From: Sagi Grimberg <sagi@grimberg.me>
To: Hannes Reinecke <hare@suse.de>, Christoph Hellwig <hch@lst.de>
Cc: Keith Busch <kbusch@kernel.org>,
linux-nvme@lists.infradead.org, Chuck Lever <cel@kernel.org>,
kernel-tls-handshake@lists.linux.dev
Subject: Re: [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS
Date: Wed, 22 Mar 2023 13:18:38 +0200 [thread overview]
Message-ID: <c97a8ac1-255a-4a54-1bb5-0bedf22a6774@grimberg.me> (raw)
In-Reply-To: <3b0f2af5-5dfa-ed76-a6a6-2715d9e05e70@suse.de>
On 3/22/23 12:08, Hannes Reinecke wrote:
> On 3/22/23 10:31, Sagi Grimberg wrote:
>>
>>
>> On 3/21/23 14:43, Hannes Reinecke wrote:
>>> kTLS does not support MSG_EOR flag for sendmsg(), and the ->sendpage()
>>> call really doesn't bring any benefit as data has to be copied
>>> anyway.
>>> So use sock_no_sendpage() or sendmsg() instead, and ensure that the
>>> MSG_EOR flag is blanked out for kTLS.
>>>
>>> Signed-off-by: Hannes Reinecke <hare@suse.de>
>>> ---
>>> drivers/nvme/host/tcp.c | 33 +++++++++++++++++++++------------
>>> 1 file changed, 21 insertions(+), 12 deletions(-)
>>>
>>> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
>>> index bbff1f52a167..007d457cacf9 100644
>>> --- a/drivers/nvme/host/tcp.c
>>> +++ b/drivers/nvme/host/tcp.c
>>> @@ -1034,13 +1034,19 @@ static int nvme_tcp_try_send_data(struct
>>> nvme_tcp_request *req)
>>> bool last = nvme_tcp_pdu_last_send(req, len);
>>> int req_data_sent = req->data_sent;
>>> int ret, flags = MSG_DONTWAIT;
>>> + bool do_sendpage = sendpage_ok(page);
>>> - if (last && !queue->data_digest && !nvme_tcp_queue_more(queue))
>>> + if (!last || queue->data_digest || nvme_tcp_queue_more(queue))
>>> + flags |= MSG_MORE;
>>> + else if (!test_bit(NVME_TCP_Q_TLS, &queue->flags))
>>> flags |= MSG_EOR;
>>> - else
>>> - flags |= MSG_MORE | MSG_SENDPAGE_NOTLAST;
>>
>> I think its time to move the flags setting to a helper.
>>
>>> - if (sendpage_ok(page)) {
>>> + if (test_bit(NVME_TCP_Q_TLS, &queue->flags))
>>> + do_sendpage = false;
>>> +
>>> + if (do_sendpage) {
>>
>> The do_sendpage looks redundant to me.
>>
>>> + if (flags & MSG_MORE)
>>> + flags |= MSG_SENDPAGE_NOTLAST;
>>> ret = kernel_sendpage(queue->sock, page, offset, len,
>>> flags);
>>
>> I think that the SENDPAGE_NOLAST should be set together with MSG_MORE
>> regardless.
>>
>>> } else {
>>> @@ -1088,19 +1094,22 @@ static int nvme_tcp_try_send_cmd_pdu(struct
>>> nvme_tcp_request *req)
>>> bool inline_data = nvme_tcp_has_inline_data(req);
>>> u8 hdgst = nvme_tcp_hdgst_len(queue);
>>> int len = sizeof(*pdu) + hdgst - req->offset;
>>> - int flags = MSG_DONTWAIT;
>>> + struct msghdr msg = { .msg_flags = MSG_DONTWAIT };
>>> + struct kvec iov = {
>>> + .iov_base = (u8 *)req->pdu + req->offset,
>>> + .iov_len = len,
>>> + };
>>> int ret;
>>> if (inline_data || nvme_tcp_queue_more(queue))
>>> - flags |= MSG_MORE | MSG_SENDPAGE_NOTLAST;
>>> - else
>>> - flags |= MSG_EOR;
>>> + msg.msg_flags |= MSG_MORE;
>>> + else if (!test_bit(NVME_TCP_Q_TLS, &queue->flags))
>>> + msg.msg_flags |= MSG_EOR;
>>> if (queue->hdr_digest && !req->offset)
>>> nvme_tcp_hdgst(queue->snd_hash, pdu, sizeof(*pdu));
>>> - ret = kernel_sendpage(queue->sock, virt_to_page(pdu),
>>> - offset_in_page(pdu) + req->offset, len, flags);
>>> + ret = kernel_sendmsg(queue->sock, &msg, &iov, 1, iov.iov_len);
>>
>> I'd prefer to do kernel_sednpage/sock_no_sendpage similar to how we do
>> it for data and data pdu.
