kernelnewbies.kernelnewbies.org archive mirror
 help / color / mirror / Atom feed
* Kernel TLS
@ 2019-11-29 19:36 Jeffrey Walton
  2019-11-29 19:46 ` Alexander Mihalicyn
  2019-11-29 19:48 ` Valentin Vidić
  0 siblings, 2 replies; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-29 19:36 UTC (permalink / raw)
  To: kernelnewbies

Hi Everyone,

I'm trying to run through the example at
https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
.

I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:

    $ ./ktls
    setsockopt failed, 2, No such file or directory

I observed:

    $ cat /proc/sys/net/ipv4/tcp_available_ulp
    $

Is there a way to enable ULP at boot? Or is this a kernel config
option? Or maybe I am doing something else wrong?

Below is the sample code.

Jeff

==============================

#include <stdio.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>

#include <sys/socket.h>
#include <sys/types.h>

#include <linux/tls.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>

int main()
{
    int sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock == -1)
    {
        printf("socket failed, %d, %s\n", errno, strerror(errno));
        return 1;
    }

    if (setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")) == -1 )
    {
        printf("setsockopt failed, %d, %s\n", errno, strerror(errno));
        return 1;
    }

    close (sock);
    return 0;
}

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-29 19:36 Kernel TLS Jeffrey Walton
@ 2019-11-29 19:46 ` Alexander Mihalicyn
  2019-11-29 19:48 ` Valentin Vidić
  1 sibling, 0 replies; 15+ messages in thread
From: Alexander Mihalicyn @ 2019-11-29 19:46 UTC (permalink / raw)
  To: noloader; +Cc: kernelnewbies

Hello,

I think you need to load "tls" kernel module first.

Regards, Alex

On Fri, Nov 29, 2019 at 11:37 AM Jeffrey Walton <noloader@gmail.com> wrote:
>
> Hi Everyone,
>
> I'm trying to run through the example at
> https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
> .
>
> I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:
>
>     $ ./ktls
>     setsockopt failed, 2, No such file or directory
>
> I observed:
>
>     $ cat /proc/sys/net/ipv4/tcp_available_ulp
>     $
>
> Is there a way to enable ULP at boot? Or is this a kernel config
> option? Or maybe I am doing something else wrong?
>
> Below is the sample code.
>
> Jeff
>
> ==============================
>
> #include <stdio.h>
> #include <unistd.h>
> #include <errno.h>
> #include <string.h>
>
> #include <sys/socket.h>
> #include <sys/types.h>
>
> #include <linux/tls.h>
> #include <netinet/ip.h>
> #include <netinet/tcp.h>
>
> int main()
> {
>     int sock = socket(AF_INET, SOCK_STREAM, 0);
>     if (sock == -1)
>     {
>         printf("socket failed, %d, %s\n", errno, strerror(errno));
>         return 1;
>     }
>
>     if (setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")) == -1 )
>     {
>         printf("setsockopt failed, %d, %s\n", errno, strerror(errno));
>         return 1;
>     }
>
>     close (sock);
>     return 0;
> }
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-29 19:36 Kernel TLS Jeffrey Walton
  2019-11-29 19:46 ` Alexander Mihalicyn
@ 2019-11-29 19:48 ` Valentin Vidić
  2019-11-29 19:57   ` Jeffrey Walton
  1 sibling, 1 reply; 15+ messages in thread
From: Valentin Vidić @ 2019-11-29 19:48 UTC (permalink / raw)
  To: kernelnewbies

On Fri, Nov 29, 2019 at 02:36:10PM -0500, Jeffrey Walton wrote:
> I'm trying to run through the example at
> https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
> .
> 
> I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:
> 
>     $ ./ktls
>     setsockopt failed, 2, No such file or directory
> 
> I observed:
> 
>     $ cat /proc/sys/net/ipv4/tcp_available_ulp
>     $
> 
> Is there a way to enable ULP at boot? Or is this a kernel config
> option? Or maybe I am doing something else wrong?

