| Message ID | 20230331160914.1608208-30-dhowells@redhat.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp686810vqo;
Fri, 31 Mar 2023 09:28:23 -0700 (PDT)
X-Google-Smtp-Source:
AKy350aSr4eCCFqZpJ5fyOokib1agATaHd6OCrmseNmG1Vr9R0E1BJGQiIYUMkkfLJlnFpKyPWCy
X-Received: by 2002:a17:906:3d72:b0:946:c09a:4262 with SMTP id
r18-20020a1709063d7200b00946c09a4262mr9518369ejf.29.1680280103500;
Fri, 31 Mar 2023 09:28:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680280103; cv=none;
d=google.com; s=arc-20160816;
b=j8H4hgClBzxOB7PDNQkkoWJHD2AMyxyBuIZ+mf1/85jWQtNsGMURTo6ubc+J89H5TK
kzKsdHRE/hyFvBLWm9KFj0Uyk8mjkRRF4KjXc+d/LdxQsSLSuEdfuI8aqoeSFZuJEktp
blBKAKzMnGv3tVzQYYvhFn0Hg18avL+v+bJXl6O//lmBTS/8FLm7MG+Y1OLsoyc5g/jH
3qnRc8qaVRBZMCxVeTKNlaqKggOsVa6t33/05h8hacZHAr3FQEv7Segwvl81lRVTWXVN
Cvf+xKhbRfxgZcDp403Zu/GPQtlW8u2xB0a+JRAw+4KNexz1Sy6GSRdMGQzxbNO+POWW
+TJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=NZJQb7iAop4LtoT19/C7V+Vk0vTB0ScTwxSGzzmAlmQ=;
b=KFGu2ZLK2aE+u7TEIrOgZ+lyT1IDy6eJLWAYNlSSeLbM3x8RJjURTHOAGyh7IxZ/kS
LaXlGV/wJ8w/JRetCW9Ah/y6kui/4qfyHiQN3iJLHioSwjsQ+WEwlHjOGZV2GA4/Pdal
40FAeIgEFPXPrN6rVBd9P3Xxp3iPiie87yEzmhHorjBmO9L4jaW4KBwa6rXIuAkSkuBO
PK20rq+AHS9RI4mBoL4LLkZjB9AW2ZJEKkCJtuh6qqc2jHxZxz/obP+NTrN4UGh5xq3q
FY9K2KxB+Lqns38QiuY3wFYvkIny2BYvBSrNUB9ZbHW7J97oJuQCaVoOsC2nsWeJL9xf
ksEA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=OmrG1vgt;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
l8-20020a056402124800b004cdc92cc412si2416346edw.69.2023.03.31.09.27.58;
Fri, 31 Mar 2023 09:28:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@redhat.com header.s=mimecast20190719
header.b=OmrG1vgt;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233400AbjCaQPp (ORCPT <rfc822;dexuan.linux@gmail.com>
+ 99 others); Fri, 31 Mar 2023 12:15:45 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33578 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231215AbjCaQO2 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 31 Mar 2023 12:14:28 -0400
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A11C22E8F
for <linux-kernel@vger.kernel.org>;
Fri, 31 Mar 2023 09:10:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1680279045;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=NZJQb7iAop4LtoT19/C7V+Vk0vTB0ScTwxSGzzmAlmQ=;
b=OmrG1vgtBwF7BqMP3uI7P4DUYVJoR6NeLlvkMZTdUVN13dRavFgxi8f3nF55oxN2kufpP7
zN6bDeWxqMyR3XAByDN0CrqXUYFn78L9l2zqNe0US96Di0XNnaeLiwXUHGvEgLAlYHR7Br
hb19Vilctkp52svxXkvSl1t+/J+7A5c=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
[66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
(version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
us-mta-380-s0-9Da1IPNaVGNWY3Pu9-w-1; Fri, 31 Mar 2023 12:10:42 -0400
X-MC-Unique: s0-9Da1IPNaVGNWY3Pu9-w-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
[10.11.54.2])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B8BF029ABA1D;
Fri, 31 Mar 2023 16:10:41 +0000 (UTC)
Received: from warthog.procyon.org.uk (unknown [10.33.36.18])
by smtp.corp.redhat.com (Postfix) with ESMTP id A7E464020C82;
Fri, 31 Mar 2023 16:10:39 +0000 (UTC)
From: David Howells <dhowells@redhat.com>
To: Matthew Wilcox <willy@infradead.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>