>>
>>> if (unlikely(ret <= 0))
>>> return ret;
>>> @@ -1131,7 +1140,7 @@ static int nvme_tcp_try_send_data_pdu(struct
>>> nvme_tcp_request *req)
>>> if (queue->hdr_digest && !req->offset)
>>> nvme_tcp_hdgst(queue->snd_hash, pdu, sizeof(*pdu));
>>> - if (!req->h2cdata_left)
>>> + if (!test_bit(NVME_TCP_Q_TLS, &queue->flags) && !req->h2cdata_left)
>>> ret = kernel_sendpage(queue->sock, virt_to_page(pdu),
>>> offset_in_page(pdu) + req->offset, len,
>>> MSG_DONTWAIT | MSG_MORE | MSG_SENDPAGE_NOTLAST);
>>
>> Something is unclear to me. Is kernel_sendpage unsupported with tls? (I
>> think it is). I understand the motivation to add more checks in the code
>> for kernel_sendpage vs. sock_no_sendpage given that it should be
>> perfectly fine to use either.
>>
>> Did you see any regressions with using kernel_sendpage? If so, isn't
>> that a bug in the tls code?
>
> The actual issue with the tls code is the 'MSG_EOR' handling.
> Problem is that tls is using MSG_EOR internally, and bails out on
> unknown MSG_ settings:
That is fine, lets separate MSG_EOR for TLS, and any change from
kernel_sendpage to kernel_sendmsg to a different patch (or eliminate
it altogether if it is unneeded).
>
> int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
> {
> [ .. ]
> if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
> MSG_CMSG_COMPAT))
> return -EOPNOTSUPP;
>
> I would _vastly_ prefer to blank out unsupported flags (like MSG_EOR)
> from the TLS code, because to all intents and purposes MSG_EOR is just
> the opposite of MSG_MORE.
Not exactly. But ok.
> Or drop MSG_EOR usage from the nvme tcp code.
Possible to do. But MSG_EOR hints the network stack that no other
payload is expected, so it can send it down the wire asap and avoid
any batching heuristics.
> But then I'm not _that_ into the networking code to make a judgement here.
> And as we're using sendmsg() already I had been switching to use it for
> ktls, too (as I know that the sendmsg() flow worked).
> But in the end I guess we could use sendpage going forward.
I'd prefer not to change that at this point if it is supported properly.
next prev parent reply other threads:[~2023-03-22 11:18 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-21 12:43 [RFC PATCH 00/18] nvme: In-kernel TLS support for TCP Hannes Reinecke
2023-03-21 12:43 ` [PATCH 01/18] nvme-keyring: register '.nvme' keyring Hannes Reinecke
2023-03-21 13:50 ` Sagi Grimberg
2023-03-21 14:11 ` Hannes Reinecke
2023-03-21 12:43 ` [PATCH 02/18] nvme-keyring: define a 'psk' keytype Hannes Reinecke
2023-03-22 8:29 ` Sagi Grimberg
2023-03-22 8:38 ` Hannes Reinecke
2023-03-22 8:49 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 03/18] nvme: add TCP TSAS definitions Hannes Reinecke
2023-03-21 13:46 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 04/18] nvme-tcp: add definitions for TLS cipher suites Hannes Reinecke
2023-03-22 8:18 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 05/18] nvme-tcp: implement recvmsg rx flow for TLS Hannes Reinecke
2023-03-21 13:39 ` Sagi Grimberg
2023-03-21 13:59 ` Hannes Reinecke
2023-03-22 8:01 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 06/18] nvme-tcp: call 'queue->data_ready()' in nvme_tcp_data_ready() Hannes Reinecke
2023-03-21 13:44 ` Sagi Grimberg
2023-03-21 14:09 ` Hannes Reinecke
2023-03-22 0:18 ` Chris Leech
2023-03-22 6:59 ` Hannes Reinecke
2023-03-22 8:12 ` Sagi Grimberg
2023-03-22 8:08 ` Sagi Grimberg
2023-03-22 8:26 ` Hannes Reinecke