strace gives me:

...
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
setsockopt(3, SOL_TCP, TCP_ULP, [7564404], 4) = -1 ENOENT (No such file or directory)
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x2), ...}) = 0
brk(NULL)                               = 0x55d76b14e000
brk(0x55d76b16f000)                     = 0x55d76b16f000
write(1, "setsockopt failed, 2, No such fi"..., 48setsockopt failed, 2, No such file or directory
) = 48
exit_group(1)                           = ?
+++ exited with 1 +++

$ grep TLS /boot/config-4.19.0-6-amd64 
CONFIG_HAVE_COPY_THREAD_TLS=y
# CONFIG_TLS is not set
# CONFIG_VIDEO_IVTV_DEPRECATED_IOCTLS is not set

So you probably need to rebuild the kernel with CONFIG_TLS to get this working.

-- 
Valentin

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-29 19:48 ` Valentin Vidić
@ 2019-11-29 19:57   ` Jeffrey Walton
  2019-11-29 20:04     ` Jeffrey Walton
  0 siblings, 1 reply; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-29 19:57 UTC (permalink / raw)
  To: Valentin Vidić; +Cc: kernelnewbies

On Fri, Nov 29, 2019 at 2:48 PM Valentin Vidić
<vvidic@valentin-vidic.from.hr> wrote:
>
> On Fri, Nov 29, 2019 at 02:36:10PM -0500, Jeffrey Walton wrote:
> > I'm trying to run through the example at
> > https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
> > .
> >
> > I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:
> >
> >     $ ./ktls
> >     setsockopt failed, 2, No such file or directory
> >
> > I observed:
> >
> >     $ cat /proc/sys/net/ipv4/tcp_available_ulp
> >     $
> >
> > Is there a way to enable ULP at boot? Or is this a kernel config
> > option? Or maybe I am doing something else wrong?
>
> strace gives me:
>
> ...
> socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
> setsockopt(3, SOL_TCP, TCP_ULP, [7564404], 4) = -1 ENOENT (No such file or directory)
> fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x2), ...}) = 0
> brk(NULL)                               = 0x55d76b14e000
> brk(0x55d76b16f000)                     = 0x55d76b16f000
> write(1, "setsockopt failed, 2, No such fi"..., 48setsockopt failed, 2, No such file or directory
> ) = 48
> exit_group(1)                           = ?
> +++ exited with 1 +++
>
> $ grep TLS /boot/config-4.19.0-6-amd64
> CONFIG_HAVE_COPY_THREAD_TLS=y
> # CONFIG_TLS is not set
> # CONFIG_VIDEO_IVTV_DEPRECATED_IOCTLS is not set
>
> So you probably need to rebuild the kernel with CONFIG_TLS to get this working.

Thanks Valentin.

Here's what I am seeing:

    $ grep TLS /boot/config-5.3.12-300.fc31.x86_64
    CONFIG_HAVE_COPY_THREAD_TLS=y
    CONFIG_TLS=m
    ...

I believe the 'm' means a loadable module. But:

    $ insmod tls
    insmod: ERROR: could not load module tls: No such file or directory

Jeff

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-29 19:57   ` Jeffrey Walton
@ 2019-11-29 20:04     ` Jeffrey Walton
  2019-11-30  4:37       ` Jeffrey Walton
  0 siblings, 1 reply; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-29 20:04 UTC (permalink / raw)
  To: Valentin Vidić; +Cc: kernelnewbies

