* Test results from v4 @ 2023-02-16 15:58 Hannes Reinecke 2023-02-16 16:03 ` Chuck Lever III 0 siblings, 1 reply; 8+ messages in thread From: Hannes Reinecke @ 2023-02-16 15:58 UTC (permalink / raw) To: kernel-tls-handshake Hi Chuck, I've given v4 a spin on my testbed, and ... well, things could've been better :-( Biggest issue is that I've lost connectivity to my testbed (openssl-based). It always kicks me back with: SSL routines:tls_choose_sigalg:no suitable signature algorithm for whatever reasons. I try to fiddle with the priority string, but it's _really_ annoying. And also reference counting is wrong: unreferenced object 0xffff9989c22a0018 (size 24): comm "tlshd", pid 2332, jiffies 4294964098 (age 1513.848s) hex dump (first 24 bytes): 00 00 00 00 00 00 00 00 a8 31 85 c1 89 99 ff ff .........1...... 00 00 00 00 00 00 00 00 ........ backtrace: [<ffffffffa00ad3e4>] security_file_alloc+0x24/0x90 [<ffffffff9ffbb747>] __alloc_file+0x57/0xc0 [<ffffffff9ffbbbc3>] alloc_empty_file+0x43/0xf0 [<ffffffff9ffbbcad>] alloc_file+0x2d/0x170 [<ffffffff9ffbbea7>] alloc_file_pseudo+0xa7/0x100 [<ffffffffa05158a9>] sock_alloc_file+0x39/0xa0 [<ffffffffa073594b>] handshake_genl_cmd_accept+0x19b/0x2a0 [<ffffffffa05d44e7>] genl_family_rcv_msg_doit.isra.19+0xf7/0x120 [<ffffffffa05d495f>] genl_rcv_msg+0x19f/0x2a0 [<ffffffffa05d3286>] netlink_rcv_skb+0x56/0x110 [<ffffffffa05d3cc4>] genl_rcv+0x24/0x40 [<ffffffffa05d277b>] netlink_unicast+0x1bb/0x290 [<ffffffffa05d2bc5>] netlink_sendmsg+0x365/0x4d0 [<ffffffffa0516e9f>] sock_sendmsg+0x5f/0x70 [<ffffffffa0517211>] ____sys_sendmsg+0x201/0x280 [<ffffffffa0519ca8>] ___sys_sendmsg+0x88/0xd0 But I guess you've found these already. Cheers, Hannes ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Test results from v4 2023-02-16 15:58 Test results from v4 Hannes Reinecke @ 2023-02-16 16:03 ` Chuck Lever III 2023-02-16 16:10 ` Chuck Lever III 2023-02-16 16:57 ` Hannes Reinecke 0 siblings, 2 replies; 8+ messages in thread From: Chuck Lever III @ 2023-02-16 16:03 UTC (permalink / raw) To: Hannes Reinecke; +Cc: kernel-tls-handshake > On Feb 16, 2023, at 10:58 AM, Hannes Reinecke <hare@suse.de> wrote: > > Hi Chuck, > > I've given v4 a spin on my testbed, and ... well, things could've been better :-( > > Biggest issue is that I've lost connectivity to my testbed (openssl-based). It always kicks me back with: > > SSL routines:tls_choose_sigalg:no suitable signature algorithm > > for whatever reasons. > I try to fiddle with the priority string, but it's _really_ annoying. Haven't seen that, could be a PSK-specific thing? > And also reference counting is wrong: That's not terribly surprising. > unreferenced object 0xffff9989c22a0018 (size 24): > comm "tlshd", pid 2332, jiffies 4294964098 (age 1513.848s) > hex dump (first 24 bytes): > 00 00 00 00 00 00 00 00 a8 31 85 c1 89 99 ff ff .........1...... > 00 00 00 00 00 00 00 00 ........ > backtrace: > [<ffffffffa00ad3e4>] security_file_alloc+0x24/0x90 > [<ffffffff9ffbb747>] __alloc_file+0x57/0xc0 > [<ffffffff9ffbbbc3>] alloc_empty_file+0x43/0xf0 > [<ffffffff9ffbbcad>] alloc_file+0x2d/0x170 > [<ffffffff9ffbbea7>] alloc_file_pseudo+0xa7/0x100 > [<ffffffffa05158a9>] sock_alloc_file+0x39/0xa0 > [<ffffffffa073594b>] handshake_genl_cmd_accept+0x19b/0x2a0 > [<ffffffffa05d44e7>] genl_family_rcv_msg_doit.isra.19+0xf7/0x120 > [<ffffffffa05d495f>] genl_rcv_msg+0x19f/0x2a0 > [<ffffffffa05d3286>] netlink_rcv_skb+0x56/0x110 > [<ffffffffa05d3cc4>] genl_rcv+0x24/0x40 > [<ffffffffa05d277b>] netlink_unicast+0x1bb/0x290 > [<ffffffffa05d2bc5>] netlink_sendmsg+0x365/0x4d0 > [<ffffffffa0516e9f>] sock_sendmsg+0x5f/0x70 > [<ffffffffa0517211>] ____sys_sendmsg+0x201/0x280 > [<ffffffffa0519ca8>] ___sys_sendmsg+0x88/0xd0 > > But I guess you've found these already. Nope, I haven't seen that either, but I'm not looking for memory leaks yet. My focus right now is to address netdev's concerns, so I haven't enabled kmemleak (as it slows down the dev loop). Not crashing is a higher priority than leaking right at the moment. -- Chuck Lever ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Test results from v4 2023-02-16 16:03 ` Chuck Lever III @ 2023-02-16 16:10 ` Chuck Lever III 2023-02-16 16:57 ` Hannes Reinecke 1 sibling, 0 replies; 8+ messages in thread From: Chuck Lever III @ 2023-02-16 16:10 UTC (permalink / raw) To: Hannes Reinecke; +Cc: kernel-tls-handshake > On Feb 16, 2023, at 11:03 AM, Chuck Lever III <chuck.lever@oracle.com> wrote: > > > >> On Feb 16, 2023, at 10:58 AM, Hannes Reinecke <hare@suse.de> wrote: >> >> Hi Chuck, >> >> I've given v4 a spin on my testbed, and ... well, things could've been better :-( >> >> Biggest issue is that I've lost connectivity to my testbed (openssl-based). It always kicks me back with: >> >> SSL routines:tls_choose_sigalg:no suitable signature algorithm >> >> for whatever reasons. >> I try to fiddle with the priority string, but it's _really_ annoying. > > Haven't seen that, could be a PSK-specific thing? > > >> And also reference counting is wrong: > > That's not terribly surprising. > > >> unreferenced object 0xffff9989c22a0018 (size 24): >> comm "tlshd", pid 2332, jiffies 4294964098 (age 1513.848s) >> hex dump (first 24 bytes): >> 00 00 00 00 00 00 00 00 a8 31 85 c1 89 99 ff ff .........1...... >> 00 00 00 00 00 00 00 00 ........ >> backtrace: >> [<ffffffffa00ad3e4>] security_file_alloc+0x24/0x90 >> [<ffffffff9ffbb747>] __alloc_file+0x57/0xc0 >> [<ffffffff9ffbbbc3>] alloc_empty_file+0x43/0xf0 >> [<ffffffff9ffbbcad>] alloc_file+0x2d/0x170 >> [<ffffffff9ffbbea7>] alloc_file_pseudo+0xa7/0x100 >> [<ffffffffa05158a9>] sock_alloc_file+0x39/0xa0 >> [<ffffffffa073594b>] handshake_genl_cmd_accept+0x19b/0x2a0 >> [<ffffffffa05d44e7>] genl_family_rcv_msg_doit.isra.19+0xf7/0x120 >> [<ffffffffa05d495f>] genl_rcv_msg+0x19f/0x2a0 >> [<ffffffffa05d3286>] netlink_rcv_skb+0x56/0x110 >> [<ffffffffa05d3cc4>] genl_rcv+0x24/0x40 >> [<ffffffffa05d277b>] netlink_unicast+0x1bb/0x290 >> [<ffffffffa05d2bc5>] netlink_sendmsg+0x365/0x4d0 >> [<ffffffffa0516e9f>] sock_sendmsg+0x5f/0x70 >> [<ffffffffa0517211>] ____sys_sendmsg+0x201/0x280 >> [<ffffffffa0519ca8>] ___sys_sendmsg+0x88/0xd0 >> >> But I guess you've found these already. > > Nope, I haven't seen that either, but I'm not looking for > memory leaks yet. My focus right now is to address netdev's > concerns, so I haven't enabled kmemleak (as it slows down > the dev loop). Not crashing is a higher priority than > leaking right at the moment. Or, to put this another way: I'm trying to address the reference counting issues by addressing Paolo's request for adding a socket destructor callback. -- Chuck Lever ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Test results from v4 2023-02-16 16:03 ` Chuck Lever III 2023-02-16 16:10 ` Chuck Lever III @ 2023-02-16 16:57 ` Hannes Reinecke 2023-02-16 17:17 ` Chuck Lever III 1 sibling, 1 reply; 8+ messages in thread From: Hannes Reinecke @ 2023-02-16 16:57 UTC (permalink / raw) To: Chuck Lever III; +Cc: kernel-tls-handshake On 2/16/23 17:03, Chuck Lever III wrote: > > >> On Feb 16, 2023, at 10:58 AM, Hannes Reinecke <hare@suse.de> wrote: >> >> Hi Chuck, >> [ .. ] >> unreferenced object 0xffff9989c22a0018 (size 24): >> comm "tlshd", pid 2332, jiffies 4294964098 (age 1513.848s) >> hex dump (first 24 bytes): >> 00 00 00 00 00 00 00 00 a8 31 85 c1 89 99 ff ff .........1...... >> 00 00 00 00 00 00 00 00 ........ >> backtrace: >> [<ffffffffa00ad3e4>] security_file_alloc+0x24/0x90 >> [<ffffffff9ffbb747>] __alloc_file+0x57/0xc0 >> [<ffffffff9ffbbbc3>] alloc_empty_file+0x43/0xf0 >> [<ffffffff9ffbbcad>] alloc_file+0x2d/0x170 >> [<ffffffff9ffbbea7>] alloc_file_pseudo+0xa7/0x100 >> [<ffffffffa05158a9>] sock_alloc_file+0x39/0xa0 >> [<ffffffffa073594b>] handshake_genl_cmd_accept+0x19b/0x2a0 >> [<ffffffffa05d44e7>] genl_family_rcv_msg_doit.isra.19+0xf7/0x120 >> [<ffffffffa05d495f>] genl_rcv_msg+0x19f/0x2a0 >> [<ffffffffa05d3286>] netlink_rcv_skb+0x56/0x110 >> [<ffffffffa05d3cc4>] genl_rcv+0x24/0x40 >> [<ffffffffa05d277b>] netlink_unicast+0x1bb/0x290 >> [<ffffffffa05d2bc5>] netlink_sendmsg+0x365/0x4d0 >> [<ffffffffa0516e9f>] sock_sendmsg+0x5f/0x70 >> [<ffffffffa0517211>] ____sys_sendmsg+0x201/0x280 >> [<ffffffffa0519ca8>] ___sys_sendmsg+0x88/0xd0 >> >> But I guess you've found these already. > > Nope, I haven't seen that either, but I'm not looking for > memory leaks yet. My focus right now is to address netdev's > concerns, so I haven't enabled kmemleak (as it slows down > the dev loop). Not crashing is a higher priority than > leaking right at the moment. > Sure, perfectly fine. I've got some patches queued up to enable PSK for v4 (both client and server side), how should I post them? Here on the list or on the general linux-block / linux-nvme list? Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@suse.de +49 911 74053 688 SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Test results from v4 2023-02-16 16:57 ` Hannes Reinecke @ 2023-02-16 17:17 ` Chuck Lever III 2023-02-17 11:36 ` Hannes Reinecke 0 siblings, 1 reply; 8+ messages in thread From: Chuck Lever III @ 2023-02-16 17:17 UTC (permalink / raw) To: Hannes Reinecke; +Cc: kernel-tls-handshake > On Feb 16, 2023, at 11:57 AM, Hannes Reinecke <hare@suse.de> wrote: > > > I've got some patches queued up to enable PSK for v4 (both client and server side), how should I post them? Here on the list or on the general linux-block / linux-nvme list? Start here, let's see what you got. -- Chuck Lever ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Test results from v4 2023-02-16 17:17 ` Chuck Lever III @ 2023-02-17 11:36 ` Hannes Reinecke 2023-02-17 11:56 ` Chuck Lever III 0 siblings, 1 reply; 8+ messages in thread From: Hannes Reinecke @ 2023-02-17 11:36 UTC (permalink / raw) To: Chuck Lever III; +Cc: kernel-tls-handshake On 2/16/23 18:17, Chuck Lever III wrote: > >> On Feb 16, 2023, at 11:57 AM, Hannes Reinecke <hare@suse.de> wrote: >> >> >> I've got some patches queued up to enable PSK for v4 (both client