netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jakub Kicinski <jakub.kicinski@netronome.com>
To: Davide Caratti <dcaratti@redhat.com>
Cc: "David S. Miller" <davem@davemloft.net>,
	Dave Watson <davejwatson@fb.com>,
	Boris Pismenny <borisp@mellanox.com>,
	Aviad Yehezkel <aviadye@mellanox.com>,
	John Fastabend <john.fastabend@gmail.com>,
	Daniel Borkmann <daniel@iogearbox.net>,
	netdev@vger.kernel.org
Subject: Re: [RFC PATCH net-next 2/2] net: tls: export protocol version and cipher to socket diag
Date: Mon, 17 Jun 2019 11:07:06 -0700	[thread overview]
Message-ID: <20190617110706.7c269328@cakuba.netronome.com> (raw)
In-Reply-To: <5ed5d6b3356c505ece2a354847e3aafd09fb82f3.camel@redhat.com>

On Mon, 17 Jun 2019 18:04:06 +0200, Davide Caratti wrote:
> On Wed, 2019-06-05 at 16:25 -0700, Jakub Kicinski wrote:
> > On Wed,  5 Jun 2019 17:39:23 +0200, Davide Caratti wrote:  
> > We need some indication of the directions in which kTLS is active
> > (none, rx, tx, rx/tx).
> > 
> > Also perhaps could you add TLS_SW vs TLS_HW etc. ? :)  
> 
> I can add a couple of u16 (or larger?) bitmasks to dump txconf and rxconf.
> do you think this is sufficient?

SGTM!

> > > +	int err = 0;  
> > 
> > There should be no need to init this.
> >   
> > > +	if (sk->sk_state != TCP_ESTABLISHED)  
> > 
> > Hmm.. why this check?  We never clean up the state once installed until
> > the socket dies completely (currently, pending John's unhash work).  
> 
> the goal was to ensure that we don't read ctx anymore after
> tls_sk_proto_close() has freed ctx, and I thought that a test on the value
> of sk_state was sufficient.
> 
> If it's not, then we might invent something else. For example, we might
> defer freeing kTLS ctx, so that it's called as the very last thing with
> tcp_cleanup_ulp().

Mm.. I was hoping the user space can no longer access a socket once
it reaches sk_prot->close :S  Perhaps I got this wrong.  If it can 
we need to make sure we don't free context before calling tcp_close()
otherwise the state may still be established, no?

In particular:

#ifdef CONFIG_TLS_DEVICE
	if (ctx->rx_conf == TLS_HW)
		tls_device_offload_cleanup_rx(sk);

	if (ctx->tx_conf != TLS_HW && ctx->rx_conf != TLS_HW) {
#else
	{
#endif
		tls_ctx_free(ctx);        <<<  <<<   <<<   <<< kfree()
		ctx = NULL;
	}

skip_tx_cleanup:
	release_sock(sk);
	sk_proto_close(sk, timeout);      <<<  <<<   <<<   <<< tcp_close()
	/* free ctx for TLS_HW_RECORD, used by tcp_set_state
	 * for sk->sk_prot->unhash [tls_hw_unhash]
	 */
	if (free_ctx)
		tls_ctx_free(ctx);

  reply	other threads:[~2019-06-17 18:07 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-05 15:39 [RFC PATCH net-next 0/2] net: extend INET_DIAG_INFO with information specific to TCP ULP Davide Caratti
2019-06-05 15:39 ` [RFC PATCH net-next 1/2] tcp: ulp: add functions to dump ulp-specific information Davide Caratti
2019-06-05 23:14   ` Jakub Kicinski
2019-06-17 13:06     ` Davide Caratti
2019-06-17 17:41       ` Jakub Kicinski
2019-06-05 15:39 ` [RFC PATCH net-next 2/2] net: tls: export protocol version and cipher to socket diag Davide Caratti
2019-06-05 23:25   ` Jakub Kicinski
2019-06-17 16:04     ` Davide Caratti
2019-06-17 18:07       ` Jakub Kicinski [this message]
2019-06-06  7:07   ` Boris Pismenny

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190617110706.7c269328@cakuba.netronome.com \
    --to=jakub.kicinski@netronome.com \
    --cc=aviadye@mellanox.com \
    --cc=borisp@mellanox.com \
    --cc=daniel@iogearbox.net \
    --cc=davejwatson@fb.com \
    --cc=davem@davemloft.net \
    --cc=dcaratti@redhat.com \
    --cc=john.fastabend@gmail.com \
    --cc=netdev@vger.kernel.org \
    --subject='Re: [RFC PATCH net-next 2/2] net: tls: export protocol version and cipher to socket diag' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).