From patchwork Fri Nov 11 21:23:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 1529 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp975026wru; Fri, 11 Nov 2022 13:29:15 -0800 (PST) X-Google-Smtp-Source: AA0mqf47nO70ujbbONSZD1A3jAWe8VWfDlMe2n6jaOEwvrKpiV7I7Jc457fYEpchkQYTBovsxdUf X-Received: by 2002:a63:f14:0:b0:46e:be03:d9b5 with SMTP id e20-20020a630f14000000b0046ebe03d9b5mr3184681pgl.495.1668202155237; Fri, 11 Nov 2022 13:29:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668202155; cv=none; d=google.com; s=arc-20160816; b=qRM7t6SHyxiiGe34tDCFv7aivViZINT4zYVBcwYvFAaYn2NbPKLXSX3ZGuPeX7fCjl Gr1VcdaUvGuOFUoEK7rTiWktGj1NUSb8iwWa9sEezjRcsdeQluGyO3En06Vg1BSgXmPk yBVdJSWr2zaajTghaONpQl18ucdLCp3guYRdfW+iUSPd/Tuyld8+sSGUp/HuZaETd/+D wz+KeE8Xje0JZulUbrmFR5G+vyMkVQeaPcNmpxNsYDBFntTys3/TJjoZwPhpkB4DIQ3c wgdA49F+p0QdX0HD9PN7jLESwwnbcHG26pBT7JzV1I6tt7skrgy7HQ4Y0xf69uagubAo L+zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=e6Yy5Fgy/fFmhzxwj4kvbwK22iDhlH9BwFdgcuKAt24=; b=H9FNWcmvyRqIvRcoGLr1TR6PkyYJwU6SpzsAIqE/Iz5AmZqFVKTgtmv8Qg7MYdDgwK wgBX9++lLn3E7DyVhh87p/KxGioXadc/OoNLNQPnGY2IMP7EeEVLPoPZW808zxOv0Dg5 pljVaYKvu6rVTiE1JH513Ns2EfkPCi93/JVdCJ6009sgj54AZT7RHc41ktMvG6Ou6BNq 5/4iJDvQZBrPlQi6PnSsJONXExsqR2Ea+FlXYkWnU06TrfwRRtPPGurguR3MjtAPY+x/ bGD5gea18UyhdKNOg45d14vvFFs1ndsY3Xs7/rnL1DEipY8KD8f3K+gEbgwztT4TUFRI AGRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=GgQ5yN9a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q67-20020a17090a1b4900b0020de216d0c4si3407550pjq.61.2022.11.11.13.29.02; Fri, 11 Nov 2022 13:29:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=GgQ5yN9a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234374AbiKKVXg (ORCPT + 99 others); Fri, 11 Nov 2022 16:23:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48886 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232979AbiKKVXb (ORCPT ); Fri, 11 Nov 2022 16:23:31 -0500 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4E97640F for ; Fri, 11 Nov 2022 13:23:29 -0800 (PST) Received: by mail-wm1-x331.google.com with SMTP id ja4-20020a05600c556400b003cf6e77f89cso6237469wmb.0 for ; Fri, 11 Nov 2022 13:23:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=e6Yy5Fgy/fFmhzxwj4kvbwK22iDhlH9BwFdgcuKAt24=; b=GgQ5yN9aR8bX0LQ2edh3M9RyxBVAN14ksPobL1d8ceSVeMzg9lk9b3JwD8Sr8JHvyJ Xr3atLcMIEgpZQks1apFIux82kUROpnfmDouKkSefqlyVxeOictcNzZtrVDy5T6whoVR 6M2RHL/jW5U+GLOUrbWSm/Y8qskVBU7gneSh4dt7fE2cEII5rIUpg2aw7+6Tw9nx6vNP tgvyFGmsRp/b9NtTIPLUecSdzA/3hGUKuklMotY+toz+DhJIn6vtxZro0DsHuvyQTgxF lzCTCNA2So4ma/l0tj7PGdkzCqU3fJ6u7UYL0fBNwt+D9xpkc5sdLbcHG+j/VeViWlG/ 8Tyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e6Yy5Fgy/fFmhzxwj4kvbwK22iDhlH9BwFdgcuKAt24=; b=mVTnP6+YdG3zpsrP15ITj3Cue6eTpuxc/sL6vq/ov6JyxNPypWJ75780P6EPBzZiiu jC5xkC4plwN8qBDRMvk3CpIIUtZVMDh2oTTjIOexKyuERqPIX8n6CjxewJxJNtgYle2f HKo5SwceACmRhSTuQsBCMNLME38tBrL96jLS1uVVuq3BlnWkz6Ow3l6/nK7U6VTbNcsG dYv4S3UD83iJCMzOHsLhCch0wlE45TblJx52WQ8YwnJt1TstPQ+G1TjxNmkAbVZFBXHj i3fr3CJ6gQENw6S/de/iyglrfOqQEBfeEXxxwyzq/XTSWYYB5nFI9lZEECAeOf83/FoT EiEg== X-Gm-Message-State: ANoB5pmGodfWt4a1IXdifFftbqHGyuAhS9A9wdt9dkDcOgVQBA8zwSoo pcaxsSOMPEHB+Aq7Z8KThUyHH21ZLPdeVg== X-Received: by 2002:a7b:c5d3:0:b0:3cf:4eeb:927b with SMTP id n19-20020a7bc5d3000000b003cf4eeb927bmr2472521wmk.74.1668201807910; Fri, 11 Nov 2022 13:23:27 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id n18-20020a7bcbd2000000b003cf9bf5208esm9423281wmi.19.2022.11.11.13.23.