Cc: David Howells <dhowells@redhat.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Christoph Hellwig <hch@infradead.org>,
Jens Axboe <axboe@kernel.dk>, Jeff Layton <jlayton@kernel.org>,
Christian Brauner <brauner@kernel.org>,
Chuck Lever III <chuck.lever@oracle.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Boris Pismenny <borisp@nvidia.com>,
John Fastabend <john.fastabend@gmail.com>
Subject: [PATCH v3 29/55] tls/sw: Support MSG_SPLICE_PAGES
Date: Fri, 31 Mar 2023 17:08:48 +0100
Message-Id: <20230331160914.1608208-30-dhowells@redhat.com>
In-Reply-To: <20230331160914.1608208-1-dhowells@redhat.com>
References: <20230331160914.1608208-1-dhowells@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1761901389852888957?=
X-GMAIL-MSGID: =?utf-8?q?1761901389852888957?=
|
| Series |
splice, net: Replace sendpage with sendmsg(MSG_SPLICE_PAGES)
|
|
Commit Message
David Howells
March 31, 2023, 4:08 p.m. UTC
Make TLS's sendmsg() support MSG_SPLICE_PAGES. This causes pages to be
spliced from the source iterator if possible and copied the data if not.
This allows ->sendpage() to be replaced by something that can handle
multiple multipage folios in a single transaction.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: Boris Pismenny <borisp@nvidia.com>
cc: John Fastabend <john.fastabend@gmail.com>
cc: Jakub Kicinski <kuba@kernel.org>
cc: Eric Dumazet <edumazet@google.com>
cc: "David S. Miller" <davem@davemloft.net>
cc: Paolo Abeni <pabeni@redhat.com>
cc: Jens Axboe <axboe@kernel.dk>
cc: Matthew Wilcox <willy@infradead.org>
cc: netdev@vger.kernel.org
---
net/tls/tls_sw.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 56 insertions(+), 1 deletion(-)
Comments
Here's a trivial TLS server that can be used to test this.
David
---
/*
* TLS-over-TCP sink server
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <linux/tls.h>
#define OSERROR(X, Y) do { if ((long)(X) == -1) { perror(Y); exit(1); } } while(0)
static unsigned char buffer[512 * 1024] __attribute__((aligned(4096)));
static void set_tls(int sock)
{
struct tls12_crypto_info_aes_gcm_128 crypto_info;
crypto_info.info.version = TLS_1_2_VERSION;
crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
memset(crypto_info.iv, 0, TLS_CIPHER_AES_GCM_128_IV_SIZE);
memset(crypto_info.rec_seq, 0, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
memset(crypto_info.key, 0, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memset(crypto_info.salt, 0, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
OSERROR(setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")),
"TCP_ULP");
OSERROR(setsockopt(sock, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info)),
"TLS_TX");
OSERROR(setsockopt(sock, SOL_TLS, TLS_RX, &crypto_info, sizeof(crypto_info)),
"TLS_RX");
}
int main(int argc, char *argv[])
{
struct sockaddr_in sin = { .sin_family = AF_INET, .sin_port = htons(5556) };
int sfd, afd;
sfd = socket(AF_INET, SOCK_STREAM, 0);
OSERROR(sfd, "socket");
OSERROR(bind(sfd, (struct sockaddr *)&sin, sizeof(sin)), "bind");
OSERROR(listen(sfd, 1), "listen");
for (;;) {
afd = accept(sfd, NULL, NULL);
if (afd != -1) {
set_tls(afd);
while (read(afd, buffer, sizeof(buffer)) > 0) {}
close(afd);
}
}
}
Here's a trivial TLS client program for testing this.
