* [PATCH 0/3] net/tls: fixes for NVMe-over-TLS
@ 2023-05-26 14:31 Hannes Reinecke
2023-05-26 14:31 ` [PATCH 1/3] net/tls: handle MSG_EOR for tls_sw TX flow Hannes Reinecke
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Hannes Reinecke @ 2023-05-26 14:31 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: Sagi Grimberg, Keith Busch, linux-nvme, Hannes Reinecke
Hi all,
here are some small fixes to get NVMe-over-TLS up and running.
The first two are just minor modifications to have MSG_EOR handled
for TLS, but the third implements the ->read_sock() callback for tls_sw
and I guess could do with some reviews.
As usual, comments and reviews are welcome.
Hannes Reinecke (3):
net/tls: handle MSG_EOR for tls_sw TX flow
net/tls: handle MSG_EOR for tls_device TX flow
net/tls: implement ->read_sock()
net/tls/tls.h | 2 ++
net/tls/tls_device.c | 8 ++++-
net/tls/tls_main.c | 2 ++
net/tls/tls_sw.c | 82 ++++++++++++++++++++++++++++++++++++++++++--
4 files changed, 90 insertions(+), 4 deletions(-)
--
2.35.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/3] net/tls: handle MSG_EOR for tls_sw TX flow
2023-05-26 14:31 [PATCH 0/3] net/tls: fixes for NVMe-over-TLS Hannes Reinecke
@ 2023-05-26 14:31 ` Hannes Reinecke
2023-05-27 4:13 ` Jakub Kicinski
2023-05-26 14:31 ` [PATCH 2/3] net/tls: handle MSG_EOR for tls_device " Hannes Reinecke
2023-05-26 14:31 ` [PATCH 3/3] net/tls: implement ->read_sock() Hannes Reinecke
2 siblings, 1 reply; 5+ messages in thread
From: Hannes Reinecke @ 2023-05-26 14:31 UTC (permalink / raw)
To: Christoph Hellwig
Cc: Sagi Grimberg, Keith Busch, linux-nvme, Hannes Reinecke,
Jakub Kicinski, netdev
tls_sw_sendmsg() / tls_do_sw_sendpage() already handles
MSG_MORE / MSG_SENDPAGE_NOTLAST, but bails out on MSG_EOR.
But seeing that MSG_EOR is basically the opposite of
MSG_MORE / MSG_SENDPAGE_NOTLAST this patch adds handling
MSG_EOR by treating it as the negation of MSG_MORE.
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
net/tls/tls_sw.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 635b8bf6b937..be8e0459d403 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -953,9 +953,12 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
int pending;
if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
- MSG_CMSG_COMPAT))
+ MSG_EOR | MSG_CMSG_COMPAT))
return -EOPNOTSUPP;
+ if (msg->msg_flags & MSG_EOR)
+ eor = true;
+
ret = mutex_lock_interruptible(&tls_ctx->tx_lock);
if (ret)
return ret;
@@ -1173,6 +1176,8 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
bool eor;
eor = !(flags & MSG_SENDPAGE_NOTLAST);
+ if (flags & MSG_EOR)
+ eor = true;
sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
/* Call the sk_stream functions to manage the sndbuf mem. */
@@ -1274,7 +1279,7 @@ static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
int tls_sw_sendpage_locked(struct sock *sk, struct page *page,
int offset, size_t size, int flags)
{
- if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
+ if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_EOR |
MSG_SENDPAGE_NOTLAST | MSG_SENDPAGE_NOPOLICY |
MSG_NO_SHARED_FRAGS))
return -EOPNOTSUPP;
@@ -1288,7 +1293,7 @@ int tls_sw_sendpage(struct sock *sk, struct page *page,
struct tls_context *tls_ctx = tls_get_ctx(sk);
int ret;
- if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
+ if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_EOR |
MSG_SENDPAGE_NOTLAST | MSG_SENDPAGE_NOPOLICY))
return -EOPNOTSUPP;
--
2.35.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/3] net/tls: handle MSG_EOR for tls_device TX flow
2023-05-26 14:31 [PATCH 0/3] net/tls: fixes for NVMe-over-TLS Hannes Reinecke
2023-05-26 14:31 ` [PATCH 1/3] net/tls: handle MSG_EOR for tls_sw TX flow Hannes Reinecke
@ 2023-05-26 14:31 ` Hannes Reinecke
2023-05-26 14:31 ` [PATCH 3/3] net/tls: implement ->read_sock() Hannes Reinecke
2 siblings, 0 replies; 5+ messages in thread
From: Hannes Reinecke @ 2023-05-26 14:31 UTC (permalink / raw)
To: Christoph Hellwig
Cc: Sagi Grimberg, Keith Busch, linux-nvme, Hannes Reinecke,
Jakub Kicinski, netdev
tls_push_data() MSG_MORE / MSG_SENDPAGE_NOTLAST, but bails
out on MSG_EOR.
