From: Hannes Reinecke <hare@suse.de>
To: Jakub Kicinski <kuba@kernel.org>, Sagi Grimberg <sagi@grimberg.me>
Cc: Christoph Hellwig <hch@lst.de>,
Boris Pismenny <borisp@nvidia.com>,
john.fastabend@gmail.com, Paolo Abeni <pabeni@redhat.com>,
Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org,
Chuck Lever <chuck.lever@oracle.com>,
kernel-tls-handshake@lists.linux.dev,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS
Date: Fri, 31 Mar 2023 08:03:00 +0200 [thread overview]
Message-ID: <7f057726-8777-2fd3-a207-b3cd96076cb9@suse.de> (raw)
In-Reply-To: <20230330224920.3a47fec9@kernel.org>
On 3/31/23 07:49, Jakub Kicinski wrote:
> On Thu, 30 Mar 2023 18:24:04 +0300 Sagi Grimberg wrote:
>>> kTLS does not support MSG_EOR flag for sendmsg(), and in general
>>> is really picky about invalid MSG_XXX flags.
>>
>> CC'ing TLS folks.
>>
>> Can't tls simply ignore MSG_EOR instead of consumers having to be
>> careful over it?
>
> I think we can support EOR, I don't see any fundamental problem there.
>
>>> So ensure that the MSG_EOR flags is blanked out for TLS, and that
>>> the MSG_SENDPAGE_LAST is only set if we actually do sendpage().
>>
>> You mean MSG_SENDPAGE_NOTLAST.
>>
>> It is also a bit annoying that a tls socket dictates different behavior
>> than a normal socket.
>>
>> The current logic is rather simple:
>> if more data comming:
>> flags = MSG_MORE | MSG_SENDPAGE_NOTLAST
>> else:
>> flags = MSG_EOR
>>
>> Would like to keep it that way for tls as well. Can someone
>> explain why this is a problem with tls?
>
> Some of the flags are call specific, others may be internal to the
> networking stack (e.g. the DECRYPTED flag). Old protocols didn't do
> any validation because people coded more haphazardly in the 90s.
> This lack of validation is a major source of technical debt :(
A-ha. So what is the plan?
Should the stack validate flags?
And should the rules for validating be the same for all protocols?
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman
next prev parent reply other threads:[~2023-03-31 6:03 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-29 13:59 [PATCHv2 00/18] nvme: In-kernel TLS support for TCP Hannes Reinecke
2023-03-29 13:59 ` [PATCH 01/18] nvme-keyring: register '.nvme' keyring and add CONFIG_NVME_TLS Hannes Reinecke
2023-03-29 14:49 ` Sagi Grimberg
2023-03-29 15:24 ` Hannes Reinecke
2023-03-29 15:04 ` Sagi Grimberg
2023-03-29 15:26 ` Hannes Reinecke
2023-03-30 8:53 ` Daniel Wagner
2023-03-30 14:38 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 02/18] nvme-keyring: define a 'psk' keytype Hannes Reinecke
2023-03-29 13:59 ` [PATCH 03/18] nvme: add TCP TSAS definitions Hannes Reinecke
2023-03-29 13:59 ` [PATCH 04/18] nvme-tcp: add definitions for TLS cipher suites Hannes Reinecke
2023-03-29 13:59 ` [PATCH 05/18] net/tls: implement ->read_sock() Hannes Reinecke
2023-03-29 15:37 ` Sagi Grimberg
2023-03-29 15:41 ` Hannes Reinecke
2023-03-29 15:43 ` Sagi Grimberg
2023-03-29 15:44 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 06/18] nvme/tcp: allocate socket file Hannes Reinecke
2023-03-29 15:57 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 07/18] nvme-keyring: implement nvme_tls_psk_default() Hannes Reinecke
