* Kernel TLS
@ 2019-11-29 19:36 Jeffrey Walton
2019-11-29 19:46 ` Alexander Mihalicyn
2019-11-29 19:48 ` Valentin Vidić
0 siblings, 2 replies; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-29 19:36 UTC (permalink / raw)
To: kernelnewbies
Hi Everyone,
I'm trying to run through the example at
https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
.
I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:
$ ./ktls
setsockopt failed, 2, No such file or directory
I observed:
$ cat /proc/sys/net/ipv4/tcp_available_ulp
$
Is there a way to enable ULP at boot? Or is this a kernel config
option? Or maybe I am doing something else wrong?
Below is the sample code.
Jeff
==============================
#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/tls.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
int main()
{
int sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock == -1)
{
printf("socket failed, %d, %s\n", errno, strerror(errno));
return 1;
}
if (setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")) == -1 )
{
printf("setsockopt failed, %d, %s\n", errno, strerror(errno));
return 1;
}
close (sock);
return 0;
}
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-29 19:36 Kernel TLS Jeffrey Walton
@ 2019-11-29 19:46 ` Alexander Mihalicyn
2019-11-29 19:48 ` Valentin Vidić
1 sibling, 0 replies; 15+ messages in thread
From: Alexander Mihalicyn @ 2019-11-29 19:46 UTC (permalink / raw)
To: noloader; +Cc: kernelnewbies
Hello,
I think you need to load "tls" kernel module first.
Regards, Alex
On Fri, Nov 29, 2019 at 11:37 AM Jeffrey Walton <noloader@gmail.com> wrote:
>
> Hi Everyone,
>
> I'm trying to run through the example at
> https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
> .
>
> I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:
>
> $ ./ktls
> setsockopt failed, 2, No such file or directory
>
> I observed:
>
> $ cat /proc/sys/net/ipv4/tcp_available_ulp
> $
>
> Is there a way to enable ULP at boot? Or is this a kernel config
> option? Or maybe I am doing something else wrong?
>
> Below is the sample code.
>
> Jeff
>
> ==============================
>
> #include <stdio.h>
> #include <unistd.h>
> #include <errno.h>
> #include <string.h>
>
> #include <sys/socket.h>
> #include <sys/types.h>
>
> #include <linux/tls.h>
> #include <netinet/ip.h>
> #include <netinet/tcp.h>
>
> int main()
> {
> int sock = socket(AF_INET, SOCK_STREAM, 0);
> if (sock == -1)
> {
> printf("socket failed, %d, %s\n", errno, strerror(errno));
> return 1;
> }
>
> if (setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")) == -1 )
> {
> printf("setsockopt failed, %d, %s\n", errno, strerror(errno));
> return 1;
> }
>
> close (sock);
> return 0;
> }
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-29 19:36 Kernel TLS Jeffrey Walton
2019-11-29 19:46 ` Alexander Mihalicyn
@ 2019-11-29 19:48 ` Valentin Vidić
2019-11-29 19:57 ` Jeffrey Walton
1 sibling, 1 reply; 15+ messages in thread
From: Valentin Vidić @ 2019-11-29 19:48 UTC (permalink / raw)
To: kernelnewbies
On Fri, Nov 29, 2019 at 02:36:10PM -0500, Jeffrey Walton wrote:
> I'm trying to run through the example at
> https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
> .
>
> I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:
>
> $ ./ktls
> setsockopt failed, 2, No such file or directory
>
> I observed:
>
> $ cat /proc/sys/net/ipv4/tcp_available_ulp
> $
>
> Is there a way to enable ULP at boot? Or is this a kernel config
> option? Or maybe I am doing something else wrong?
strace gives me:
...
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
setsockopt(3, SOL_TCP, TCP_ULP, [7564404], 4) = -1 ENOENT (No such file or directory)
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x2), ...}) = 0
brk(NULL) = 0x55d76b14e000
brk(0x55d76b16f000) = 0x55d76b16f000
write(1, "setsockopt failed, 2, No such fi"..., 48setsockopt failed, 2, No such file or directory
) = 48
exit_group(1) = ?
+++ exited with 1 +++
$ grep TLS /boot/config-4.19.0-6-amd64
CONFIG_HAVE_COPY_THREAD_TLS=y
# CONFIG_TLS is not set
# CONFIG_VIDEO_IVTV_DEPRECATED_IOCTLS is not set
So you probably need to rebuild the kernel with CONFIG_TLS to get this working.