But seeing that MSG_EOR is basically the opposite of
MSG_MORE / MSG_SENDPAGE_NOTLAST this patch adds handling
MSG_EOR by treating it as the negation of MSG_MORE.
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org
Signed-off-by: Hannes Reinecke <hare@suse.de>
---
net/tls/tls_device.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c
index a7cc4f9faac2..9603a3c9ec24 100644
--- a/net/tls/tls_device.c
+++ b/net/tls/tls_device.c
@@ -449,7 +449,7 @@ static int tls_push_data(struct sock *sk,
long timeo;
if (flags &
- ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_SENDPAGE_NOTLAST))
+ ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_SENDPAGE_NOTLAST | MSG_EOR))
return -EOPNOTSUPP;
if (unlikely(sk->sk_err))
@@ -529,6 +529,10 @@ static int tls_push_data(struct sock *sk,
more = true;
break;
}
+ if (flags & MSG_EOR) {
+ more = false;
+ break;
+ }
done = true;
}
@@ -603,6 +607,8 @@ int tls_device_sendpage(struct sock *sk, struct page *page,
if (flags & MSG_SENDPAGE_NOTLAST)
flags |= MSG_MORE;
+ if (flags & MSG_EOR)
+ flags &= ~(MSG_MORE | MSG_SENDPAGE_NOTLAST);
mutex_lock(&tls_ctx->tx_lock);
lock_sock(sk);
--
2.35.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/3] net/tls: implement ->read_sock()
2023-05-26 14:31 [PATCH 0/3] net/tls: fixes for NVMe-over-TLS Hannes Reinecke
2023-05-26 14:31 ` [PATCH 1/3] net/tls: handle MSG_EOR for tls_sw TX flow Hannes Reinecke
2023-05-26 14:31 ` [PATCH 2/3] net/tls: handle MSG_EOR for tls_device " Hannes Reinecke
@ 2023-05-26 14:31 ` Hannes Reinecke
2 siblings, 0 replies; 5+ messages in thread
From: Hannes Reinecke @ 2023-05-26 14:31 UTC (permalink / raw)
To: Christoph Hellwig
Cc: Sagi Grimberg, Keith Busch, linux-nvme, Hannes Reinecke,
Boris Pismenny, Jakub Kicinski, netdev
Implement ->read_sock() function for use with nvme-tcp.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Boris Pismenny <boris.pismenny@gmail.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: netdev@vger.kernel.org
---
net/tls/tls.h | 2 ++
net/tls/tls_main.c | 2 ++
net/tls/tls_sw.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 75 insertions(+)
diff --git a/net/tls/tls.h b/net/tls/tls.h
index 804c3880d028..a5bf3a9ce142 100644
--- a/net/tls/tls.h
+++ b/net/tls/tls.h
@@ -113,6 +113,8 @@ bool tls_sw_sock_is_readable(struct sock *sk);
ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos,
struct pipe_inode_info *pipe,
size_t len, unsigned int flags);
+int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
+ sk_read_actor_t read_actor);
int tls_device_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);
int tls_device_sendpage(struct sock *sk, struct page *page,
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index f2e7302a4d96..767297a029b9 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -922,9 +922,11 @@ static void build_proto_ops(struct proto_ops ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG]
ops[TLS_BASE][TLS_SW ] = ops[TLS_BASE][TLS_BASE];
ops[TLS_BASE][TLS_SW ].splice_read = tls_sw_splice_read;
+ ops[TLS_BASE][TLS_SW ].read_sock = tls_sw_read_sock;
ops[TLS_SW ][TLS_SW ] = ops[TLS_SW ][TLS_BASE];
ops[TLS_SW ][TLS_SW ].splice_read = tls_sw_splice_read;
+ ops[TLS_SW ][TLS_SW ].read_sock = tls_sw_read_sock;
#ifdef CONFIG_TLS_DEVICE
ops[TLS_HW ][TLS_BASE] = ops[TLS_BASE][TLS_BASE];
