tls: break out of main loop when PEEK gets a non-data record

qsn · kuba-moo · commit 10f41d0710fc · 2024-02-21T14:25:51.000-08:00
PEEK needs to leave decrypted records on the rx_list so that we can receive them later on, so it jumps back into the async code that queues the skb. Unfortunately that makes us skip the TLS_RECORD_TYPE_DATA check at the bottom of the main loop, so if two records of the same (non-DATA) type are queued, we end up merging them. Add the same record type check, and make it unlikely to not penalize the async fastpath. Async decrypt only applies to data record, so this check is only needed for PEEK. process_rx_list also has similar issues. Fixes: 692d7b5 ("tls: Fix recvmsg() to be able to peek across multiple records") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://lore.kernel.org/r/3df2eef4fdae720c55e69472b5bea668772b45a2.1708007371.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
@@ -2064,6 +2064,8 @@ int tls_sw_recvmsg(struct sock *sk,
 				decrypted += chunk;
 				len -= chunk;
 				__skb_queue_tail(&ctx->rx_list, skb);
+				if (unlikely(control != TLS_RECORD_TYPE_DATA))
+					break;
 				continue;
 			}
 

Original file line number	Diff line number	Diff line change
`@@ -2064,6 +2064,8 @@ int tls_sw_recvmsg(struct sock *sk,`
`2064`	`2064`	`decrypted += chunk;`
`2065`	`2065`	`len -= chunk;`
`2066`	`2066`	`__skb_queue_tail(&ctx->rx_list, skb);`
	`2067`	`+ if (unlikely(control != TLS_RECORD_TYPE_DATA))`
	`2068`	`+ break;`
`2067`	`2069`	`continue;`
`2068`	`2070`	`}`
`2069`	`2071`