On Fri, Nov 29, 2019 at 2:57 PM Jeffrey Walton <noloader@gmail.com> wrote:
>
> On Fri, Nov 29, 2019 at 2:48 PM Valentin Vidić
> <vvidic@valentin-vidic.from.hr> wrote:
> >
> > On Fri, Nov 29, 2019 at 02:36:10PM -0500, Jeffrey Walton wrote:
> > > I'm trying to run through the example at
> > > https://www.kernel.org/doc/html/latest/networking/tls.html#kernel-tls
> > > .
> > >
> > > I'm working on Fedora 31 x86_64 (fully patched). Running my program results in:
> > >
> > >     $ ./ktls
> > >     setsockopt failed, 2, No such file or directory
> > >
> > > I observed:
> > >
> > >     $ cat /proc/sys/net/ipv4/tcp_available_ulp
> > >     $
> > >
> > > Is there a way to enable ULP at boot? Or is this a kernel config
> > > option? Or maybe I am doing something else wrong?
> >
> > strace gives me:
> >
> > ...
> > socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 3
> > setsockopt(3, SOL_TCP, TCP_ULP, [7564404], 4) = -1 ENOENT (No such file or directory)
> > fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x2), ...}) = 0
> > brk(NULL)                               = 0x55d76b14e000
> > brk(0x55d76b16f000)                     = 0x55d76b16f000
> > write(1, "setsockopt failed, 2, No such fi"..., 48setsockopt failed, 2, No such file or directory
> > ) = 48
> > exit_group(1)                           = ?
> > +++ exited with 1 +++
> >
> > $ grep TLS /boot/config-4.19.0-6-amd64
> > CONFIG_HAVE_COPY_THREAD_TLS=y
> > # CONFIG_TLS is not set
> > # CONFIG_VIDEO_IVTV_DEPRECATED_IOCTLS is not set
> >
> > So you probably need to rebuild the kernel with CONFIG_TLS to get this working.
>
> Thanks Valentin.
>
> Here's what I am seeing:
>
>     $ grep TLS /boot/config-5.3.12-300.fc31.x86_64
>     CONFIG_HAVE_COPY_THREAD_TLS=y
>     CONFIG_TLS=m
>     ...
>
> I believe the 'm' means a loadable module. But:
>
>     $ insmod tls
>     insmod: ERROR: could not load module tls: No such file or directory

My bad, I needed modprobe, not insmod.

So now I am at:

    $ gcc -Wall -g2 -O1 ktls.c -o ktls
    $ ./ktls
    setsockopt failed, 524, Unknown error 524

Jeff

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-29 20:04     ` Jeffrey Walton
@ 2019-11-30  4:37       ` Jeffrey Walton
  2019-11-30  6:16         ` Alexander Mihalicyn
  2019-11-30  6:40         ` Valdis Klētnieks
  0 siblings, 2 replies; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-30  4:37 UTC (permalink / raw)
  To: Valentin Vidić; +Cc: kernelnewbies

On Fri, Nov 29, 2019 at 3:04 PM Jeffrey Walton <noloader@gmail.com> wrote:
> ...
> So now I am at:
>
>     $ gcc -Wall -g2 -O1 ktls.c -o ktls
>     $ ./ktls
>     setsockopt failed, 524, Unknown error 524

Now open in the Fedora bug tracker:
https://bugzilla.redhat.com/show_bug.cgi?id=1778348

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-30  4:37       ` Jeffrey Walton
@ 2019-11-30  6:16         ` Alexander Mihalicyn
  2019-11-30  6:40         ` Valdis Klētnieks
  1 sibling, 0 replies; 15+ messages in thread
From: Alexander Mihalicyn @ 2019-11-30  6:16 UTC (permalink / raw)
  To: noloader; +Cc: Valentin Vidić, kernelnewbies

Hello,

I think reason is here:
https://github.com/torvalds/linux/blob/386403a115f95997c2715691226e11a7b5cffcfd/net/tls/tls_main.c#L725

You need to setsockopt() ULP ktls on CONNECTION socket.

