From patchwork Wed Feb 15 18:33:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 57671 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp356277wrn; Wed, 15 Feb 2023 10:42:46 -0800 (PST) X-Google-Smtp-Source: AK7set88nZw3VesSrIaQ6o9Q6+RA/rHRthF0ewCHvAKWiEymekh4NQZbDVUzkexEjKyWgeuhgz/M X-Received: by 2002:a17:906:79d0:b0:860:c12c:14f9 with SMTP id m16-20020a17090679d000b00860c12c14f9mr3203732ejo.40.1676486566114; Wed, 15 Feb 2023 10:42:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676486566; cv=none; d=google.com; s=arc-20160816; b=lYNxnRBmGrf255jl5idHUCIKdQbpKo00kArcW40LLTtsBAj/va9MX1SvDDflUMJRXQ Fop6OkjZRMXE/13c+HZJD834AgywS377cVCsr13fxXPNPvHujyHImJI1SRX50aT6sMrH vAbe6ELeS86+duzbGh0MvQs7LboBSYNzZ4uQ455TvgBcZvEFfkfVLoths/qSv0yTlT4u wRsg0O0vJz/ytc0Ao/5qo2PMgmP0UbbZ5rgSp+obVi1GPyc5pmXHEw0MWp0EIy6TaK0c kI51W6TxoBHwdUk9JNrq6w0wXCs42ssxhM5ZA99vb6Tl7Ud/yCCIoT/AQW7XgcmFuNb6 I41Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=swOWZLppMAkB1vbkTrWz71rxybXGJU2PFiJRKq0r0PU=; b=D3E0MYiFP2xK1WMGc4Z3QPdtQQAO09tADcD9q8GP/wy7rEa4i6MUFo79YjIXDORPfS ZZM81y+sAVF3+Bq/bx00wMS3fWTQkc4uGvbn/nTES4uaeL9Nae20ksg5f8dNlK9D2krX JQbPSzlvfBgaGypkqiPmnNZaYCmDVhv1dUIbnsFNqYx1guhiGkwEzE/SuHkIKzaUF3We 47KPFKmE6SsnUOR3CXNXqNclpirFvyQb8wnj+Izw1xx0NaO4JUd3W3XD9UL17eHRdy+5 qxZ+wkxnt5PNKMK3AMMlhaamypCrWw4kiou0a1k/Ddfg/945GZfB5oKgAMod9j52cEUe 97iQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=SlVGSwrk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u3-20020aa7d983000000b004ace603c65csi5023161eds.247.2023.02.15.10.42.22; Wed, 15 Feb 2023 10:42:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=SlVGSwrk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230283AbjBOSgc (ORCPT + 99 others); Wed, 15 Feb 2023 13:36:32 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229874AbjBOSfn (ORCPT ); Wed, 15 Feb 2023 13:35:43 -0500 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A9CF3E09B for ; Wed, 15 Feb 2023 10:34:18 -0800 (PST) Received: by mail-wm1-x32b.google.com with SMTP id n33so8004059wms.0 for ; Wed, 15 Feb 2023 10:34:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=swOWZLppMAkB1vbkTrWz71rxybXGJU2PFiJRKq0r0PU=; b=SlVGSwrkML4qpFCV2r1q0ZqErXrU/F33IAeYNRzTesWGsIKNe4pOL3xVcvN7yi3dBM vibGga9/80xUpJM9xHobRytqn1RaD8hpHJd8XPHcK6RcSooHb5W4309ck3PW2cL+djnw 2aIE8xA207ZK7ASTNqY+qZVfIVfBuzaQqRvmuBOz8HNYMrWKzjZHEWphgPi2OHcstSkF RysWRpQg0HG0ZaVTgeaz07s30T2YLI8p+Es1yO7nJZ5IO0pZr9gQVCsOQyRlNflYg6Fi 2W0Rbu6EfyXau7e9lPPYEZG1cNmMfWv0V4SRQ0jycFWSBzNgc7cZwXAhqxB8YgnywsRE QSaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=swOWZLppMAkB1vbkTrWz71rxybXGJU2PFiJRKq0r0PU=; b=FYQJUbzwnUcTA20Yatn2IfTslOBElsZe8bdWE0DJMPHTtDWBJQxL/elCVewIZl6P24 vmQBvw3V8G4E7uhTfQnkiTPdKlYBKLXcCOKsL7S/+3+WfBIVCIZ/qllRNw2KxwQUdNMT jxGuUYh3Uf9FRTGWjofdsdVAVOyDo/PRmM8K6TgRzwCPfBPQxHlA0mfeY+i7Itt30eBC SeHUN3jCIojVrJmMv/QQVx2w6ujbLFewmrS97LZ6fFoJnubSKOUJ4p6RkBYB2Jwy+yZM vRaUPOkac4VYdQvnPQ0D6uKaTToUDEUbHKL/Qwn3OdgcPzvvrDtjQxI49P6pY7wV6FUQ KZZQ== X-Gm-Message-State: AO0yUKVp5mfd8yJ7Ffq6jEHHu2d/Z8nAWV4bU05eNU8r+ej8plp++aRO nf0CIrP7ASsHdcVOCn52ZxxYMpclcezF7uXT X-Received: by 2002:a05:600c:30ca:b0:3df:12ac:7cc9 with SMTP id h10-20020a05600c30ca00b003df12ac7cc9mr2700156wmn.15.1676486057758; Wed, 15 Feb 2023 10:34:17 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id s9-20020a05600c45c900b003e00c9888besm3196306wmo.30.2023.02.15.10.34.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Feb 2023 10:34:17 -0800 (PST) From: Dmitry Safonov To: linux-kernel@vger.kernel.org, David Ahern , Eric Dumazet , Paolo Abeni , Jakub Kicinski , "David S. Miller" Cc: Dmitry Safonov , Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , Dan Carpenter , David Laight , Dmitry Safonov <0x7f454c46@gmail.com>, Eric Biggers , "Eric W. Biederman" , Francesco Ruggeri , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Leonard Crestez , Salam Noureddine , netdev@vger.kernel.org, Francesco Ruggeri Subject: [PATCH v4 19/21] net/tcp: Allow asynchronous delete for TCP-AO keys (MKTs) Date: Wed, 15 Feb 2023 18:33:33 +0000 Message-Id: <20230215183335.800122-20-dima@arista.