--
Valentin
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-29 19:48 ` Valentin Vidić
@ 2019-11-29 19:57 ` Jeffrey Walton
2019-11-29 20:04 ` Jeffrey Walton
0 siblings, 1 reply; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-29 19:57 UTC (permalink / raw)
To: Valentin Vidić; +Cc: kernelnewbies
On Fri, Nov 29, 2019 at 2:48 PM Valentin Vidić
<vvidic@valentin-vidic.from.hr> wrote:
>
> On Fri, Nov 29, 2019 at 02:36:10PM -0500, Jeffrey Walton wrote:
> > I'm trying to run through the example at
> > https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
> > .
> >
> > I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:
> >
> > $ ./ktls
> > setsockopt failed, 2, No such file or directory
> >
> > I observed:
> >
> > $ cat /proc/sys/net/ipv4/tcp_available_ulp
> > $
> >
> > Is there a way to enable ULP at boot? Or is this a kernel config
> > option? Or maybe I am doing something else wrong?
>
> strace gives me:
>
> ...
> socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
> setsockopt(3, SOL_TCP, TCP_ULP, [7564404], 4) = -1 ENOENT (No such file or directory)
> fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x2), ...}) = 0
> brk(NULL) = 0x55d76b14e000
> brk(0x55d76b16f000) = 0x55d76b16f000
> write(1, "setsockopt failed, 2, No such fi"..., 48setsockopt failed, 2, No such file or directory
> ) = 48
> exit_group(1) = ?
> +++ exited with 1 +++
>
> $ grep TLS /boot/config-4.19.0-6-amd64
> CONFIG_HAVE_COPY_THREAD_TLS=y
> # CONFIG_TLS is not set
> # CONFIG_VIDEO_IVTV_DEPRECATED_IOCTLS is not set
>
> So you probably need to rebuild the kernel with CONFIG_TLS to get this working.
Thanks Valentin.
Here's what I am seeing:
$ grep TLS /boot/config-5.3.12-300.fc31.x86_64
CONFIG_HAVE_COPY_THREAD_TLS=y
CONFIG_TLS=m
...
I believe the 'm' means a loadable module. But:
$ insmod tls
insmod: ERROR: could not load module tls: No such file or directory
Jeff
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-29 19:57 ` Jeffrey Walton
@ 2019-11-29 20:04 ` Jeffrey Walton
2019-11-30 4:37 ` Jeffrey Walton
0 siblings, 1 reply; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-29 20:04 UTC (permalink / raw)
To: Valentin Vidić; +Cc: kernelnewbies
On Fri, Nov 29, 2019 at 2:57 PM Jeffrey Walton <noloader@gmail.com> wrote:
>
> On Fri, Nov 29, 2019 at 2:48 PM Valentin Vidić
> <vvidic@valentin-vidic.from.hr> wrote:
> >
> > On Fri, Nov 29, 2019 at 02:36:10PM -0500, Jeffrey Walton wrote:
> > > I'm trying to run through the example at
> > > https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
> > > .
> > >
> > > I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:
> > >
> > > $ ./ktls
> > > setsockopt failed, 2, No such file or directory
> > >
> > > I observed:
> > >
> > > $ cat /proc/sys/net/ipv4/tcp_available_ulp
> > > $
> > >
> > > Is there a way to enable ULP at boot? Or is this a kernel config
> > > option? Or maybe I am doing something else wrong?
> >
> > strace gives me:
> >
> > ...
> > socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
> > setsockopt(3, SOL_TCP, TCP_ULP, [7564404], 4) = -1 ENOENT (No such file or directory)
> > fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x2), ...}) = 0
> > brk(NULL) = 0x55d76b14e000
> > brk(0x55d76b16f000) = 0x55d76b16f000
> > write(1, "setsockopt failed, 2, No such fi"..., 48setsockopt failed, 2, No such file or directory
> > ) = 48
> > exit_group(1) = ?
> > +++ exited with 1 +++
> >
> > $ grep TLS /boot/config-4.19.0-6-amd64
> > CONFIG_HAVE_COPY_THREAD_TLS=y
> > # CONFIG_TLS is not set
> > # CONFIG_VIDEO_IVTV_DEPRECATED_IOCTLS is not set
> >
> > So you probably need to rebuild the kernel with CONFIG_TLS to get this working.
>
> Thanks Valentin.