Regards, Alex

On Sat, Nov 30, 2019 at 7:39 AM Jeffrey Walton <noloader@gmail.com> wrote:
>
> On Fri, Nov 29, 2019 at 3:04 PM Jeffrey Walton <noloader@gmail.com> wrote:
> > ...
> > So now I am at:
> >
> >     $ gcc -Wall -g2 -O1 ktls.c -o ktls
> >     $ ./ktls
> >     setsockopt failed, 524, Unknown error 524
>
> Now open in the Fedora bug tracker:
> https://bugzilla.redhat.com/show_bug.cgi?id=1778348
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-30  4:37       ` Jeffrey Walton
  2019-11-30  6:16         ` Alexander Mihalicyn
@ 2019-11-30  6:40         ` Valdis Klētnieks
  2019-11-30  8:13           ` Bjørn Mork
  1 sibling, 1 reply; 15+ messages in thread
From: Valdis Klētnieks @ 2019-11-30  6:40 UTC (permalink / raw)
  To: noloader; +Cc: kernelnewbies


[-- Attachment #1.1: Type: text/plain, Size: 1727 bytes --]

On Fri, 29 Nov 2019 23:37:35 -0500, Jeffrey Walton said:

repl: bad addresses:
	Valentin VidiD\a <vvidic@valentin-vidic.from.hr> -- no mailbox in address, only a phrase (Valentin VidiD\a)
> On Fri, Nov 29, 2019 at 3:04 PM Jeffrey Walton <noloader@gmail.com> wrote:
> > ...
> > So now I am at:
> >
> >     $ gcc -Wall -g2 -O1 ktls.c -o ktls
> >     $ ./ktls
> >     setsockopt failed, 524, Unknown error 524
>
> Now open in the Fedora bug tracker:
> https://bugzilla.redhat.com/show_bug.cgi?id=1778348

Looks like the 'unknown error' issue is a glibc strerror() problem. On the
kernel side, git blame says:

 [/usr/src/linux-next] git blame include/linux/errno.h | grep -C 5 524
^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 22)
^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 23) /* Defined for the NFSv3 protocol */
^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 24) #define EBADHANDLE	521	/* Illegal NFS file handle */
^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 25) #define ENOTSYNC	522	/* Update synchronization mismatch */
^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 26) #define EBADCOOKIE	523	/* Cookie is stale */
^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 27) #define ENOTSUPP	524	/* Operation is not supported */
^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 28) #define ETOOSMALL	525	/* Buffer or request is too small */
^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 29) #define ESERVERFAULT	526	/* An untranslatable error occurred */

So I'm mystified why glibc's strerror() doesn't handle it.
Though I think Alexander is correct on why the kernel returns ENOTSUPP.

I've updated the bugzilla entry.



[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-30  6:40         ` Valdis Klētnieks
@ 2019-11-30  8:13           ` Bjørn Mork
  2019-11-30  9:11             ` Valdis Klētnieks
  0 siblings, 1 reply; 15+ messages in thread
From: Bjørn Mork @ 2019-11-30  8:13 UTC (permalink / raw)
  To: Valdis Klētnieks; +Cc: noloader, kernelnewbies

"Valdis Klētnieks" <valdis.kletnieks@vt.edu> writes:

> On Fri, 29 Nov 2019 23:37:35 -0500, Jeffrey Walton said:
>
> repl: bad addresses:
> 	Valentin VidiD\a <vvidic@valentin-vidic.from.hr> -- no mailbox in address, only a phrase (Valentin VidiD\a)
>> On Fri, Nov 29, 2019 at 3:04 PM Jeffrey Walton <noloader@gmail.com> wrote:
>> > ...
>> > So now I am at:
>> >
>> >     $ gcc -Wall -g2 -O1 ktls.c -o ktls
>> >     $ ./ktls
>> >     setsockopt failed, 524, Unknown error 524
>>
>> Now open in the Fedora bug tracker:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1778348
>
> Looks like the 'unknown error' issue is a glibc strerror() problem. On the
> kernel side, git blame says:
>
>  [/usr/src/linux-next] git blame include/linux/errno.h | grep -C 5 524
> ^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 22)
> ^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 23) /* Defined for the NFSv3 protocol */
> ^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 24) #define EBADHANDLE	521	/* Illegal NFS file handle */
> ^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 25) #define ENOTSYNC	522	/* Update synchronization mismatch */
> ^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 26) #define EBADCOOKIE	523	/* Cookie is stale */
> ^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 27) #define ENOTSUPP	524	/* Operation is not supported */
> ^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 28) #define ETOOSMALL	525	/* Buffer or request is too small */
> ^1da177e4c3f4 (Linus Torvalds     2005-04-16 15:20:36 -0700 29) #define ESERVERFAULT	526	/* An untranslatable error occurred */
>
> So I'm mystified why glibc's strerror() doesn't handle it.
> Though I think Alexander is correct on why the kernel returns ENOTSUPP.

