[PATCH net] tls: prevent oversized sendfile() hangs by ignoring MSG_MORE

[PATCH net] tls: prevent oversized sendfile() hangs by ignoring MSG_MORE

[Jakub Kicinski]

We got multiple reports that multi_chunk_sendfile test
case from tls selftest fails. This was sort of expected,
as the original fix was never applied (see it in the first
Link:). The test in question uses sendfile() with count
larger than the size of the underlying file. This will
make splice set MSG_MORE on all sendpage calls, meaning
TLS will never close and flush the last partial record.

Eric seem to have addressed a similar problem in
commit 35f9c09fe9c7 ("tcp: tcp_sendpages() should call tcp_push() once")
by introducing MSG_SENDPAGE_NOTLAST. Unlike MSG_MORE
MSG_SENDPAGE_NOTLAST is not set on the last call
of a "pipefull" of data (PIPE_DEF_BUFFERS == 16,
so every 16 pages or whenever we run out of data).

Having a break every 16 pages should be fine, TLS
can pack exactly 4 pages into a record, so for
aligned reads there should be no difference,
unaligned may see one extra record per sendpage().

Sticking to TCP semantics seems preferable to modifying
splice, but we can revisit it if real life scenarios
show a regression.

Reported-by: Vadim Fedorenko <vfedorenko@novek.ru>
Reported-by: Seth Forshee <seth.forshee@canonical.com>
Link: https://lore.kernel.org/netdev/1591392508-14592-1-git-send-email-pooja.trivedi@stackpath.com/
Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---
 net/tls/tls_sw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 694de024d0ee..74e5701034aa 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1153,7 +1153,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
 	int ret = 0;
 	bool eor;
 
-	eor = !(flags & (MSG_MORE | MSG_SENDPAGE_NOTLAST));
+	eor = !(flags & MSG_SENDPAGE_NOTLAST);
 	sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
 
 	/* Call the sk_stream functions to manage the sndbuf mem. */
-- 
2.31.1

Re: [PATCH net] tls: prevent oversized sendfile() hangs by ignoring MSG_MORE

[Seth Forshee]

On Fri, Jun 18, 2021 at 01:34:06PM -0700, Jakub Kicinski wrote:
> We got multiple reports that multi_chunk_sendfile test
> case from tls selftest fails. This was sort of expected,
> as the original fix was never applied (see it in the first
> Link:). The test in question uses sendfile() with count
> larger than the size of the underlying file. This will
> make splice set MSG_MORE on all sendpage calls, meaning
> TLS will never close and flush the last partial record.
> 
> Eric seem to have addressed a similar problem in
> commit 35f9c09fe9c7 ("tcp: tcp_sendpages() should call tcp_push() once")
> by introducing MSG_SENDPAGE_NOTLAST. Unlike MSG_MORE
> MSG_SENDPAGE_NOTLAST is not set on the last call
> of a "pipefull" of data (PIPE_DEF_BUFFERS == 16,
> so every 16 pages or whenever we run out of data).
> 
> Having a break every 16 pages should be fine, TLS
> can pack exactly 4 pages into a record, so for
> aligned reads there should be no difference,
> unaligned may see one extra record per sendpage().
> 
> Sticking to TCP semantics seems preferable to modifying
> splice, but we can revisit it if real life scenarios
> show a regression.
> 
> Reported-by: Vadim Fedorenko <vfedorenko@novek.ru>
> Reported-by: Seth Forshee <seth.forshee@canonical.com>
> Link: https://lore.kernel.org/netdev/1591392508-14592-1-git-send-email-pooja.trivedi@stackpath.com/
> Fixes: 3c4d7559159b ("tls: kernel TLS support")
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>

With this patch the muilt_chunk_sendfile selftest passes. Thanks!

Tested-by: Seth Forshee <seth.forshee@canonical.com>

Re: [PATCH net] tls: prevent oversized sendfile() hangs by ignoring MSG_MORE

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net.git (refs/heads/master):

On Fri, 18 Jun 2021 13:34:06 -0700 you wrote:
> We got multiple reports that multi_chunk_sendfile test
> case from tls selftest fails. This was sort of expected,
> as the original fix was never applied (see it in the first
> Link:). The test in question uses sendfile() with count
> larger than the size of the underlying file. This will
> make splice set MSG_MORE on all sendpage calls, meaning
> TLS will never close and flush the last partial record.
> 
> [...]

Here is the summary with links:
  - [net] tls: prevent oversized sendfile() hangs by ignoring MSG_MORE
    https://git.kernel.org/netdev/net/c/d452d48b9f8b

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html