linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Tariq Toukan <ttoukan.linux@gmail.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: David Howells <dhowells@redhat.com>,
	netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Paolo Abeni <pabeni@redhat.com>,
	Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
	David Ahern <dsahern@kernel.org>,
	Matthew Wilcox <willy@infradead.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Christoph Hellwig <hch@infradead.org>,
	Jens Axboe <axboe@kernel.dk>, Jeff Layton <jlayton@kernel.org>,
	Christian Brauner <brauner@kernel.org>,
	Chuck Lever III <chuck.lever@oracle.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-mm@kvack.org, Boris Pismenny <borisp@nvidia.com>,
	John Fastabend <john.fastabend@gmail.com>,
	Gal Pressman <gal@nvidia.com>,
	ranro@nvidia.com, samiram@nvidia.com, drort@nvidia.com,
	Tariq Toukan <tariqt@nvidia.com>
Subject: Re: [PATCH net-next v10 08/16] tls: Inline do_tcp_sendpages()
Date: Tue, 8 Aug 2023 10:29:18 +0300	[thread overview]
Message-ID: <ca5ac2f8-d3b1-0d07-d361-6ce1d4f12392@gmail.com> (raw)
In-Reply-To: <20230803201212.1d5dd0f9@kernel.org>



On 04/08/2023 6:12, Jakub Kicinski wrote:
> On Thu, 3 Aug 2023 14:47:35 +0300 Tariq Toukan wrote:
>> When applying this patch, repro disappears! :)
>> Apparently it is related to the warning.
>> Please go on and submit it.
> 
> I have no idea how. I found a different bug, staring at this code
> for another hour. But I still don't get how we can avoid UaF on
> a page by having the TCP take a ref on it rather than copy it.
> 
> If anything we should have 2 refs on any page in the sg, one because
> it's on the sg, and another held by the re-tx handling.
> 
> So I'm afraid we're papering over something here :( We need to keep
> digging.

Hi Jakub,
I'm glad to see that you already nailed the other bug and merged the fix.

I can update that we ran comprehensive TLS testing on a branch that 
contains your proposed fix (net: tls: set MSG_SPLICE_PAGES 
consistently), and doesn't contain the other fix (net: tls: avoid 
discarding data on record close).

Except for one "known" issue (we'll discuss it in a second), the runs 
look clean.
No more traces or encrypt/decrypt error counters. Your proposed fix 
seems to work and causes no degradation.
How do you suggest proceeding here?

One mysterious remaining issue, which I already reported some time ago 
but couldn't effectively debug due to other TLS bugs, is the increase of 
TlsDecryptError / TlsEncryptError counters when running kTLS offloaded 
traffic during bond creation on some other interface.
Weird...

We should start giving it the needed attention now that the other issues 
seem to be resolved.

Regards,
Tariq

  reply	other threads:[~2023-08-08 16:07 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-22 12:11 [PATCH net-next v10 00/16] splice, net: Replace sendpage with sendmsg(MSG_SPLICE_PAGES), part 1 David Howells
2023-05-22 12:11 ` [PATCH net-next v10 01/16] net: Declare MSG_SPLICE_PAGES internal sendmsg() flag David Howells
2023-05-22 12:11 ` [PATCH net-next v10 02/16] net: Pass max frags into skb_append_pagefrags() David Howells
2023-05-22 12:11 ` [PATCH net-next v10 03/16] net: Add a function to splice pages into an skbuff for MSG_SPLICE_PAGES David Howells
2023-05-24 12:24   ` Yunsheng Lin
2023-05-24 13:21   ` David Howells
2023-05-22 12:11 ` [PATCH net-next v10 04/16] tcp: Support MSG_SPLICE_PAGES David Howells
2023-05-22 12:11 ` [PATCH net-next v10 05/16] tcp: Convert do_tcp_sendpages() to use MSG_SPLICE_PAGES David Howells
2023-05-22 12:11 ` [PATCH net-next v10 06/16] tcp_bpf: Inline do_tcp_sendpages as it's now a wrapper around tcp_sendmsg David Howells
2023-05-22 12:11 ` [PATCH net-next v10 07/16] espintcp: Inline do_tcp_sendpages() David Howells
2023-05-22 12:11 ` [PATCH net-next v10 08/16] tls: " David Howells
2023-06-07 14:17   ` Tariq Toukan
2023-06-07 15:03   ` David Howells
2023-06-13 11:15     ` Tariq Toukan
2023-06-19  8:23       ` Tariq Toukan
2023-06-19  9:35       ` David Howells
2023-06-27 16:49         ` Tariq Toukan
2023-06-30 17:21           ` Jakub Kicinski
2023-07-04 20:06             ` Tariq Toukan
2023-07-05 16:19               ` Jakub Kicinski
2023-07-23  6:35                 ` Tariq Toukan
2023-07-26  0:30                   ` Jakub Kicinski
2023-07-26 19:20                     ` Tariq Toukan
2023-07-26 20:08                       ` Jakub Kicinski
2023-08-03 11:52                         ` Tariq Toukan
2023-08-03 11:47                     ` Tariq Toukan
2023-08-04  3:12                       ` Jakub Kicinski
2023-08-08  7:29                         ` Tariq Toukan [this message]
2023-07-26 10:51                 ` David Howells
2023-07-26 11:43                   ` Tariq Toukan
2023-07-26 14:57                     ` Jakub Kicinski
2023-08-10 13:07             ` David Howells
2023-06-27 16:55         ` David Howells
2023-06-27 17:06         ` David Howells
2023-05-22 12:11 ` [PATCH net-next v10 09/16] siw: " David Howells
2023-05-22 12:11 ` [PATCH net-next v10 10/16] tcp: Fold do_tcp_sendpages() into tcp_sendpage_locked() David Howells
2023-05-22 12:11 ` [PATCH net-next v10 11/16] ip, udp: Support MSG_SPLICE_PAGES David Howells
2023-05-22 12:11 ` [PATCH net-next v10 12/16] ip6, udp6: " David Howells
2023-05-22 12:11 ` [PATCH net-next v10 13/16] udp: Convert udp_sendpage() to use MSG_SPLICE_PAGES David Howells
2023-05-22 12:11 ` [PATCH net-next v10 14/16] ip: Remove ip_append_page() David Howells
2023-05-22 12:11 ` [PATCH net-next v10 15/16] af_unix: Support MSG_SPLICE_PAGES David Howells
2023-05-22 12:11 ` [PATCH net-next v10 16/16] unix: Convert unix_stream_sendpage() to use MSG_SPLICE_PAGES David Howells
2023-05-24  4:20 ` [PATCH net-next v10 00/16] splice, net: Replace sendpage with sendmsg(MSG_SPLICE_PAGES), part 1 patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ca5ac2f8-d3b1-0d07-d361-6ce1d4f12392@gmail.com \
    --to=ttoukan.linux@gmail.com \
    --cc=axboe@kernel.dk \
    --cc=borisp@nvidia.com \
    --cc=brauner@kernel.org \
    --cc=chuck.lever@oracle.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=drort@nvidia.com \
    --cc=dsahern@kernel.org \
    --cc=edumazet@google.com \
    --cc=gal@nvidia.com \
    --cc=hch@infradead.org \
    --cc=jlayton@kernel.org \
    --cc=john.fastabend@gmail.com \
    --cc=kuba@kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=ranro@nvidia.com \
    --cc=samiram@nvidia.com \
    --cc=tariqt@nvidia.com \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=willemdebruijn.kernel@gmail.com \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).