and server side), how should I post them? Here on the list or on the general linux-block / linux-nvme list? > > Start here, let's see what you got. > Done. Handshake looks good, _except_ that the server side refuses to fetch new packets until client side closes the connection due to a timeout: tlshd[11024]: (11024) gnutls(5): REC[0x209cc40]: Preparing Packet Handshake(22) with length: 559 and min pad: 0 tlshd[11024]: (11024) gnutls(9): ENC[0x209cc40]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 tlshd[11024]: (11024) gnutls(5): REC[0x209cc40]: Sent Packet[1] Handshake(22) in epoch 0 and length: 564 tlshd[11024]: (11024) gnutls: The operation timed out (-319) tlshd[11024]: (11024) Handshake with c472.arch.suse.de (10.161.60.216) failed tlshd[11023]: (11023) gnutls(5): REC[0x209cbc0]: SSL 3.1 Handshake packet received. Epoch 0, length: 559 Any idea what could be causing it? (And I checked, the ClientHello packet really is on the wire, so it's a server-side thingie). I'm pretty sure the server side doesn't set any callbacks to the socket (yet), so I'm a bit at a loss what could be the reason here. Thanks for any pointers. Cheers, Hannes ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Test results from v4 2023-02-17 11:36 ` Hannes Reinecke @ 2023-02-17 11:56 ` Chuck Lever III 2023-02-22 16:22 ` Chuck Lever III 0 siblings, 1 reply; 8+ messages in thread From: Chuck Lever III @ 2023-02-17 11:56 UTC (permalink / raw) To: Hannes Reinecke; +Cc: kernel-tls-handshake > On Feb 17, 2023, at 6:36 AM, Hannes Reinecke <hare@suse.de> wrote: > > On 2/16/23 18:17, Chuck Lever III wrote: >>> On Feb 16, 2023, at 11:57 AM, Hannes Reinecke <hare@suse.de> wrote: >>> >>> >>> I've got some patches queued up to enable PSK for v4 (both client and server side), how should I post them? Here on the list or on the general linux-block / linux-nvme list? >> Start here, let's see what you got. > Done. > > Handshake looks good, _except_ that the server side refuses to fetch new packets until client side closes the connection due to a timeout: > > tlshd[11024]: (11024) gnutls(5): REC[0x209cc40]: Preparing Packet Handshake(22) with length: 559 and min pad: 0 > tlshd[11024]: (11024) gnutls(9): ENC[0x209cc40]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 > tlshd[11024]: (11024) gnutls(5): REC[0x209cc40]: Sent Packet[1] Handshake(22) in epoch 0 and length: 564 > tlshd[11024]: (11024) gnutls: The operation timed out (-319) > tlshd[11024]: (11024) Handshake with c472.arch.suse.de (10.161.60.216) failed > tlshd[11023]: (11023) gnutls(5): REC[0x209cbc0]: SSL 3.1 Handshake packet received. Epoch 0, length: 559 > > Any idea what could be causing it? Since the handshake failed, my first guess is that you haven't re-enabled your server's data_ready callback when the handshake fails. But honestly I haven't tested the case where the handshake fails but the server wants to continue using the socket. Obviously that is something we want to work -- the server itself needs to decide whether to continue using that connection. > (And I checked, the ClientHello packet really is on the wire, so it's a server-side thingie). > I'm pretty sure the server side doesn't set any callbacks to the socket (yet), so I'm a bit at a loss what could be the reason here. -- Chuck Lever ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Test