2023-03-22 10:13 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 07/18] nvme/tcp: allocate socket file Hannes Reinecke
2023-03-21 13:52 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 08/18] nvme-tcp: enable TLS handshake upcall Hannes Reinecke
2023-03-22 8:45 ` Sagi Grimberg
2023-03-22 9:12 ` Hannes Reinecke
2023-03-22 10:56 ` Sagi Grimberg
2023-03-22 12:54 ` Hannes Reinecke
2023-03-22 13:16 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 09/18] nvme-tcp: add connect option 'tls' Hannes Reinecke
2023-03-22 9:24 ` Sagi Grimberg
2023-03-22 9:59 ` Hannes Reinecke
2023-03-22 10:09 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS Hannes Reinecke
2023-03-22 9:31 ` Sagi Grimberg
2023-03-22 10:08 ` Hannes Reinecke
2023-03-22 11:18 ` Sagi Grimberg [this message]
2023-03-21 12:43 ` [PATCH 11/18] nvme-tcp: control message handling for recvmsg() Hannes Reinecke
2023-03-22 11:33 ` Sagi Grimberg
2023-03-22 11:48 ` Hannes Reinecke
2023-03-22 11:50 ` Sagi Grimberg
2023-03-22 12:17 ` Hannes Reinecke
2023-03-22 12:29 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 12/18] nvmet: make TCP sectype settable via configfs Hannes Reinecke
2023-03-22 11:38 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 13/18] nvmet-tcp: allocate socket file Hannes Reinecke
2023-03-22 11:46 ` Sagi Grimberg
2023-03-22 12:07 ` Hannes Reinecke
2023-03-21 12:43 ` [PATCH 14/18] security/keys: export key_lookup() Hannes Reinecke
2023-03-21 12:43 ` [PATCH 15/18] nvmet-tcp: enable TLS handshake upcall Hannes Reinecke
2023-03-22 12:13 ` Sagi Grimberg
2023-03-22 12:34 ` Hannes Reinecke
2023-03-22 12:51 ` Sagi Grimberg
2023-03-22 13:47 ` Hannes Reinecke
2023-03-22 15:42 ` Sagi Grimberg
2023-03-22 16:43 ` Hannes Reinecke
2023-03-22 16:49 ` Chuck Lever III
2023-03-23 7:21 ` Sagi Grimberg
2023-03-24 11:29 ` Hannes Reinecke
2023-03-26 7:18 ` Sagi Grimberg
2023-03-27 6:20 ` Hannes Reinecke
2023-03-28 8:44 ` Sagi Grimberg
2023-03-28 9:20 ` Hannes Reinecke
2023-03-28 9:43 ` Sagi Grimberg
2023-03-28 10:04 ` Hannes Reinecke
2023-03-28 13:22 ` Chuck Lever III
2023-03-28 15:29 ` Sagi Grimberg
2023-03-28 15:56 ` Chuck Lever III
2023-03-29 6:33 ` Sagi Grimberg
2023-03-23 7:44 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 16/18] nvmet-tcp: rework sendpage for kTLS Hannes Reinecke
2023-03-22 12:16 ` Sagi Grimberg
2023-03-21 12:43 ` [PATCH 17/18] nvmet-tcp: control messages for recvmsg() Hannes Reinecke
2023-03-21 12:43 ` [PATCH 18/18] nvmet-tcp: peek icreq before starting TLS Hannes Reinecke
2023-03-22 12:24 ` Sagi Grimberg
2023-03-22 12:38 ` Hannes Reinecke
2023-03-21 13:12 ` [RFC PATCH 00/18] nvme: In-kernel TLS support for TCP Sagi Grimberg
2023-03-21 13:30 ` Hannes Reinecke
2023-03-22 8:16 ` Sagi Grimberg
2023-03-22 8:28 ` Hannes Reinecke
2023-03-22 12:53 ` Sagi Grimberg
2023-03-22 15:10 ` Hannes Reinecke
2023-03-22 15:43 ` Sagi Grimberg
2023-03-29 13:59 [PATCHv2 " Hannes Reinecke
2023-03-29 13:59 ` [PATCH 10/18] nvme-tcp: fixup send workflow for kTLS Hannes Reinecke
2023-03-30 15:24 ` Sagi Grimberg
2023-03-30 17:26 ` Hannes Reinecke
2023-03-31 5:49 ` Jakub Kicinski
2023-03-31 6:03 ` Hannes Reinecke
2023-04-03 12:20 ` Sagi Grimberg
2023-04-03 14:59 ` Jakub Kicinski
2023-04-03 15:51 ` Sagi Grimberg
2023-04-03 18:48 ` Jakub Kicinski
2023-04-03 22:36 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c97a8ac1-255a-4a54-1bb5-0bedf22a6774@grimberg.me \
--to=sagi@grimberg.me \
--cc=cel@kernel.org \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=linux-nvme@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).