Re: [RFC 1/4] net/handshake: get negotiated tls record size limit

From: Hannes Reinecke
Date: Tue Jul 29 2025 - 04:13:04 EST

Next message: Damien Le Moal: "Re: [RFC 2/4] net/tls/tls_sw: use the record size limit specified"
Previous message: Will Deacon: "Re: [PATCH v4 1/4] arm64: Handle KCOV __init vs inline mismatches"
In reply to: Damien Le Moal: "Re: [RFC 1/4] net/handshake: get negotiated tls record size limit"
Next in thread: Wilfred Mallawa: "[RFC 3/4] nvme/host/tcp: set max record size in the tls context"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/29/25 04:41, Wilfred Mallawa wrote:

From: Wilfred Mallawa <wilfred.mallawa@xxxxxxx>

During a handshake, an endpoint may specify a maximum record size limit.
Currently, this limit is not visble to the kernel particularly in the case
where userspace handles the handshake (tlshd/gnutls). This patch adds
support for retrieving the record size limit.

This is the first step in ensuring that the kernel can respect the record
size limit imposed by the endpoint.

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@xxxxxxx>
---
Documentation/netlink/specs/handshake.yaml | 3 +++
Documentation/networking/tls-handshake.rst | 8 +++++++-
drivers/nvme/host/tcp.c | 3 ++-
drivers/nvme/target/tcp.c | 3 ++-
include/net/handshake.h | 4 +++-
include/uapi/linux/handshake.h | 1 +
net/handshake/genl.c | 5 +++--
net/handshake/tlshd.c | 15 +++++++++++++--
net/sunrpc/svcsock.c | 4 +++-
net/sunrpc/xprtsock.c | 4 +++-
10 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/Documentation/netlink/specs/handshake.yaml b/Documentation/netlink/specs/handshake.yaml
index b934cc513e3d..35d5eb91a3f9 100644
--- a/Documentation/netlink/specs/handshake.yaml
+++ b/Documentation/netlink/specs/handshake.yaml
@@ -84,6 +84,9 @@ attribute-sets:
name: remote-auth
type: u32
multi-attr: true
+ -
+ name: record-size-limit
+ type: u32
operations:
list:
diff --git a/Documentation/networking/tls-handshake.rst b/Documentation/networking/tls-handshake.rst
index 6f5ea1646a47..cd984a137779 100644
--- a/Documentation/networking/tls-handshake.rst
+++ b/Documentation/networking/tls-handshake.rst
@@ -169,7 +169,8 @@ The synopsis of this function is:
.. code-block:: c
typedef void (*tls_done_func_t)(void *data, int status,
- key_serial_t peerid);
+ key_serial_t peerid,
+ size_t tls_record_size_limit);
The consumer provides a cookie in the @ta_data field of the
tls_handshake_args structure that is returned in the @data parameter of

Why is this exposed to the TLS handshake consumer?
The TLS record size is surely required for handling and processing TLS
streams in net/tls, but the consumer of that (eg NVMe-TCP, NFS)
are blissfully unaware that there _are_ such things like TLS records.
And they really should keep it that way.

So I'd really _not_ expose that to any ULP and keep it internal to
the TLS layer.

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich

Next message: Damien Le Moal: "Re: [RFC 2/4] net/tls/tls_sw: use the record size limit specified"
Previous message: Will Deacon: "Re: [PATCH v4 1/4] arm64: Handle KCOV __init vs inline mismatches"
In reply to: Damien Le Moal: "Re: [RFC 1/4] net/handshake: get negotiated tls record size limit"
Next in thread: Wilfred Mallawa: "[RFC 3/4] nvme/host/tcp: set max record size in the tls context"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]