[pbs-devel] [PATCH v2 proxmox 0/3] Fix #5105: Overhaul TLS Handshake Checking Logic
Max Carrara
m.carrara at proxmox.com
Mon Jul 8 18:48:14 CEST 2024
Fix #5105: Overhaul TLS Handshake Checking Logic - v2
=====================================================
Notable Changes Since v1
------------------------
As discussed with Wolfgang off-list, instead of busy-waiting and
continuously yielding back to the event loop, patch 03 now makes use of
some lower-level functionality in tokio, which allows us to "retry"
peeking into the TCP stream's queue and raise an EAGAIN / EWOULDBLOCK if
we haven't received all required bytes to perform the TLS handshake
check.
The reason for this change is that streams behave incorrectly in terms
of edge-triggering [1], and we currently have no guarantee that we won't
run into related bugs when we're peeking into the stream's queue (or
that they won't affect us) in the future.
In short, the event loop isn't supposed to wake the task again if we
didn't receive enough bytes yet. With the change made to patch 03, what
happens is that we're only peeking into the stream's queue if we're told
that we can actually peek again.
All in all, we're not busy-waiting anymore while simultaneously ensuring
that our implementation will remain correct in the future.
Thanks to Wolfgang for all the help in this regard!
Older Versions
--------------
v1: https://lists.proxmox.com/pipermail/pbs-devel/2024-July/010091.html
References
----------
[1]: https://lwn.net/Articles/864947/
Summary of Changes
------------------
Max Carrara (3):
rest-server: connection: clean up accept data flow
rest-server: connection: log peer address on error
fix #5105: rest-server: connection: overhaul TLS handshake check logic
proxmox-rest-server/src/connection.rs | 206 ++++++++++++++------------
1 file changed, 115 insertions(+), 91 deletions(-)
--
2.39.2
More information about the pbs-devel
mailing list