2023-03-29 15:35 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 08/18] security/keys: export key_lookup() Hannes Reinecke
2023-03-29 13:59 ` [PATCH 09/18] nvme-tcp: enable TLS handshake upcall Hannes Reinecke
2023-03-30 12:54 ` Daniel Wagner
2023-03-30 12:59 ` Hannes Reinecke
2023-03-30 15:03 ` Sagi Grimberg
2023-03-30 17:16 ` Hannes Reinecke
2023-03-29 13:59 ` [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS Hannes Reinecke
2023-03-30 15:24 ` Sagi Grimberg
2023-03-30 17:26 ` Hannes Reinecke
2023-03-31 5:49 ` Jakub Kicinski
2023-03-31 6:03 ` Hannes Reinecke [this message]
2023-04-03 12:20 ` Sagi Grimberg
2023-04-03 14:59 ` Jakub Kicinski
2023-04-03 15:51 ` Sagi Grimberg
2023-04-03 18:48 ` Jakub Kicinski
2023-04-03 22:36 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 11/18] nvme-tcp: control message handling for recvmsg() Hannes Reinecke
2023-03-30 15:25 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 12/18] nvme-fabrics: parse options 'keyring' and 'tls_key' Hannes Reinecke
2023-03-30 15:33 ` Sagi Grimberg
2023-03-30 17:34 ` Hannes Reinecke
2023-04-03 12:24 ` Sagi Grimberg
2023-04-03 12:36 ` Hannes Reinecke
2023-04-03 13:07 ` Sagi Grimberg
2023-04-03 14:11 ` Hannes Reinecke
2023-04-03 16:13 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 13/18] nvmet: make TCP sectype settable via configfs Hannes Reinecke
2023-03-30 16:07 ` Sagi Grimberg
2023-03-30 17:37 ` Hannes Reinecke
2023-04-03 12:31 ` Sagi Grimberg
2023-04-03 12:43 ` Hannes Reinecke
2023-03-29 13:59 ` [PATCH 14/18] nvmet-tcp: allocate socket file Hannes Reinecke
2023-03-30 16:08 ` Sagi Grimberg
2023-03-30 17:37 ` Hannes Reinecke
2023-03-29 13:59 ` [PATCH 15/18] nvmet-tcp: enable TLS handshake upcall Hannes Reinecke
2023-04-03 12:51 ` Sagi Grimberg
2023-04-03 14:05 ` Hannes Reinecke
2023-03-29 13:59 ` [PATCH 16/18] nvmet-tcp: rework sendpage for kTLS Hannes Reinecke
2023-04-03 12:52 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 17/18] nvmet-tcp: control messages for recvmsg() Hannes Reinecke
2023-04-03 12:59 ` Sagi Grimberg
2023-03-29 13:59 ` [PATCH 18/18] nvmet-tcp: add configfs attribute 'param_keyring' Hannes Reinecke
2023-04-03 13:03 ` Sagi Grimberg
2023-04-03 14:13 ` Hannes Reinecke
2023-04-03 15:53 ` Sagi Grimberg
2023-04-14 10:30 ` Hannes Reinecke
2023-04-17 13:50 ` Sagi Grimberg
2023-04-17 14:01 ` Hannes Reinecke
2023-04-17 15:12 ` Sagi Grimberg
-- strict thread matches above, loose matches on Subject: below --
2023-03-21 12:43 [RFC PATCH 00/18] nvme: In-kernel TLS support for TCP Hannes Reinecke
2023-03-21 12:43 ` [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS Hannes Reinecke
2023-03-22 9:31 ` Sagi Grimberg
2023-03-22 10:08 ` Hannes Reinecke
2023-03-22 11:18 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7f057726-8777-2fd3-a207-b3cd96076cb9@suse.de \
--to=hare@suse.de \
--cc=borisp@nvidia.com \
--cc=chuck.lever@oracle.com \
--cc=hch@lst.de \
--cc=john.fastabend@gmail.com \
--cc=kbusch@kernel.org \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=kuba@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).