>
> Here's what I am seeing:
>
> $ grep TLS /boot/config-5.3.12-300.fc31.x86_64
> CONFIG_HAVE_COPY_THREAD_TLS=y
> CONFIG_TLS=m
> ...
>
> I believe the 'm' means a loadable module. But:
>
> $ insmod tls
> insmod: ERROR: could not load module tls: No such file or directory
My bad, I needed modprobe, not insmod.
So now I am at:
$ gcc -Wall -g2 -O1 ktls.c -o ktls
$ ./ktls
setsockopt failed, 524, Unknown error 524
Jeff
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-29 20:04 ` Jeffrey Walton
@ 2019-11-30 4:37 ` Jeffrey Walton
2019-11-30 6:16 ` Alexander Mihalicyn
2019-11-30 6:40 ` Valdis Klētnieks
0 siblings, 2 replies; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-30 4:37 UTC (permalink / raw)
To: Valentin Vidić; +Cc: kernelnewbies
On Fri, Nov 29, 2019 at 3:04 PM Jeffrey Walton <noloader@gmail.com> wrote:
> ...
> So now I am at:
>
> $ gcc -Wall -g2 -O1 ktls.c -o ktls
> $ ./ktls
> setsockopt failed, 524, Unknown error 524
Now open in the Fedora bug tracker:
https://bugzilla.redhat.com/show_bug.cgi?id=1778348
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-30 4:37 ` Jeffrey Walton
@ 2019-11-30 6:16 ` Alexander Mihalicyn
2019-11-30 6:40 ` Valdis Klētnieks
1 sibling, 0 replies; 15+ messages in thread
From: Alexander Mihalicyn @ 2019-11-30 6:16 UTC (permalink / raw)
To: noloader; +Cc: Valentin Vidić, kernelnewbies
Hello,
I think reason is here:
https://github.com/torvalds/linux/blob/386403a115f95997c2715691226e11a7b5cffcfd/net/tls/tls_main.c#L725
You need to setsockopt() ULP ktls on CONNECTION socket.
Regards, Alex
On Sat, Nov 30, 2019 at 7:39 AM Jeffrey Walton <noloader@gmail.com> wrote:
>
> On Fri, Nov 29, 2019 at 3:04 PM Jeffrey Walton <noloader@gmail.com> wrote:
> > ...
> > So now I am at:
> >
> > $ gcc -Wall -g2 -O1 ktls.c -o ktls
> > $ ./ktls
> > setsockopt failed, 524, Unknown error 524
>
> Now open in the Fedora bug tracker:
> https://bugzilla.redhat.com/show_bug.cgi?id=1778348
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-30 4:37 ` Jeffrey Walton
2019-11-30 6:16 ` Alexander Mihalicyn
@ 2019-11-30 6:40 ` Valdis Klētnieks
2019-11-30 8:13 ` Bjørn Mork
1 sibling, 1 reply; 15+ messages in thread
From: Valdis Klētnieks @ 2019-11-30 6:40 UTC (permalink / raw)
To: noloader; +Cc: kernelnewbies
[-- Attachment #1.1: Type: text/plain, Size: 1727 bytes --]
On Fri, 29 Nov 2019 23:37:35 -0500, Jeffrey Walton said:
repl: bad addresses:
Valentin VidiD\a <vvidic@valentin-vidic.from.hr> -- no mailbox in address, only a phrase (Valentin VidiD\a)
> On Fri, Nov 29, 2019 at 3:04 PM Jeffrey Walton <noloader@gmail.com> wrote:
> > ...
> > So now I am at:
> >
> > $ gcc -Wall -g2 -O1 ktls.c -o ktls
> > $ ./ktls
> > setsockopt failed, 524, Unknown error 524
>
> Now open in the Fedora bug tracker:
> https://bugzilla.redhat.com/show_bug.cgi?id=1778348
Looks like the 'unknown error' issue is a glibc strerror() problem. On the
kernel side, git blame says:
[/usr/src/linux-next] git blame include/linux/errno.h | grep -C 5 524
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 22)
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 23) /* Defined for the NFSv3 protocol */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 24) #define EBADHANDLE 521 /* Illegal NFS file handle */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 25) #define ENOTSYNC 522 /* Update synchronization mismatch */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 26) #define EBADCOOKIE 523 /* Cookie is stale */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 27) #define ENOTSUPP 524 /* Operation is not supported */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 28) #define ETOOSMALL 525 /* Buffer or request is too small */
^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 29) #define ESERVERFAULT 526 /* An untranslatable error occurred */
So I'm mystified why glibc's strerror() doesn't handle it.
