kernel-tls-handshake.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Hannes Reinecke <hare@suse.de>
To: Sagi Grimberg <sagi@grimberg.me>, Christoph Hellwig <hch@lst.de>,
	Boris Pismenny <borisp@nvidia.com>,
	john.fastabend@gmail.com, "kuba@kernel.org" <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: Keith Busch <kbusch@kernel.org>,
	linux-nvme@lists.infradead.org,
	Chuck Lever <chuck.lever@oracle.com>,
	kernel-tls-handshake@lists.linux.dev,
	"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS
Date: Thu, 30 Mar 2023 19:26:25 +0200	[thread overview]
Message-ID: <26cb6ed1-4c32-6042-1d45-97b15a94ef57@suse.de> (raw)
In-Reply-To: <634385cc-35af-eca0-edcb-1196a95d1dfa@grimberg.me>

On 3/30/23 17:24, Sagi Grimberg wrote:
> 
>> kTLS does not support MSG_EOR flag for sendmsg(), and in general
>> is really picky about invalid MSG_XXX flags.
> 
> CC'ing TLS folks.
> 
> Can't tls simply ignore MSG_EOR instead of consumers having to be 
> careful over it?
> 
>> So ensure that the MSG_EOR flags is blanked out for TLS, and that
>> the MSG_SENDPAGE_LAST is only set if we actually do sendpage().
> 
> You mean MSG_SENDPAGE_NOTLAST.
> 
> It is also a bit annoying that a tls socket dictates different behavior
> than a normal socket.
> 
> The current logic is rather simple:
> if more data comming:
>      flags = MSG_MORE | MSG_SENDPAGE_NOTLAST
> else:
>      flags = MSG_EOR
> 
> Would like to keep it that way for tls as well. Can someone
> explain why this is a problem with tls?

TLS is using MSG_EOR internally (to control the flow of the underlying 
tcp stream), so it's meaningless for the ULP.
I've no idea about SENDPAGE_NOTLAST; that one is particularly annoying
as we have to check whether we do sendpage() or sendmsg().

But TLS really should blank out invalid flags, as it has different rules 
for them than anyone else. And the caller really shouldn't be burdened
with checking whether TLS is enabled or not.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman


  reply	other threads:[~2023-03-30 17:26 UTC|newest]

