tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

selftests: tls: test TCP stealing data from under the TLS socket

Check a race where data disappears from the TCP socket after
TLS signaled that its ready to receive.

ok 6 global.data_steal
# RUN tls_basic.base_base ...
# OK tls_basic.base_base

Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250807232907.600366-2-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski d7e82594 6db015fc

+63
+63
tools/testing/selftests/net/tls.c
··· 2708 2708 close(cfd); 2709 2709 } 2710 2710 2711 + TEST(data_steal) { 2712 + struct tls_crypto_info_keys tls; 2713 + char buf[20000], buf2[20000]; 2714 + struct sockaddr_in addr; 2715 + int sfd, cfd, ret, fd; 2716 + int pid, status; 2717 + socklen_t len; 2718 + 2719 + len = sizeof(addr); 2720 + memrnd(buf, sizeof(buf)); 2721 + 2722 + tls_crypto_info_init(TLS_1_2_VERSION, TLS_CIPHER_AES_GCM_256, &tls, 0); 2723 + 2724 + addr.sin_family = AF_INET; 2725 + addr.sin_addr.s_addr = htonl(INADDR_ANY); 2726 + addr.sin_port = 0; 2727 + 2728 + fd = socket(AF_INET, SOCK_STREAM, 0); 2729 + sfd = socket(AF_INET, SOCK_STREAM, 0); 2730 + 2731 + ASSERT_EQ(bind(sfd, &addr, sizeof(addr)), 0); 2732 + ASSERT_EQ(listen(sfd, 10), 0); 2733 + ASSERT_EQ(getsockname(sfd, &addr, &len), 0); 2734 + ASSERT_EQ(connect(fd, &addr, sizeof(addr)), 0); 2735 + ASSERT_GE(cfd = accept(sfd, &addr, &len), 0); 2736 + close(sfd); 2737 + 2738 + ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")); 2739 + if (ret) { 2740 + ASSERT_EQ(errno, ENOENT); 2741 + SKIP(return, "no TLS support"); 2742 + } 2743 + ASSERT_EQ(setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls")), 0); 2744 + 2745 + /* Spawn a child and get it into the read wait path of the underlying 2746 + * TCP socket. 2747 + */ 2748 + pid = fork(); 2749 + ASSERT_GE(pid, 0); 2750 + if (!pid) { 2751 + EXPECT_EQ(recv(cfd, buf, sizeof(buf), MSG_WAITALL), 2752 + sizeof(buf)); 2753 + exit(!__test_passed(_metadata)); 2754 + } 2755 + 2756 + usleep(2000); 2757 + ASSERT_EQ(setsockopt(fd, SOL_TLS, TLS_TX, &tls, tls.len), 0); 2758 + ASSERT_EQ(setsockopt(cfd, SOL_TLS, TLS_RX, &tls, tls.len), 0); 2759 + 2760 + EXPECT_EQ(send(fd, buf, sizeof(buf), 0), sizeof(buf)); 2761 + usleep(2000); 2762 + EXPECT_EQ(recv(cfd, buf2, sizeof(buf2), MSG_DONTWAIT), -1); 2763 + /* Don't check errno, the error will be different depending 2764 + * on what random bytes TLS interpreted as the record length. 2765 + */ 2766 + 2767 + close(fd); 2768 + close(cfd); 2769 + 2770 + EXPECT_EQ(wait(&status), pid); 2771 + EXPECT_EQ(status, 0); 2772 + } 2773 + 2711 2774 static void __attribute__((constructor)) fips_check(void) { 2712 2775 int res; 2713 2776 FILE *f;