Message ID | 20230331160914.1608208-30-dhowells@redhat.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp686810vqo; Fri, 31 Mar 2023 09:28:23 -0700 (PDT) X-Google-Smtp-Source: AKy350aSr4eCCFqZpJ5fyOokib1agATaHd6OCrmseNmG1Vr9R0E1BJGQiIYUMkkfLJlnFpKyPWCy X-Received: by 2002:a17:906:3d72:b0:946:c09a:4262 with SMTP id r18-20020a1709063d7200b00946c09a4262mr9518369ejf.29.1680280103500; Fri, 31 Mar 2023 09:28:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680280103; cv=none; d=google.com; s=arc-20160816; b=j8H4hgClBzxOB7PDNQkkoWJHD2AMyxyBuIZ+mf1/85jWQtNsGMURTo6ubc+J89H5TK kzKsdHRE/hyFvBLWm9KFj0Uyk8mjkRRF4KjXc+d/LdxQsSLSuEdfuI8aqoeSFZuJEktp blBKAKzMnGv3tVzQYYvhFn0Hg18avL+v+bJXl6O//lmBTS/8FLm7MG+Y1OLsoyc5g/jH 3qnRc8qaVRBZMCxVeTKNlaqKggOsVa6t33/05h8hacZHAr3FQEv7Segwvl81lRVTWXVN Cvf+xKhbRfxgZcDp403Zu/GPQtlW8u2xB0a+JRAw+4KNexz1Sy6GSRdMGQzxbNO+POWW +TJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NZJQb7iAop4LtoT19/C7V+Vk0vTB0ScTwxSGzzmAlmQ=; b=KFGu2ZLK2aE+u7TEIrOgZ+lyT1IDy6eJLWAYNlSSeLbM3x8RJjURTHOAGyh7IxZ/kS LaXlGV/wJ8w/JRetCW9Ah/y6kui/4qfyHiQN3iJLHioSwjsQ+WEwlHjOGZV2GA4/Pdal 40FAeIgEFPXPrN6rVBd9P3Xxp3iPiie87yEzmhHorjBmO9L4jaW4KBwa6rXIuAkSkuBO PK20rq+AHS9RI4mBoL4LLkZjB9AW2ZJEKkCJtuh6qqc2jHxZxz/obP+NTrN4UGh5xq3q FY9K2KxB+Lqns38QiuY3wFYvkIny2BYvBSrNUB9ZbHW7J97oJuQCaVoOsC2nsWeJL9xf ksEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=OmrG1vgt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l8-20020a056402124800b004cdc92cc412si2416346edw.69.2023.03.31.09.27.58; Fri, 31 Mar 2023 09:28:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=OmrG1vgt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233400AbjCaQPp (ORCPT <rfc822;dexuan.linux@gmail.com> + 99 others); Fri, 31 Mar 2023 12:15:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33578 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231215AbjCaQO2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Fri, 31 Mar 2023 12:14:28 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A11C22E8F for <linux-kernel@vger.kernel.org>; Fri, 31 Mar 2023 09:10:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1680279045; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NZJQb7iAop4LtoT19/C7V+Vk0vTB0ScTwxSGzzmAlmQ=; b=OmrG1vgtBwF7BqMP3uI7P4DUYVJoR6NeLlvkMZTdUVN13dRavFgxi8f3nF55oxN2kufpP7 zN6bDeWxqMyR3XAByDN0CrqXUYFn78L9l2zqNe0US96Di0XNnaeLiwXUHGvEgLAlYHR7Br hb19Vilctkp52svxXkvSl1t+/J+7A5c= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-380-s0-9Da1IPNaVGNWY3Pu9-w-1; Fri, 31 Mar 2023 12:10:42 -0400 X-MC-Unique: s0-9Da1IPNaVGNWY3Pu9-w-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B8BF029ABA1D; Fri, 31 Mar 2023 16:10:41 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id A7E464020C82; Fri, 31 Mar 2023 16:10:39 +0000 (UTC) From: David Howells <dhowells@redhat.com> To: Matthew Wilcox <willy@infradead.org>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com> Cc: David Howells <dhowells@redhat.com>, Al Viro <viro@zeniv.linux.org.uk>, Christoph Hellwig <hch@infradead.org>, Jens Axboe <axboe@kernel.dk>, Jeff Layton <jlayton@kernel.org>, Christian Brauner <brauner@kernel.org>, Chuck Lever III <chuck.lever@oracle.com>, Linus Torvalds <torvalds@linux-foundation.org>, netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Boris Pismenny <borisp@nvidia.com>, John Fastabend <john.fastabend@gmail.com> Subject: [PATCH v3 29/55] tls/sw: Support MSG_SPLICE_PAGES Date: Fri, 31 Mar 2023 17:08:48 +0100 Message-Id: <20230331160914.1608208-30-dhowells@redhat.com> In-Reply-To: <20230331160914.1608208-1-dhowells@redhat.com> References: <20230331160914.1608208-1-dhowells@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1761901389852888957?= X-GMAIL-MSGID: =?utf-8?q?1761901389852888957?= |
Series |
splice, net: Replace sendpage with sendmsg(MSG_SPLICE_PAGES)
|
|
Commit Message
David Howells
March 31, 2023, 4:08 p.m. UTC
Make TLS's sendmsg() support MSG_SPLICE_PAGES. This causes pages to be
spliced from the source iterator if possible and copied the data if not.