Thread overview: 73+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-29 13:59 [PATCHv2 00/18] nvme: In-kernel TLS support for TCP Hannes Reinecke
2023-03-29 13:59 ` [PATCH 01/18] nvme-keyring: register '.nvme' keyring and add CONFIG_NVME_TLS Hannes Reinecke
2023-03-29 14:49   ` Sagi Grimberg
2023-03-29 15:24     ` Hannes Reinecke
2023-03-29 15:04   ` Sagi Grimberg
2023-03-29 15:26     ` Hannes Reinecke
2023-03-30  8:53   ` Daniel Wagner
2023-03-30 14:38     ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 02/18] nvme-keyring: define a 'psk' keytype Hannes Reinecke
2023-03-29 13:59 ` [PATCH 03/18] nvme: add TCP TSAS definitions Hannes Reinecke
2023-03-29 13:59 ` [PATCH 04/18] nvme-tcp: add definitions for TLS cipher suites Hannes Reinecke
2023-03-29 13:59 ` [PATCH 05/18] net/tls: implement ->read_sock() Hannes Reinecke
2023-03-29 15:37   ` Sagi Grimberg
2023-03-29 15:41     ` Hannes Reinecke
2023-03-29 15:43       ` Sagi Grimberg
2023-03-29 15:44   ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 06/18] nvme/tcp: allocate socket file Hannes Reinecke
2023-03-29 15:57   ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 07/18] nvme-keyring: implement nvme_tls_psk_default() Hannes Reinecke
2023-03-29 15:35   ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 08/18] security/keys: export key_lookup() Hannes Reinecke
2023-03-29 13:59 ` [PATCH 09/18] nvme-tcp: enable TLS handshake upcall Hannes Reinecke
2023-03-30 12:54   ` Daniel Wagner
2023-03-30 12:59     ` Hannes Reinecke
2023-03-30 15:03   ` Sagi Grimberg
2023-03-30 17:16     ` Hannes Reinecke
2023-03-29 13:59 ` [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS Hannes Reinecke
2023-03-30 15:24   ` Sagi Grimberg
2023-03-30 17:26     ` Hannes Reinecke [this message]
2023-03-31  5:49     ` Jakub Kicinski
2023-03-31  6:03       ` Hannes Reinecke
2023-04-03 12:20         ` Sagi Grimberg
2023-04-03 14:59           ` Jakub Kicinski
2023-04-03 15:51             ` Sagi Grimberg
2023-04-03 18:48               ` Jakub Kicinski
2023-04-03 22:36                 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 11/18] nvme-tcp: control message handling for recvmsg() Hannes Reinecke
2023-03-30 15:25   ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 12/18] nvme-fabrics: parse options 'keyring' and 'tls_key' Hannes Reinecke
2023-03-30 15:33   ` Sagi Grimberg
2023-03-30 17:34     ` Hannes Reinecke
2023-04-03 12:24       ` Sagi Grimberg
2023-04-03 12:36         ` Hannes Reinecke
2023-04-03 13:07           ` Sagi Grimberg
2023-04-03 14:11             ` Hannes Reinecke
2023-04-03 16:13               ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 13/18] nvmet: make TCP sectype settable via configfs Hannes Reinecke
2023-03-30 16:07   ` Sagi Grimberg
2023-03-30 17:37     ` Hannes Reinecke
2023-04-03 12:31       ` Sagi Grimberg
2023-04-03 12:43         ` Hannes Reinecke
2023-03-29 13:59 ` [PATCH 14/18] nvmet-tcp: allocate socket file Hannes Reinecke
2023-03-30 16:08   ` Sagi Grimberg
2023-03-30 17:37     ` Hannes Reinecke
2023-03-29 13:59 ` [PATCH 15/18] nvmet-tcp: enable TLS handshake upcall Hannes Reinecke
2023-04-03 12:51   ` Sagi Grimberg
2023-04-03 14:05     ` Hannes Reinecke
2023-03-29 13:59 ` [PATCH 16/18] nvmet-tcp: rework sendpage for kTLS Hannes Reinecke
2023-04-03 12:52   ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 17/18] nvmet-tcp: control messages for recvmsg() Hannes Reinecke
2023-04-03 12:59   ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 18/18] nvmet-tcp: add configfs attribute 'param_keyring' Hannes Reinecke
2023-04-03 13:03   ` Sagi Grimberg
2023-04-03 14:13     ` Hannes Reinecke
2023-04-03 15:53       ` Sagi Grimberg
2023-04-14 10:30         ` Hannes Reinecke
2023-04-17 13:50           ` Sagi Grimberg
2023-04-17 14:01             ` Hannes Reinecke
2023-04-17 15:12               ` Sagi Grimberg
  -- strict thread matches above, loose matches on Subject: below --
2023-03-21 12:43 [RFC PATCH 00/18] nvme: In-kernel TLS support for TCP Hannes Reinecke
2023-03-21 12:43 ` [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS Hannes Reinecke
2023-03-22  9:31   ` Sagi Grimberg
2023-03-22 10:08     ` Hannes Reinecke
2023-03-22 11:18       ` Sagi Grimberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=26cb6ed1-4c32-6042-1d45-97b15a94ef57@suse.de \
    --to=hare@suse.de \
    --cc=borisp@nvidia.com \
    --cc=chuck.lever@oracle.com \
    --cc=hch@lst.de \
    --cc=john.fastabend@gmail.com \
    --cc=kbusch@kernel.org \
    --cc=kernel-tls-handshake@lists.linux.dev \
    --cc=kuba@kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=sagi@grimberg.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).