include/linux/errno.h is kernel internal only.  The UAPI header is
uapi/linux/errno.h, which is an alias for uapi/asm/errno.h.  There is no
524 in include/uapi/asm-generic/errno.h or
include/uapi/asm-generic/errno-base.h

The codes in include/linux/errno.h should be translated for userspace.
This does look like a bug in the kernel tls code.


Bjørn

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-30  8:13           ` Bjørn Mork
@ 2019-11-30  9:11             ` Valdis Klētnieks
  2019-11-30 10:10               ` Bjørn Mork
  0 siblings, 1 reply; 15+ messages in thread
From: Valdis Klētnieks @ 2019-11-30  9:11 UTC (permalink / raw)
  To: Bj�rn Mork; +Cc: noloader, kernelnewbies


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1: Type: text/plain; charset=utf-8, Size: 561 bytes --]

On Sat, 30 Nov 2019 09:13:35 +0100, Bjørn Mork said:

> include/linux/errno.h is kernel internal only.  The UAPI header is
> uapi/linux/errno.h, which is an alias for uapi/asm/errno.h.  There is no
> 524 in include/uapi/asm-generic/errno.h or
> include/uapi/asm-generic/errno-base.h
>
> The codes in include/linux/errno.h should be translated for userspace.
> This does look like a bug in the kernel tls code.

Hmm... git grep ENOTSUPP has 1,516 hits.  I haven't checked if it
gets translated in one place, or if it gets done in a kazillion places.

[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-30  9:11             ` Valdis Klētnieks
@ 2019-11-30 10:10               ` Bjørn Mork
  2019-11-30 10:34                 ` Valdis Klētnieks
  0 siblings, 1 reply; 15+ messages in thread
From: Bjørn Mork @ 2019-11-30 10:10 UTC (permalink / raw)
  To: Valdis Klētnieks; +Cc: noloader, kernelnewbies

"Valdis Klētnieks" <valdis.kletnieks@vt.edu> writes:

> On Sat, 30 Nov 2019 09:13:35 +0100, Bjrn Mork said:
>
>> include/linux/errno.h is kernel internal only.  The UAPI header is
>> uapi/linux/errno.h, which is an alias for uapi/asm/errno.h.  There is no
>> 524 in include/uapi/asm-generic/errno.h or
>> include/uapi/asm-generic/errno-base.h
>>
>> The codes in include/linux/errno.h should be translated for userspace.
>> This does look like a bug in the kernel tls code.
>
> Hmm... git grep ENOTSUPP has 1,516 hits.  I haven't checked if it
> gets translated in one place, or if it gets done in a kazillion places.

Definitely more than one, but probably less than a kazillion.

I believe the userspace wrappers usually translates errors from the
lower levels to something conforming to the documented userspace API.

My version of setsockopt(2) says

RETURN VALUE
       On success, zero is returned for the standard options.   On
       error, -1 is returned, and errno is set appropriately.

       Netfilter allows the programmer to define custom socket op‐
       tions with associated handlers; for such options,  the  re‐
       turn value on success is the value returned by the handler.

ERRORS
       EBADF     The  argument sockfd is not a valid file descrip‐
                 tor.