This allows ->sendpage() to be replaced by something that can handle
multiple multipage folios in a single transaction.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: Boris Pismenny <borisp@nvidia.com>
cc: John Fastabend <john.fastabend@gmail.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Eric Dumazet <edumazet@google.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Paolo Abeni <pabeni@redhat.com>
cc: Jens Axboe <axboe@kernel.dk>
cc: Matthew Wilcox <willy@infradead.org>
cc: netdev@vger.kernel.org
---
net/tls/tls_sw.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 56 insertions(+), 1 deletion(-)
Comments
Here's a trivial TLS server that can be used to test this. David --- /* * TLS-over-TCP sink server */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <unistd.h> #include <netinet/in.h> #include <netinet/tcp.h> #include <linux/tls.h> #define OSERROR(X, Y) do { if ((long)(X) == -1) { perror(Y); exit(1); } } while(0) static unsigned char buffer[512 * 1024] __attribute__((aligned(4096))); static void set_tls(int sock) { struct tls12_crypto_info_aes_gcm_128 crypto_info; crypto_info.info.version = TLS_1_2_VERSION; crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; memset(crypto_info.iv, 0, TLS_CIPHER_AES_GCM_128_IV_SIZE); memset(crypto_info.rec_seq, 0, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); memset(crypto_info.key, 0, TLS_CIPHER_AES_GCM_128_KEY_SIZE); memset(crypto_info.salt, 0, TLS_CIPHER_AES_GCM_128_SALT_SIZE); OSERROR(setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")), "TCP_ULP"); OSERROR(setsockopt(sock, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info)), "TLS_TX"); OSERROR(setsockopt(sock, SOL_TLS, TLS_RX, &crypto_info, sizeof(crypto_info)), "TLS_RX"); } int main(int argc, char *argv[]) { struct sockaddr_in sin = { .sin_family = AF_INET, .sin_port = htons(5556) }; int sfd, afd; sfd = socket(AF_INET, SOCK_STREAM, 0); OSERROR(sfd, "socket"); OSERROR(bind(sfd, (struct sockaddr *)&sin, sizeof(sin)), "bind"); OSERROR(listen(sfd, 1), "listen"); for (;;) { afd = accept(sfd, NULL, NULL); if (afd != -1) { set_tls(afd); while (read(afd, buffer, sizeof(buffer)) > 0) {} close(afd); } } }
Here's a trivial TLS client program for testing this. David --- /* * TLS-over-TCP send client */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <unistd.h> #include <netdb.h> #include <netinet/in.h> #include <netinet/tcp.h> #include <sys/stat.h> #include <sys/sendfile.h> #include <linux/tls.h> #define OSERROR(X, Y) do { if ((long)(X) == -1) { perror(Y); exit(1); } } while(0) static unsigned char buffer[4096] __attribute__((aligned(4096))); static void set_tls(int sock) { struct tls12_crypto_info_aes_gcm_128 crypto_info; crypto_info.info.version = TLS_1_2_VERSION; crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; memset(crypto_info.iv, 0, TLS_CIPHER_AES_GCM_128_IV_SIZE); memset(crypto_info.rec_seq, 0, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); memset(crypto_info.key, 0, TLS_CIPHER_AES_GCM_128_KEY_SIZE); memset(crypto_info.salt, 0, TLS_CIPHER_AES_GCM_128_SALT_SIZE); OSERROR(setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")), "TCP_ULP"); OSERROR(setsockopt(sock, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info)), "TLS_TX"); OSERROR(setsockopt(sock, SOL_TLS, TLS_RX, &crypto_info, sizeof(crypto_info)), "TLS_RX"); } int main(int argc, char *argv[]) { struct