Though I think Alexander is correct on why the kernel returns ENOTSUPP.
I've updated the bugzilla entry.
[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]
[-- Attachment #2: Type: text/plain, Size: 170 bytes --]
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-30 6:40 ` Valdis Klētnieks
@ 2019-11-30 8:13 ` Bjørn Mork
2019-11-30 9:11 ` Valdis Klētnieks
0 siblings, 1 reply; 15+ messages in thread
From: Bjørn Mork @ 2019-11-30 8:13 UTC (permalink / raw)
To: Valdis Klētnieks; +Cc: noloader, kernelnewbies
"Valdis Klētnieks" <valdis.kletnieks@vt.edu> writes:
> On Fri, 29 Nov 2019 23:37:35 -0500, Jeffrey Walton said:
>
> repl: bad addresses:
> Valentin VidiD\a <vvidic@valentin-vidic.from.hr> -- no mailbox in address, only a phrase (Valentin VidiD\a)
>> On Fri, Nov 29, 2019 at 3:04 PM Jeffrey Walton <noloader@gmail.com> wrote:
>> > ...
>> > So now I am at:
>> >
>> > $ gcc -Wall -g2 -O1 ktls.c -o ktls
>> > $ ./ktls
>> > setsockopt failed, 524, Unknown error 524
>>
>> Now open in the Fedora bug tracker:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1778348
>
> Looks like the 'unknown error' issue is a glibc strerror() problem. On the
> kernel side, git blame says:
>
> [/usr/src/linux-next] git blame include/linux/errno.h | grep -C 5 524
> ^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 22)
> ^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 23) /* Defined for the NFSv3 protocol */
> ^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 24) #define EBADHANDLE 521 /* Illegal NFS file handle */
> ^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 25) #define ENOTSYNC 522 /* Update synchronization mismatch */
> ^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 26) #define EBADCOOKIE 523 /* Cookie is stale */
> ^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 27) #define ENOTSUPP 524 /* Operation is not supported */
> ^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 28) #define ETOOSMALL 525 /* Buffer or request is too small */
> ^1da177e4c3f4 (Linus Torvalds 2005-04-16 15:20:36 -0700 29) #define ESERVERFAULT 526 /* An untranslatable error occurred */
>
> So I'm mystified why glibc's strerror() doesn't handle it.
> Though I think Alexander is correct on why the kernel returns ENOTSUPP.
include/linux/errno.h is kernel internal only. The UAPI header is
uapi/linux/errno.h, which is an alias for uapi/asm/errno.h. There is no
524 in include/uapi/asm-generic/errno.h or
include/uapi/asm-generic/errno-base.h
The codes in include/linux/errno.h should be translated for userspace.
This does look like a bug in the kernel tls code.
Bjørn
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-30 8:13 ` Bjørn Mork
@ 2019-11-30 9:11 ` Valdis Klētnieks
2019-11-30 10:10 ` Bjørn Mork
0 siblings, 1 reply; 15+ messages in thread
From: Valdis Klētnieks @ 2019-11-30 9:11 UTC (permalink / raw)
To: Bj�rn Mork; +Cc: noloader, kernelnewbies
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1: Type: text/plain; charset=utf-8, Size: 561 bytes --]
On Sat, 30 Nov 2019 09:13:35 +0100, Bjørn Mork said:
> include/linux/errno.h is kernel internal only. The UAPI header is
> uapi/linux/errno.h, which is an alias for uapi/asm/errno.h. There is no
> 524 in include/uapi/asm-generic/errno.h or
> include/uapi/asm-generic/errno-base.h
>
> The codes in include/linux/errno.h should be translated for userspace.
> This does look like a bug in the kernel tls code.
Hmm... git grep ENOTSUPP has 1,516 hits. I haven't checked if it
gets translated in one place, or if it gets done in a kazillion places.