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230215183335.800122-1-dima@arista.com> References: <20230215183335.800122-1-dima@arista.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1757923577341283835?= X-GMAIL-MSGID: =?utf-8?q?1757923577341283835?= Delete becomes very, very fast - almost free, but after setsockopt() syscall returns, the key is still alive until next RCU grace period. Which is fine for listen sockets as userspace needs to be aware of setsockopt(TCP_AO) and accept() race and resolve it with verification by getsockopt() after TCP connection was accepted. The benchmark results (on non-loaded box, worse with more RCU work pending): > ok 33 Worst case delete 16384 keys: min=5ms max=10ms mean=6.93904ms stddev=0.263421 > ok 34 Add a new key 16384 keys: min=1ms max=4ms mean=2.17751ms stddev=0.147564 > ok 35 Remove random-search 16384 keys: min=5ms max=10ms mean=6.50243ms stddev=0.254999 > ok 36 Remove async 16384 keys: min=0ms max=0ms mean=0.0296107ms stddev=0.0172078 Co-developed-by: Francesco Ruggeri Signed-off-by: Francesco Ruggeri Co-developed-by: Salam Noureddine Signed-off-by: Salam Noureddine Signed-off-by: Dmitry Safonov --- include/uapi/linux/tcp.h | 3 +++ net/ipv4/tcp_ao.c | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h index eaf77c0a4425..0c0caf810d6b 100644 --- a/include/uapi/linux/tcp.h +++ b/include/uapi/linux/tcp.h @@ -364,6 +364,9 @@ struct tcp_diag_md5sig { #define TCP_AO_CMDF_CURR (1 << 0) /* Only checks field sndid */ #define TCP_AO_CMDF_NEXT (1 << 1) /* Only checks field rcvid */ #define TCP_AO_CMDF_ACCEPT_ICMP (1 << 2) /* Accept incoming ICMPs */ +#define TCP_AO_CMDF_DEL_ASYNC (1 << 3) /* Asynchronious delete, valid + * only for listen sockets + */ #define TCP_AO_GET_CURR TCP_AO_CMDF_CURR #define TCP_AO_GET_NEXT TCP_AO_CMDF_NEXT diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index 1cfcfab3e093..2c38e991ecbd 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -1504,7 +1504,7 @@ static inline bool tcp_ao_mkt_overlap_v6(struct tcp_ao *cmd, #define TCP_AO_CMDF_ADDMOD_VALID \ (TCP_AO_CMDF_CURR | TCP_AO_CMDF_NEXT | TCP_AO_CMDF_ACCEPT_ICMP) #define TCP_AO_CMDF_DEL_VALID \ - (TCP_AO_CMDF_CURR | TCP_AO_CMDF_NEXT) + (TCP_AO_CMDF_CURR | TCP_AO_CMDF_NEXT | TCP_AO_CMDF_DEL_ASYNC) #define TCP_AO_GETF_VALID \ (TCP_AO_GET_ALL | TCP_AO_GET_CURR | TCP_AO_GET_NEXT) @@ -1633,11 +1633,26 @@ static int tcp_ao_delete_key(struct sock *sk, struct tcp_ao_key *key, hlist_del_rcu(&key->node); + /* Support for async delete on listening sockets: as they don't + * need current_key/rnext_key maintaining, we don't need to check + * them and we can just free all resources in RCU fashion. + */ + if (cmd->tcpa_flags & TCP_AO_CMDF_DEL_ASYNC) { + if (sk->sk_state != TCP_LISTEN) + return -EINVAL; + atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc); + call_rcu(&key->rcu, tcp_ao_key_free_rcu); + return 0; + } + /* At this moment another CPU could have looked this key up * while it was unlinked from the list. Wait for RCU grace period, * after which the key is off-list and can't be looked up again; * the rx path [just before RCU came] might have used it and set it * as current_key (very unlikely). + * Free the key with next RCU grace period (in case it was + * current_key before tcp_ao_current_rnext() might have + * changed it in forced-delete). */ synchronize_rcu(); err = tcp_ao_current_rnext(sk, cmd->tcpa_flags,