1. Patchew
  2. linux
  3. [RFC 0/4] net/tls: add support for the record size limit extension
  4. View patch

[RFC 2/4] net/tls/tls_sw: use the record size limit specified

Wilfred Mallawa posted 4 patches 2 months, 1 week ago
[RFC 2/4] net/tls/tls_sw: use the record size limit specified
Posted by Wilfred Mallawa 2 months, 1 week ago 
From: Wilfred Mallawa <wilfred.mallawa@wdc.com>

Currently, for tls_sw, the kernel uses the default 16K
TLS_MAX_PAYLOAD_SIZE for records. However, if an endpoint has specified
a record size much lower than that, it is currently not respected.

This patch adds support to using the record size limit specified by an
endpoint if it has been set.

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
---
 include/net/tls.h |  1 +
 net/tls/tls_sw.c  | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index 857340338b69..6248beb4a6c1 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -241,6 +241,7 @@ struct tls_context {
 
 	struct scatterlist *partially_sent_record;
 	u16 partially_sent_offset;
+	u32 tls_record_size_limit;
 
 	bool splicing_pages;
 	bool pending_open_record_frags;
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index fc88e34b7f33..4c64f1436832 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1024,6 +1024,7 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
 	ssize_t copied = 0;
 	struct sk_msg *msg_pl, *msg_en;
 	struct tls_rec *rec;
+	u32 tls_record_size_limit;
 	int required_size;
 	int num_async = 0;
 	bool full_record;
@@ -1045,6 +1046,13 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
 		}
 	}
 
+	if (tls_ctx->tls_record_size_limit > 0) {
+		tls_record_size_limit = min(tls_ctx->tls_record_size_limit,
+					    TLS_MAX_PAYLOAD_SIZE);
+	} else {
+		tls_record_size_limit = TLS_MAX_PAYLOAD_SIZE;
+	}
+
 	while (msg_data_left(msg)) {
 		if (sk->sk_err) {
 			ret = -sk->sk_err;
@@ -1066,7 +1074,7 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
 		orig_size = msg_pl->sg.size;
 		full_record = false;
 		try_to_copy = msg_data_left(msg);
-		record_room = TLS_MAX_PAYLOAD_SIZE - msg_pl->sg.size;
+		record_room = tls_record_size_limit - msg_pl->sg.size;
 		if (try_to_copy >= record_room) {
 			try_to_copy = record_room;
 			full_record = true;
-- 
2.50.1
Re: [RFC 2/4] net/tls/tls_sw: use the record size limit specified
Posted by Damien Le Moal 2 months, 1 week ago 
On 7/29/25 11:41, Wilfred Mallawa wrote:
> From: Wilfred Mallawa <wilfred.mallawa@wdc.com>
> 
> Currently, for tls_sw, the kernel uses the default 16K
> TLS_MAX_PAYLOAD_SIZE for records. However, if an endpoint has specified
> a record size much lower than that, it is currently not respected.

Remove "much". Lower is lower and we have to respect it, even if it is 1B.

> This patch adds support to using the record size limit specified by an
> endpoint if it has been set.

s/to using/for using

> 
> Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>

> @@ -1045,6 +1046,13 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
>  		}
>  	}
>  
> +	if (tls_ctx->tls_record_size_limit > 0) {
> +		tls_record_size_limit = min(tls_ctx->tls_record_size_limit,
> +					    TLS_MAX_PAYLOAD_SIZE);
> +	} else {
> +		tls_record_size_limit = TLS_MAX_PAYLOAD_SIZE;
> +	}

You can simplify this with:

	tls_record_size_limit =
		min_not_zero(tls_ctx->tls_record_size_limit,
			     TLS_MAX_PAYLOAD_SIZE);

> +
>  	while (msg_data_left(msg)) {
>  		if (sk->sk_err) {
>  			ret = -sk->sk_err;
> @@ -1066,7 +1074,7 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
>  		orig_size = msg_pl->sg.size;
>  		full_record = false;
>  		try_to_copy = msg_data_left(msg);
> -		record_room = TLS_MAX_PAYLOAD_SIZE - msg_pl->sg.size;
> +		record_room = tls_record_size_limit - msg_pl->sg.size;
>  		if (try_to_copy >= record_room) {
>  			try_to_copy = record_room;
>  			full_record = true;


-- 
Damien Le Moal
Western Digital Research
Re: [RFC 2/4] net/tls/tls_sw: use the record size limit specified
Posted by Wilfred Mallawa 1 month, 4 weeks ago 
On Tue, 2025-07-29 at 17:13 +0900, Damien Le Moal wrote:
> On 7/29/25 11:41, Wilfred Mallawa wrote:
> > From: Wilfred Mallawa <wilfred.mallawa@wdc.com>
> > 
> > Currently, for tls_sw, the kernel uses the default 16K
> > TLS_MAX_PAYLOAD_SIZE for records. However, if an endpoint has
> > specified
> > a record size much lower than that, it is currently not respected.
> 
> Remove "much". Lower is lower and we have to respect it, even if it
> is 1B.
> 
> > This patch adds support to using the record size limit specified by
> > an
> > endpoint if it has been set.
> 
> s/to using/for using
> 
> > 
> > Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
> 
> > @@ -1045,6 +1046,13 @@ static int tls_sw_sendmsg_locked(struct sock
> > *sk, struct msghdr *msg,
> >  		}
> >  	}
> >  
> > +	if (tls_ctx->tls_record_size_limit > 0) {
> > +		tls_record_size_limit = min(tls_ctx-
> > >tls_record_size_limit,
> > +					    TLS_MAX_PAYLOAD_SIZE);
> > +	} else {
> > +		tls_record_size_limit = TLS_MAX_PAYLOAD_SIZE;
> > +	}
> 
> You can simplify this with:
> 
> 	tls_record_size_limit =
> 		min_not_zero(tls_ctx->tls_record_size_limit,
> 			     TLS_MAX_PAYLOAD_SIZE);
> 
Hey Damien,

Thanks for the feedback! Will amend for V2.

Regards,
Wilfred
> 
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.