[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]
[-- Attachment #2: Type: text/plain, Size: 170 bytes --]
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-30 9:11 ` Valdis Klētnieks
@ 2019-11-30 10:10 ` Bjørn Mork
2019-11-30 10:34 ` Valdis Klētnieks
0 siblings, 1 reply; 15+ messages in thread
From: Bjørn Mork @ 2019-11-30 10:10 UTC (permalink / raw)
To: Valdis Klētnieks; +Cc: noloader, kernelnewbies
"Valdis Klētnieks" <valdis.kletnieks@vt.edu> writes:
> On Sat, 30 Nov 2019 09:13:35 +0100, Bjrn Mork said:
>
>> include/linux/errno.h is kernel internal only. The UAPI header is
>> uapi/linux/errno.h, which is an alias for uapi/asm/errno.h. There is no
>> 524 in include/uapi/asm-generic/errno.h or
>> include/uapi/asm-generic/errno-base.h
>>
>> The codes in include/linux/errno.h should be translated for userspace.
>> This does look like a bug in the kernel tls code.
>
> Hmm... git grep ENOTSUPP has 1,516 hits. I haven't checked if it
> gets translated in one place, or if it gets done in a kazillion places.
Definitely more than one, but probably less than a kazillion.
I believe the userspace wrappers usually translates errors from the
lower levels to something conforming to the documented userspace API.
My version of setsockopt(2) says
RETURN VALUE
On success, zero is returned for the standard options. On
error, -1 is returned, and errno is set appropriately.
Netfilter allows the programmer to define custom socket op‐
tions with associated handlers; for such options, the re‐
turn value on success is the value returned by the handler.
ERRORS
EBADF The argument sockfd is not a valid file descrip‐
tor.
EFAULT The address pointed to by optval is not in a
valid part of the process address space. For
getsockopt(), this error may also be returned if
optlen is not in a valid part of the process ad‐
dress space.
EINVAL optlen invalid in setsockopt(). In some cases
this error can also occur for an invalid value in
optval (e.g., for the IP_ADD_MEMBERSHIP option
described in ip(7)).
ENOPROTOOPT
The option is unknown at the level indicated.
ENOTSOCK The file descriptor sockfd does not refer to a
socket.
If you look at e.g. udp_lib_setsockopt() you'll see that it conforms
strictly to this. I don't know why do_tcp_setsockopt() doesn't.
Bjørn
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Kernel TLS
2019-11-30 10:10 ` Bjørn Mork
@ 2019-11-30 10:34 ` Valdis Klētnieks
2019-11-30 12:54 ` [PATCH] net/tls: Fix return values for setsockopt Valentin Vidic
0 siblings, 1 reply; 15+ messages in thread
From: Valdis Klētnieks @ 2019-11-30 10:34 UTC (permalink / raw)
To: Bj�rn Mork; +Cc: noloader, kernelnewbies
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1: Type: text/plain; charset=utf-8, Size: 751 bytes --]
On Sat, 30 Nov 2019 11:10:50 +0100, Bjørn Mork said:
> My version of setsockopt(2) says
(...)
> ERRORS
> EBADF The argument sockfd is not a valid file descripâ
> tor.
>
Note that there is no general *guarantee* that a syscall cannot
return any values other than the ones in the manpage.
> If you look at e.g. udp_lib_setsockopt() you'll see that it conforms
> strictly to this. I don't know why do_tcp_setsockopt() doesn't.
Probably because those are the only errors that the UDP version
can hit, but the TCP case can hit cases like "socket must be in
a connected state" and possibly other error codes. Now, I admit
wondering why it uses ENOTSUPP rather than ENOTCONN for this
particular case.
[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]
[-- Attachment #2: Type: text/plain, Size: 170 bytes --]
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH] net/tls: Fix return values for setsockopt
2019-11-30 10:34 ` Valdis Klētnieks
@ 2019-11-30 12:54 ` Valentin Vidic
2019-11-30 13:15 ` Jeffrey Walton
0 siblings, 1 reply; 15+ messages in thread
From: Valentin Vidic @ 2019-11-30 12:54 UTC (permalink / raw)
To: Valdis Klētnieks; +Cc: Valentin Vidic, kernelnewbies
ENOTSUPP is not available in userspace:
setsockopt failed, 524, Unknown error 524
Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
---
net/tls/tls_main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index bdca31ffe6da..5830b8e02a36 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -496,7 +496,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
/* check version */
if (crypto_info->version != TLS_1_2_VERSION &&
crypto_info->version != TLS_1_3_VERSION) {
- rc = -ENOTSUPP;
+ rc = -EINVAL;
goto err_crypto_info;
}
@@ -723,7 +723,7 @@ static int tls_init(struct sock *sk)
* share the ulp context.