sockaddr_in sin = { .sin_family = AF_INET, .sin_port = htons(5556) }; struct hostent *h; struct stat st; ssize_t r, o; int sf = 0; int cfd, fd; if (argc > 1 && strcmp(argv[1], "-s") == 0) { sf = 1; argc--; argv++; } if (argc != 3) { fprintf(stderr, "tcp-send [-s] <server> <file>\n"); exit(2); } h = gethostbyname(argv[1]); if (!h) { fprintf(stderr, "%s: %s\n", argv[1], hstrerror(h_errno)); exit(3); } if (!h->h_addr_list[0]) { fprintf(stderr, "%s: No addresses\n", argv[1]); exit(3); } memcpy(&sin.sin_addr, h->h_addr_list[0], h->h_length); cfd = socket(AF_INET, SOCK_STREAM, 0); OSERROR(cfd, "socket"); OSERROR(connect(cfd, (struct sockaddr *)&sin, sizeof(sin)), "connect"); set_tls(cfd); fd = open(argv[2], O_RDONLY); OSERROR(fd, argv[2]); OSERROR(fstat(fd, &st), argv[2]); if (!sf) { for (;;) { r = read(fd, buffer, sizeof(buffer)); OSERROR(r, argv[2]); if (r == 0) break; o = 0; do { ssize_t w = write(cfd, buffer + o, r - o); OSERROR(w, "write"); o += w; } while (o < r); } } else { off_t off = 0; r = sendfile(cfd, fd, &off, st.st_size); OSERROR(r, "sendfile"); if (r != st.st_size) { fprintf(stderr, "Short sendfile\n"); exit(1); } } OSERROR(close(cfd), "close/c"); OSERROR(close(fd), "close/f"); return 0; }
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 782d3701b86f..ce0c289e68ca 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -929,6 +929,49 @@ static int tls_sw_push_pending_record(struct sock *sk, int flags) &copied, flags); } +static int rls_sw_sendmsg_splice(struct sock *sk, struct msghdr *msg, + struct sk_msg *msg_pl, size_t try_to_copy, + ssize_t *copied) +{ + struct page *page, **pages = &page; + + do { + ssize_t part; + size_t off; + bool put = false; + + part = iov_iter_extract_pages(&msg->msg_iter, &pages, + try_to_copy, 1, 0, &off); + if (part <= 0) + return part ?: -EIO; + + if (!sendpage_ok(page)) { + const void *p = kmap_local_page(page); + void *q; + + q = page_frag_memdup(NULL, p + off, part, + sk->sk_allocation, ULONG_MAX); + kunmap_local(p); + if (!q) { + iov_iter_revert(&msg->msg_iter, part); + return -ENOMEM; + } + page = virt_to_page(q); + off = offset_in_page(q); + put = true; + } + + sk_msg_page_add(msg_pl, page, part, off); + sk_mem_charge(sk, part); + if (put) + put_page(page); + *copied += part; + try_to_copy -= part; + } while (try_to_copy && !sk_msg_full(msg_pl)); + + return 0; +} + int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) { long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); @@ -1016,6 +1059,17 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) full_record = true; } + if (try_to_copy && (msg->msg_flags & MSG_SPLICE_PAGES)) { + ret = rls_sw_sendmsg_splice(sk, msg, msg_pl, + try_to_copy, &copied); + if (ret < 0) + goto send_end; + tls_ctx->pending_open_record_frags = true; + if (full_record || eor || sk_msg_full(msg_pl)) + goto copied; + continue; + } + if (!is_kvec && (full_record || eor) && !async_capable) { u32 first = msg_pl->sg.end; @@ -1078,8 +1132,9 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) /* Open records defined only if successfully copied, otherwise * we would trim the sg but not reset the open record frags. */ - tls_ctx->pending_open_record_frags = true; copied += try_to_copy; +copied: + tls_ctx->pending_open_record_frags = true; if (full_record || eor) { ret = bpf_exec_tx_verdict(msg_pl, sk, full_record, record_type, &copied,