results from v4 2023-02-17 11:56 ` Chuck Lever III @ 2023-02-22 16:22 ` Chuck Lever III 0 siblings, 0 replies; 8+ messages in thread From: Chuck Lever III @ 2023-02-22 16:22 UTC (permalink / raw) To: Hannes Reinecke; +Cc: kernel-tls-handshake > On Feb 17, 2023, at 6:56 AM, Chuck Lever III <chuck.lever@oracle.com> wrote: > > > >> On Feb 17, 2023, at 6:36 AM, Hannes Reinecke <hare@suse.de> wrote: >> >> On 2/16/23 18:17, Chuck Lever III wrote: >>>> On Feb 16, 2023, at 11:57 AM, Hannes Reinecke <hare@suse.de> wrote: >>>> >>>> >>>> I've got some patches queued up to enable PSK for v4 (both client and server side), how should I post them? Here on the list or on the general linux-block / linux-nvme list? >>> Start here, let's see what you got. >> Done. >> >> Handshake looks good, _except_ that the server side refuses to fetch new packets until client side closes the connection due to a timeout: >> >> tlshd[11024]: (11024) gnutls(5): REC[0x209cc40]: Preparing Packet Handshake(22) with length: 559 and min pad: 0 >> tlshd[11024]: (11024) gnutls(9): ENC[0x209cc40]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 >> tlshd[11024]: (11024) gnutls(5): REC[0x209cc40]: Sent Packet[1] Handshake(22) in epoch 0 and length: 564 >> tlshd[11024]: (11024) gnutls: The operation timed out (-319) >> tlshd[11024]: (11024) Handshake with c472.arch.suse.de (10.161.60.216) failed >> tlshd[11023]: (11023) gnutls(5): REC[0x209cbc0]: SSL 3.1 Handshake packet received. Epoch 0, length: 559 >> >> Any idea what could be causing it? > > Since the handshake failed, my first guess is that you haven't > re-enabled your server's data_ready callback when the handshake > fails. I noticed this while working on v5: +static int tls_handshake_put_accept_resp(struct sk_buff *msg, + struct tls_handshake_req *treq) +{ + struct nlattr *entry_attr; + int ret; + + ret = -EMSGSIZE; + entry_attr = nla_nest_start(msg, HANDSHAKE_GENL_ATTR_ACCEPT); + if (!entry_attr) + goto out; + + ret = nla_put_u32(msg, HANDSHAKE_GENL_ATTR_TLS_TYPE, + HANDSHAKE_GENL_TLS_TYPE_CLIENTHELLO); + if (ret < 0) + goto out; This is unconditionally setting TLS_TYPE to CLIENTHELLO. Instead, it needs to do this: + ret = nla_put_u32(msg, HANDSHAKE_GENL_ATTR_TLS_TYPE, + treq->th_type); That way the handshake agent sees a SERVERHELLO request. > But honestly I haven't tested the case where the handshake > fails but the server wants to continue using the socket. > Obviously that is something we want to work -- the server > itself needs to decide whether to continue using that > connection. > > >> (And I checked, the ClientHello packet really is on the wire, so it's a server-side thingie). >> I'm pretty sure the server side doesn't set any callbacks to the socket (yet), so I'm a bit at a loss what could be the reason here. > > -- > Chuck Lever > > > > -- Chuck Lever ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-02-22 16:23 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-02-16 15:58 Test results from v4 Hannes Reinecke 2023-02-16 16:03 ` Chuck Lever III 2023-02-16 16:10 ` Chuck Lever III 2023-02-16 16:57 ` Hannes Reinecke 2023-02-16 17:17 ` Chuck Lever III 2023-02-17 11:36 ` Hannes Reinecke 2023-02-17 11:56 ` Chuck Lever III 2023-02-22 16:22 ` Chuck Lever III
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).