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Nov 2022 13:23:27 -0800 (PST) From: Dmitry Safonov To: linux-kernel@vger.kernel.org, David Ahern , Eric Dumazet Cc: Dmitry Safonov , Bob Gilligan , "David S. Miller" , Dmitry Safonov <0x7f454c46@gmail.com>, Francesco Ruggeri , Hideaki YOSHIFUJI , Jakub Kicinski , Paolo Abeni , Salam Noureddine , netdev@vger.kernel.org Subject: [PATCH v3 0/3] net/tcp: Dynamically disable TCP-MD5 static key Date: Fri, 11 Nov 2022 21:23:17 +0000 Message-Id: <20221111212320.1386566-1-dima@arista.com> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749236743116257028?= X-GMAIL-MSGID: =?utf-8?q?1749236743116257028?= Changes from v2: - Prevent key->enabled from turning negative by overflow from static_key_slow_inc() or static_key_fast_inc() (addressing Peter Zijlstra's review) - Added checks if static_branch_inc() and static_key_fast_int() were successful to TCP-MD5 code. Changes from v1: - Add static_key_fast_inc() helper rather than open-coded atomic_inc() (as suggested by Eric Dumazet) Version 2: https://lore.kernel.org/all/20221103212524.865762-1-dima@arista.com/T/#u Version 1: https://lore.kernel.org/all/20221102211350.625011-1-dima@arista.com/T/#u The static key introduced by commit 6015c71e656b ("tcp: md5: add tcp_md5_needed jump label") is a fast-path optimization aimed at avoiding a cache line miss. Once an MD5 key is introduced in the system the static key is enabled and never disabled. Address this by disabling the static key when the last tcp_md5sig_info in system is destroyed. Previously it was submitted as a part of TCP-AO patches set [1]. Now in attempt to split 36 patches submission, I send this independently. Cc: Bob Gilligan Cc: David Ahern Cc: "David S. Miller" Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: Eric Dumazet Cc: Francesco Ruggeri Cc: Hideaki YOSHIFUJI Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Salam Noureddine Cc: netdev@vger.kernel.org Cc: linux-kernel@vger.kernel.org [1]: https://lore.kernel.org/all/20221027204347.529913-1-dima@arista.com/T/#u Thanks, Dmitry Dmitry Safonov (3): jump_label: Prevent key->enabled int overflow net/tcp: Separate tcp_md5sig_info allocation into tcp_md5sig_info_add() net/tcp: Disable TCP-MD5 static key on tcp_md5sig_info destruction include/linux/jump_label.h | 21 ++++++++-- include/net/tcp.h | 10 +++-- kernel/jump_label.c | 54 +++++++++++++++++------- net/ipv4/tcp.c | 5 +-- net/ipv4/tcp_ipv4.c | 86 +++++++++++++++++++++++++++++++------- net/ipv4/tcp_minisocks.c | 12 ++++-- net/ipv4/tcp_output.c | 4 +- net/ipv6/tcp_ipv6.c | 10 ++--- 8 files changed, 150 insertions(+), 52 deletions(-) base-commit: 4bbf3422df78029f03161640dcb1e9d1ed64d1ea