       EFAULT    The address pointed to by  optval  is  not  in  a
                 valid  part  of  the  process address space.  For
                 getsockopt(), this error may also be returned  if
                 optlen  is not in a valid part of the process ad‐
                 dress space.

       EINVAL    optlen invalid in setsockopt().   In  some  cases
                 this error can also occur for an invalid value in
                 optval (e.g., for  the  IP_ADD_MEMBERSHIP  option
                 described in ip(7)).

       ENOPROTOOPT
                 The option is unknown at the level indicated.

       ENOTSOCK  The  file  descriptor  sockfd does not refer to a
                 socket.


If you look at e.g. udp_lib_setsockopt() you'll see that it conforms
strictly to this.  I don't know why do_tcp_setsockopt() doesn't.



Bjørn

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: Kernel TLS
  2019-11-30 10:10               ` Bjørn Mork
@ 2019-11-30 10:34                 ` Valdis Klētnieks
  2019-11-30 12:54                   ` [PATCH] net/tls: Fix return values for setsockopt Valentin Vidic
  0 siblings, 1 reply; 15+ messages in thread
From: Valdis Klētnieks @ 2019-11-30 10:34 UTC (permalink / raw)
  To: Bj�rn Mork; +Cc: noloader, kernelnewbies


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1: Type: text/plain; charset=utf-8, Size: 751 bytes --]

On Sat, 30 Nov 2019 11:10:50 +0100, Bjørn Mork said:

> My version of setsockopt(2) says
(...)
> ERRORS
>        EBADF     The  argument sockfd is not a valid file descrip‐
>                  tor.
>

Note that there is no general *guarantee* that a syscall cannot
return any values other than the ones in the manpage.

> If you look at e.g. udp_lib_setsockopt() you'll see that it conforms
> strictly to this.  I don't know why do_tcp_setsockopt() doesn't.

Probably because those are the only errors that the UDP version
can hit, but the TCP case can hit cases like "socket must be in
a connected state" and possibly other error codes.  Now, I admit
wondering why it uses ENOTSUPP rather than ENOTCONN for this
particular case.

[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH] net/tls: Fix return values for setsockopt
  2019-11-30 10:34                 ` Valdis Klētnieks
@ 2019-11-30 12:54                   ` Valentin Vidic
  2019-11-30 13:15                     ` Jeffrey Walton
  0 siblings, 1 reply; 15+ messages in thread
From: Valentin Vidic @ 2019-11-30 12:54 UTC (permalink / raw)
  To: Valdis Klētnieks; +Cc: Valentin Vidic, kernelnewbies

ENOTSUPP is not available in userspace:

  setsockopt failed, 524, Unknown error 524

Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
---
 net/tls/tls_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index bdca31ffe6da..5830b8e02a36 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -496,7 +496,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
 	/* check version */
 	if (crypto_info->version != TLS_1_2_VERSION &&
 	    crypto_info->version != TLS_1_3_VERSION) {
-		rc = -ENOTSUPP;
+		rc = -EINVAL;
 		goto err_crypto_info;
 	}
 
@@ -723,7 +723,7 @@ static int tls_init(struct sock *sk)
 	 * share the ulp context.
 	 */
 	if (sk->sk_state != TCP_ESTABLISHED)
-		return -ENOTSUPP;
+		return -ENOTCONN;
 
 	/* allocate tls context */
 	write_lock_bh(&sk->sk_callback_lock);
-- 
2.20.1


_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply related	[flat|nested] 15+ messages in thread

* Re: [PATCH] net/tls: Fix return values for setsockopt
  2019-11-30 12:54                   ` [PATCH] net/tls: Fix return values for setsockopt Valentin Vidic
@ 2019-11-30 13:15                     ` Jeffrey Walton
  2019-11-30 13:31                       ` Valentin Vidić
  0 siblings, 1 reply; 15+ messages in thread
From: Jeffrey Walton @ 2019-11-30 13:15 UTC (permalink / raw)
  To: Valentin Vidic; +Cc: Valdis Klētnieks, kernelnewbies

