Re: [RFC 2/4] net/tls/tls_sw: use the record size limit specified
From: Damien Le Moal
Date: Tue Jul 29 2025 - 04:13:50 EST
On 7/29/25 11:41, Wilfred Mallawa wrote:
> From: Wilfred Mallawa <wilfred.mallawa@xxxxxxx>
>
> Currently, for tls_sw, the kernel uses the default 16K
> TLS_MAX_PAYLOAD_SIZE for records. However, if an endpoint has specified
> a record size much lower than that, it is currently not respected.
Remove "much". Lower is lower and we have to respect it, even if it is 1B.
> This patch adds support to using the record size limit specified by an
> endpoint if it has been set.
s/to using/for using
>
> Signed-off-by: Wilfred Mallawa <wilfred.mallawa@xxxxxxx>
> @@ -1045,6 +1046,13 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
> }
> }
>
> + if (tls_ctx->tls_record_size_limit > 0) {
> + tls_record_size_limit = min(tls_ctx->tls_record_size_limit,
> + TLS_MAX_PAYLOAD_SIZE);
> + } else {
> + tls_record_size_limit = TLS_MAX_PAYLOAD_SIZE;
> + }
You can simplify this with:
tls_record_size_limit =
min_not_zero(tls_ctx->tls_record_size_limit,
TLS_MAX_PAYLOAD_SIZE);
> +
> while (msg_data_left(msg)) {
> if (sk->sk_err) {
> ret = -sk->sk_err;
> @@ -1066,7 +1074,7 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg,
> orig_size = msg_pl->sg.size;
> full_record = false;
> try_to_copy = msg_data_left(msg);
> - record_room = TLS_MAX_PAYLOAD_SIZE - msg_pl->sg.size;
> + record_room = tls_record_size_limit - msg_pl->sg.size;
> if (try_to_copy >= record_room) {
> try_to_copy = record_room;
> full_record = true;
--
Damien Le Moal
Western Digital Research