + struct tls_get_record tgr; > + > + /* > + * For MSG_TLSAPPDATA, check for a non-application data > + * record. If found, return ENXIO without removing > + * it from the receive queue. This allows a subsequent > + * call without MSG_TLSAPPDATA to receive it. > + * Note that, for TLS, there should only be a single > + * control mbuf with the TLS_GET_RECORD message in it. > + */ > + if (flags & MSG_TLSAPPDATA) { > + cmsg = mtod(m, struct cmsghdr *); > + if (cmsg->cmsg_type == TLS_GET_RECORD && > + cmsg->cmsg_len == CMSG_LEN(sizeof(tgr))) { > + memcpy(&tgr, CMSG_DATA(cmsg), sizeof(tgr)); > + /* This will need to change for TLS 1.3. */ > + if (tgr.tls_type != TLS_RLTYPE_APP) { > + SOCKBUF_UNLOCK(&so->so_rcv); > + error = ENXIO; > + goto release; > + } > + } > + } > +#endif > > do { > if (flags & MSG_PEEK) { > > Modified: head/sys/sys/socket.h > ============================================================================== > --- head/sys/sys/socket.h Wed Aug 19 20:41:22 2020 (r364408) > +++ head/sys/sys/socket.h Wed Aug 19 23:42:33 2020 (r364409) > @@ -468,6 +468,7 @@ struct msghdr { > #endif > #ifdef _KERNEL > #define MSG_MORETOCOME 0x00100000 /* additional data pending */ > +#define MSG_TLSAPPDATA 0x00200000 /* only soreceive() app. data > (TLS) */ > #endif > > /* > -- Brandon Bergren bdra...@imap.cc _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