On Sat, Nov 30, 2019 at 7:55 AM Valentin Vidic
<vvidic@valentin-vidic.from.hr> wrote:
>
> ENOTSUPP is not available in userspace:
>
>   setsockopt failed, 524, Unknown error 524
>
> Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
> ---
>  net/tls/tls_main.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index bdca31ffe6da..5830b8e02a36 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -496,7 +496,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
>         /* check version */
>         if (crypto_info->version != TLS_1_2_VERSION &&
>             crypto_info->version != TLS_1_3_VERSION) {
> -               rc = -ENOTSUPP;
> +               rc = -EINVAL;
>                 goto err_crypto_info;
>         }

A quick comment... ENOTSUP is available in <errno.h> [0] if you want
to stay in the "not supported" path.

When searching for "Unknown error 524", I read another kernel module
switched to EOPNOTSUPP [1] According to [2], EOPNOTSUPP is not as bad
because there is a userland message.

Personally, I am mostly indifferent.

[0] http://man7.org/linux/man-pages/man3/errno.3.html
[1] https://lkml.org/lkml/2019/5/16/883
[2] https://patchwork.ozlabs.org/patch/309627/

Jeff

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH] net/tls: Fix return values for setsockopt
  2019-11-30 13:15                     ` Jeffrey Walton
@ 2019-11-30 13:31                       ` Valentin Vidić
  0 siblings, 0 replies; 15+ messages in thread
From: Valentin Vidić @ 2019-11-30 13:31 UTC (permalink / raw)
  To: Jeffrey Walton; +Cc: Valdis Klētnieks, kernelnewbies

On Sat, Nov 30, 2019 at 08:15:56AM -0500, Jeffrey Walton wrote:
> On Sat, Nov 30, 2019 at 7:55 AM Valentin Vidic
> <vvidic@valentin-vidic.from.hr> wrote:
> >
> > ENOTSUPP is not available in userspace:
> >
> >   setsockopt failed, 524, Unknown error 524
> >
> > Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
> > ---
> >  net/tls/tls_main.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> > index bdca31ffe6da..5830b8e02a36 100644
> > --- a/net/tls/tls_main.c
> > +++ b/net/tls/tls_main.c
> > @@ -496,7 +496,7 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
> >         /* check version */
> >         if (crypto_info->version != TLS_1_2_VERSION &&
> >             crypto_info->version != TLS_1_3_VERSION) {
> > -               rc = -ENOTSUPP;
> > +               rc = -EINVAL;
> >                 goto err_crypto_info;
> >         }
> 
> A quick comment... ENOTSUP is available in <errno.h> [0] if you want
> to stay in the "not supported" path.

For this case I put EINVAL because other similar checks in
do_tls_setsockopt_conf already use that (for example invalid
value for crypto_info->cipher_type).

-- 
Valentin

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2019-11-30 13:32 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-29 19:36 Kernel TLS Jeffrey Walton
2019-11-29 19:46 ` Alexander Mihalicyn
2019-11-29 19:48 ` Valentin Vidić
2019-11-29 19:57   ` Jeffrey Walton
2019-11-29 20:04     ` Jeffrey Walton
2019-11-30  4:37       ` Jeffrey Walton
2019-11-30  6:16         ` Alexander Mihalicyn
2019-11-30  6:40         ` Valdis Klētnieks
2019-11-30  8:13           ` Bjørn Mork
2019-11-30  9:11             ` Valdis Klētnieks
2019-11-30 10:10               ` Bjørn Mork
2019-11-30 10:34                 ` Valdis Klētnieks
2019-11-30 12:54                   ` [PATCH] net/tls: Fix return values for setsockopt Valentin Vidic
2019-11-30 13:15                     ` Jeffrey Walton
2019-11-30 13:31                       ` Valentin Vidić

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).