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index be8e0459d403..9bee2dcd55bf 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2219,6 +2219,77 @@ ssize_t tls_sw_splice_read(struct socket *sock, loff_t *ppos,
goto splice_read_end;
}
+int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
+ sk_read_actor_t read_actor)
+{
+ struct tls_context *tls_ctx = tls_get_ctx(sk);
+ struct tls_sw_context_rx *ctx = tls_sw_ctx_rx(tls_ctx);
+ struct strp_msg *rxm = NULL;
+ struct tls_msg *tlm;
+ struct sk_buff *skb;
+ ssize_t copied = 0;
+ int err, used;
+
+ if (!skb_queue_empty(&ctx->rx_list)) {
+ skb = __skb_dequeue(&ctx->rx_list);
+ } else {
+ struct tls_decrypt_arg darg;
+
+ err = tls_rx_rec_wait(sk, NULL, true, true);
+ if (err <= 0)
+ return err;
+
+ memset(&darg.inargs, 0, sizeof(darg.inargs));
+
+ err = tls_rx_one_record(sk, NULL, &darg);
+ if (err < 0) {
+ tls_err_abort(sk, -EBADMSG);
+ return err;
+ }
+
+ tls_rx_rec_done(ctx);
+ skb = darg.skb;
+ }
+
+ do {
+ rxm = strp_msg(skb);
+ tlm = tls_msg(skb);
+
+ /* read_sock does not support reading control messages */
+ if (tlm->control != TLS_RECORD_TYPE_DATA) {
+ err = -EINVAL;
+ goto read_sock_requeue;
+ }
+
+ used = read_actor(desc, skb, rxm->offset, rxm->full_len);
+ if (used <= 0) {
+ err = used;
+ goto read_sock_end;
+ }
+
+ copied += used;
+ if (used < rxm->full_len) {
+ rxm->offset += used;
+ rxm->full_len -= used;
+ if (!desc->count)
+ goto read_sock_requeue;
+ } else {
+ consume_skb(skb);
+ if (desc->count && !skb_queue_empty(&ctx->rx_list))
+ skb = __skb_dequeue(&ctx->rx_list);
+ else
+ skb = NULL;
+ }
+ } while (skb);
+
+read_sock_end:
+ return copied ? : err;
+
+read_sock_requeue:
+ __skb_queue_head(&ctx->rx_list, skb);
+ goto read_sock_end;
+}
+
bool tls_sw_sock_is_readable(struct sock *sk)
{
struct tls_context *tls_ctx = tls_get_ctx(sk);
--
2.35.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/3] net/tls: handle MSG_EOR for tls_sw TX flow
2023-05-26 14:31 ` [PATCH 1/3] net/tls: handle MSG_EOR for tls_sw TX flow Hannes Reinecke
@ 2023-05-27 4:13 ` Jakub Kicinski
0 siblings, 0 replies; 5+ messages in thread
From: Jakub Kicinski @ 2023-05-27 4:13 UTC (permalink / raw)
To: Hannes Reinecke
Cc: Christoph Hellwig, Sagi Grimberg, Keith Busch, linux-nvme, netdev
On Fri, 26 May 2023 16:31:50 +0200 Hannes Reinecke wrote:
> tls_sw_sendmsg() / tls_do_sw_sendpage() already handles
> MSG_MORE / MSG_SENDPAGE_NOTLAST, but bails out on MSG_EOR.
> But seeing that MSG_EOR is basically the opposite of
> MSG_MORE / MSG_SENDPAGE_NOTLAST this patch adds handling
> MSG_EOR by treating it as the negation of MSG_MORE.
The cover letter didn't make it to netdev so replying here -
please add test cases for EOR to tools/testing/selftests/net/tls.c
(FWIW selftests now take command line arguments allowing you to narrow
down the set of test cases run, it's pretty useful here, waiting for
all crypto algos to finish is annoying)
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-05-27 4:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-26 14:31 [PATCH 0/3] net/tls: fixes for NVMe-over-TLS Hannes Reinecke
2023-05-26 14:31 ` [PATCH 1/3] net/tls: handle MSG_EOR for tls_sw TX flow Hannes Reinecke
2023-05-27 4:13 ` Jakub Kicinski
2023-05-26 14:31 ` [PATCH 2/3] net/tls: handle MSG_EOR for tls_device " Hannes Reinecke
2023-05-26 14:31 ` [PATCH 3/3] net/tls: implement ->read_sock() Hannes Reinecke
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).