*/
if (sk->sk_state != TCP_ESTABLISHED)
- return -ENOTSUPP;
+ return -ENOTCONN;
/* allocate tls context */
write_lock_bh(&sk->sk_callback_lock);
--
2.20.1
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [PATCH] net/tls: Fix return values for setsockopt
2019-11-30 12:54 ` [PATCH] net/tls: Fix return values for setsockopt Valentin Vidic
@ 2019-11-30 13:15 ` Jeffrey Walton
2019-11-30 13:31 ` Valentin Vidić
0 siblings, 1 reply; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-30 13:15 UTC (permalink / raw)
To: Valentin Vidic; +Cc: Valdis Klētnieks, kernelnewbies
On Sat, Nov 30, 2019 at 7:55 AM Valentin Vidic
<vvidic@valentin-vidic.from.hr> wrote:
>
> ENOTSUPP is not available in userspace:
>
> setsockopt failed, 524, Unknown error 524
>
> Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
> ---
> net/tls/tls_main.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index bdca31ffe6da..5830b8e02a36 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -496,7 +496,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
> /* check version */
> if (crypto_info->version != TLS_1_2_VERSION &&
> crypto_info->version != TLS_1_3_VERSION) {
> - rc = -ENOTSUPP;
> + rc = -EINVAL;
> goto err_crypto_info;
> }
A quick comment... ENOTSUP is available in <errno.h> [0] if you want
to stay in the "not supported" path.
When searching for "Unknown error 524", I read another kernel module
switched to EOPNOTSUPP [1] According to [2], EOPNOTSUPP is not as bad
because there is a userland message.
Personally, I am mostly indifferent.
[0] http://man7.org/linux/man-pages/man3/errno.3.html
[1] https://lkml.org/lkml/2019/5/16/883
[2] https://patchwork.ozlabs.org/patch/309627/
Jeff
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] net/tls: Fix return values for setsockopt
2019-11-30 13:15 ` Jeffrey Walton
@ 2019-11-30 13:31 ` Valentin Vidić
0 siblings, 0 replies; 15+ messages in thread
From: Valentin Vidić @ 2019-11-30 13:31 UTC (permalink / raw)
To: Jeffrey Walton; +Cc: Valdis Klētnieks, kernelnewbies
On Sat, Nov 30, 2019 at 08:15:56AM -0500, Jeffrey Walton wrote:
> On Sat, Nov 30, 2019 at 7:55 AM Valentin Vidic
> <vvidic@valentin-vidic.from.hr> wrote:
> >
> > ENOTSUPP is not available in userspace:
> >
> > setsockopt failed, 524, Unknown error 524
> >
> > Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
> > ---
> > net/tls/tls_main.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> > index bdca31ffe6da..5830b8e02a36 100644
> > --- a/net/tls/tls_main.c
> > +++ b/net/tls/tls_main.c
> > @@ -496,7 +496,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
> > /* check version */
> > if (crypto_info->version != TLS_1_2_VERSION &&
> > crypto_info->version != TLS_1_3_VERSION) {
> > - rc = -ENOTSUPP;
> > + rc = -EINVAL;
> > goto err_crypto_info;
> > }
>
> A quick comment... ENOTSUP is available in <errno.h> [0] if you want
> to stay in the "not supported" path.
For this case I put EINVAL because other similar checks in
do_tls_setsockopt_conf already use that (for example invalid
value for crypto_info->cipher_type).
--
Valentin
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2019-11-30 13:32 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-29 19:36 Kernel TLS Jeffrey Walton
2019-11-29 19:46 ` Alexander Mihalicyn
2019-11-29 19:48 ` Valentin Vidić
2019-11-29 19:57 ` Jeffrey Walton
2019-11-29 20:04 ` Jeffrey Walton
2019-11-30 4:37 ` Jeffrey Walton
2019-11-30 6:16 ` Alexander Mihalicyn
2019-11-30 6:40 ` Valdis Klētnieks
2019-11-30 8:13 ` Bjørn Mork
2019-11-30 9:11 ` Valdis Klētnieks
2019-11-30 10:10 ` Bjørn Mork
2019-11-30 10:34 ` Valdis Klētnieks
2019-11-30 12:54 ` [PATCH] net/tls: Fix return values for setsockopt Valentin Vidic
2019-11-30 13:15 ` Jeffrey Walton
2019-11-30 13:31 ` Valentin Vidić
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).