kernel-tls-handshake.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Hannes Reinecke <hare@suse.de>
To: Chuck Lever III <chuck.lever@oracle.com>
Cc: "kernel-tls-handshake@lists.linux.dev"
	<kernel-tls-handshake@lists.linux.dev>
Subject: Re: [PATCH 1/4] tls-handshake: add 'timeout' netlink attribute
Date: Fri, 17 Feb 2023 13:17:11 +0100	[thread overview]
Message-ID: <c206b986-0989-6b09-e7a3-24147803ee37@suse.de> (raw)
In-Reply-To: <DAF4B451-D056-4309-BDA5-5C20D38A3121@oracle.com>

On 2/17/23 12:58, Chuck Lever III wrote:
> 
> 
>> On Feb 17, 2023, at 6:31 AM, Hannes Reinecke <hare@suse.de> wrote:
>>
>> Add a 'timeout' netlink attribute to the 'request' netlink
>> message to allow the kernel to communicate an internal timeout
>> to userspace.
> 
> Can you describe the use caae?
> 
> I'm not clear on why we need to parametrize the handshake
> timeout. Why would it need to be changed? Why would, say,
> a PSK handshake need a different timeout than x.509? And,
> why doesn't a timeout wait in the API consumer work just
> as well?
> 
> Last we left this, you were using the timeout to work
> around some socket reference counting issues. I think we
> need to address those first.
> 
The problem is that we have have a timeout on the kernel side, and 
another timeout on the userland side.
This is primarily an issue for the client, as the kernel code
needs to continue _eventually_, otherwise the connection will
stall.
So we do need a timeout for the client to ensure forward progress.
Hence the kernel client needs a timeout to eventually declare the 
handshake non-functional and either abort or retry without TLS.

But as the kernel now has a timeout, that would need to be transported
to userland to tell the application to stop trying after a certain time.
Which is what this parameter does.

The alternative would be to kill the application directly from the 
kernel (or send some other signal), but that's really nasty and then we 
would need to worry about cleanup effects. Hence I'd rather not.

This approach has the benefit that the kernel can wait slightly longer 
than the timeout sent to userspace (in my code I've added two seconds), 
giving userspace enough time to send a completion message to the kernel.
With that we can be sure that userspace has given up control of the 
socket, and we remain the sole owner.
Without such a message it's always tricky to figure out _who_ has 
control over the socket, leading to all sorts of reference counting issues.

Cheers,

Hannes


  reply	other threads:[~2023-02-17 12:17 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-17 11:31 [PATCH 0/4] tls-handshake: server-side support Hannes Reinecke
2023-02-17 11:31 ` [PATCH 1/4] tls-handshake: add 'timeout' netlink attribute Hannes Reinecke
2023-02-17 11:58   ` Chuck Lever III
2023-02-17 12:17     ` Hannes Reinecke [this message]
2023-02-17 12:26       ` Chuck Lever III
2023-02-17 12:36         ` Hannes Reinecke
2023-02-17 12:38           ` Chuck Lever III
2023-02-17 11:31 ` [PATCH 2/4] tls-handshake: add 'keyring' " Hannes Reinecke
2023-02-17 12:00   ` Chuck Lever III
2023-02-17 12:24     ` Hannes Reinecke
2023-02-17 12:32       ` Chuck Lever III
2023-02-17 12:48         ` Hannes Reinecke
2023-02-17 12:56           ` Chuck Lever III
2023-02-17 11:31 ` [PATCH 3/4] net/tls_handshake: split tls_server_hello() Hannes Reinecke
2023-02-17 11:31 ` [PATCH 4/4] tls_handshake: add 'keyring' argument to server hello Hannes Reinecke
2023-02-17 11:56 ` [PATCH 0/4] tls-handshake: server-side support Chuck Lever III

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c206b986-0989-6b09-e7a3-24147803ee37@suse.de \
    --to=hare@suse.de \
    --cc=chuck.lever@oracle.com \
    --cc=kernel-tls-handshake@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).