From: Chuck Lever <cel@kernel.org>
To: linux-nfs@vger.kernel.org
Cc: kernel-tls-handshake@lists.linux.dev
Subject: [PATCH RFC 2/5] SUNRPC: Recognize control messages in server-side TCP socket code
Date: Mon, 20 Mar 2023 10:24:34 -0400 [thread overview]
Message-ID: <167932227406.3131.13458746441638824577.stgit@manet.1015granger.net> (raw)
In-Reply-To: <167932094748.3131.11264549266195745851.stgit@manet.1015granger.net>
From: Chuck Lever <chuck.lever@oracle.com>
To support kTLS, the server-side TCP socket code needs to watch for
CMSGs, just like on the client side.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
include/trace/events/sunrpc.h | 26 ++++++++++++++++++++++
net/sunrpc/svcsock.c | 49 +++++++++++++++++++++++++++++++++++++++--
2 files changed, 73 insertions(+), 2 deletions(-)
diff --git a/include/trace/events/sunrpc.h b/include/trace/events/sunrpc.h
index 280a31be3806..cf286a0a17d0 100644
--- a/include/trace/events/sunrpc.h
+++ b/include/trace/events/sunrpc.h
@@ -2370,6 +2370,32 @@ DECLARE_EVENT_CLASS(svcsock_accept_class,
DEFINE_ACCEPT_EVENT(accept);
DEFINE_ACCEPT_EVENT(getpeername);
+TRACE_EVENT(svcsock_tls_ctype,
+ TP_PROTO(
+ const struct svc_xprt *xprt,
+ unsigned char ctype
+ ),
+
+ TP_ARGS(xprt, ctype),
+
+ TP_STRUCT__entry(
+ SVC_XPRT_ENDPOINT_FIELDS(xprt)
+
+ __field(unsigned long, ctype)
+ ),
+
+ TP_fast_assign(
+ SVC_XPRT_ENDPOINT_ASSIGNMENTS(xprt);
+
+ __entry->ctype = ctype;
+ ),
+
+ TP_printk(SVC_XPRT_ENDPOINT_FORMAT " %s",
+ SVC_XPRT_ENDPOINT_VARARGS,
+ rpc_show_tls_content_type(__entry->ctype)
+ )
+);
+
DECLARE_EVENT_CLASS(cache_event,
TP_PROTO(
const struct cache_detail *cd,
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
index 28deb4acc392..91a62bea6999 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -43,6 +43,7 @@
#include <net/udp.h>
#include <net/tcp.h>
#include <net/tcp_states.h>
+#include <net/tls.h>
#include <linux/uaccess.h>
#include <linux/highmem.h>
#include <asm/ioctls.h>
@@ -216,6 +217,50 @@ static int svc_one_sock_name(struct svc_sock *svsk, char *buf, int remaining)
return len;
}
+static int
+svc_tcp_sock_process_cmsg(struct svc_sock *svsk, struct msghdr *msg,
+ struct cmsghdr *cmsg, int ret)
+{
+ if (cmsg->cmsg_level == SOL_TLS &&
+ cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
+ u8 content_type = *((u8 *)CMSG_DATA(cmsg));
+
+ trace_svcsock_tls_ctype(&svsk->sk_xprt, content_type);
+ switch (content_type) {
+ case TLS_RECORD_TYPE_DATA:
+ /* TLS sets EOR at the end of each application data
+ * record, even though there might be more frames
+ * waiting to be decrypted.
+ */
+ msg->msg_flags &= ~MSG_EOR;
+ break;
+ case TLS_RECORD_TYPE_ALERT:
+ ret = -ENOTCONN;
+ break;
+ default:
+ ret = -EAGAIN;
+ }
+ }
+ return ret;
+}
+
+static int
+svc_tcp_sock_recv_cmsg(struct svc_sock *svsk, struct msghdr *msg)
+{
+ union {
+ struct cmsghdr cmsg;
+ u8 buf[CMSG_SPACE(sizeof(u8))];
+ } u;
+ int ret;
+
+ msg->msg_control = &u;
+ msg->msg_controllen = sizeof(u);
+ ret = sock_recvmsg(svsk->sk_sock, msg, MSG_DONTWAIT);
+ if (unlikely(msg->msg_controllen != sizeof(u)))
+ ret = svc_tcp_sock_process_cmsg(svsk, msg, &u.cmsg, ret);
+ return ret;
+}
+
#if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE
static void svc_flush_bvec(const struct bio_vec *bvec, size_t size, size_t seek)
{
@@ -263,7 +308,7 @@ static ssize_t svc_tcp_read_msg(struct svc_rqst *rqstp, size_t buflen,
iov_iter_advance(&msg.msg_iter, seek);
buflen -= seek;
}
- len = sock_recvmsg(svsk->sk_sock, &msg, MSG_DONTWAIT);
+ len = svc_tcp_sock_recv_cmsg(svsk, &msg);
if (len > 0)
svc_flush_bvec(bvec, len, seek);
@@ -877,7 +922,7 @@ static ssize_t svc_tcp_read_marker(struct svc_sock *svsk,
iov.iov_base = ((char *)&svsk->sk_marker) + svsk->sk_tcplen;
iov.iov_len = want;
iov_iter_kvec(&msg.msg_iter, ITER_DEST, &iov, 1, want);
- len = sock_recvmsg(svsk->sk_sock, &msg, MSG_DONTWAIT);
+ len = svc_tcp_sock_recv_cmsg(svsk, &msg);
if (len < 0)
return len;
svsk->sk_tcplen += len;
next prev parent reply other threads:[~2023-03-20 14:24 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-20 14:24 [PATCH RFC 0/5] NFSD support for RPC-with-TLS Chuck Lever
2023-03-20 14:24 ` [PATCH RFC 1/5] SUNRPC: Revert 987c7b1d094d Chuck Lever
2023-03-20 14:24 ` Chuck Lever [this message]
2023-03-20 14:24 ` [PATCH RFC 3/5] SUNRPC: Ensure server-side sockets have a sock->file Chuck Lever
2023-03-20 14:24 ` [PATCH RFC 4/5] SUNRPC: Support TLS handshake in the server-side TCP socket code Chuck Lever
2023-03-21 11:43 ` Jeff Layton
2023-03-21 14:03 ` Chuck Lever III
2023-03-21 14:56 ` Jeff Layton
2023-03-21 16:09 ` Chuck Lever III
2023-03-21 16:46 ` Jeff Layton
2023-03-20 14:24 ` [PATCH RFC 5/5] NFSD: Handle new xprtsec= export option Chuck Lever
2023-03-21 11:50 ` Jeff Layton
2023-03-21 14:05 ` Chuck Lever III
2023-03-21 15:10 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=167932227406.3131.13458746441638824577.stgit@manet.1015granger.net \
--to=cel@kernel.org \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).