David
---
/*
* TLS-over-TCP send client
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <sys/stat.h>
#include <sys/sendfile.h>
#include <linux/tls.h>
#define OSERROR(X, Y) do { if ((long)(X) == -1) { perror(Y); exit(1); } } while(0)
static unsigned char buffer[4096] __attribute__((aligned(4096)));
static void set_tls(int sock)
{
struct tls12_crypto_info_aes_gcm_128 crypto_info;
crypto_info.info.version = TLS_1_2_VERSION;
crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
memset(crypto_info.iv, 0, TLS_CIPHER_AES_GCM_128_IV_SIZE);
memset(crypto_info.rec_seq, 0, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
memset(crypto_info.key, 0, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memset(crypto_info.salt, 0, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
OSERROR(setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls")),
"TCP_ULP");
OSERROR(setsockopt(sock, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info)),
"TLS_TX");
OSERROR(setsockopt(sock, SOL_TLS, TLS_RX, &crypto_info, sizeof(crypto_info)),
"TLS_RX");
}
int main(int argc, char *argv[])
{
struct sockaddr_in sin = { .sin_family = AF_INET, .sin_port = htons(5556) };
struct hostent *h;
struct stat st;
ssize_t r, o;
int sf = 0;
int cfd, fd;
if (argc > 1 && strcmp(argv[1], "-s") == 0) {
sf = 1;
argc--;
argv++;
}
if (argc != 3) {
fprintf(stderr, "tcp-send [-s] <server> <file>\n");
exit(2);
}
h = gethostbyname(argv[1]);
if (!h) {
fprintf(stderr, "%s: %s\n", argv[1], hstrerror(h_errno));
exit(3);
}
if (!h->h_addr_list[0]) {
fprintf(stderr, "%s: No addresses\n", argv[1]);
exit(3);
}
memcpy(&sin.sin_addr, h->h_addr_list[0], h->h_length);
cfd = socket(AF_INET, SOCK_STREAM, 0);
OSERROR(cfd, "socket");
OSERROR(connect(cfd, (struct sockaddr *)&sin, sizeof(sin)), "connect");
set_tls(cfd);
fd = open(argv[2], O_RDONLY);
OSERROR(fd, argv[2]);
OSERROR(fstat(fd, &st), argv[2]);
if (!sf) {
for (;;) {
r = read(fd, buffer, sizeof(buffer));
OSERROR(r, argv[2]);
if (r == 0)
break;
o = 0;
do {
ssize_t w = write(cfd, buffer + o, r - o);
OSERROR(w, "write");
o += w;
} while (o < r);
}
} else {
off_t off = 0;
r = sendfile(cfd, fd, &off, st.st_size);
OSERROR(r, "sendfile");
if (r != st.st_size) {
fprintf(stderr, "Short sendfile\n");
exit(1);
}
}
OSERROR(close(cfd), "close/c");
OSERROR(close(fd), "close/f");
return 0;
}
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 782d3701b86f..ce0c289e68ca 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -929,6 +929,49 @@ static int tls_sw_push_pending_record(struct sock *sk, int flags) &copied, flags); } +static int rls_sw_sendmsg_splice(struct sock *sk, struct msghdr *msg, + struct sk_msg *msg_pl, size_t try_to_copy, + ssize_t *copied) +{ + struct page *page, **pages = &page; + + do { + ssize_t part; + size_t off; + bool put = false; + + part = iov_iter_extract_pages(&msg->msg_iter, &pages, + try_to_copy, 1, 0, &off); + if (part <= 0) + return part ?: -EIO; + + if (!sendpage_ok(page)) { + const void *p = kmap_local_page(page); + void *q; + + q = page_frag_memdup(NULL, p + off, part, + sk->sk_allocation, ULONG_MAX); + kunmap_local(p); + if (!q) { + iov_iter_revert(&msg->msg_iter, part); + return -ENOMEM; + } + page = virt_to_page(q); + off = offset_in_page(q); + put = true; + } + + sk_msg_page_add(msg_pl, page, part, off); + sk_mem_charge(sk, part); + if (put) + put_page(page); + *copied += part; + try_to_copy -= part; + } while (try_to_copy && !sk_msg_full(msg_pl)); + + return 0; +} + int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) { long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); @@ -1016,6 +1059,17 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) full_record = true; } + if (try_to_copy && (msg->msg_flags & MSG_SPLICE_PAGES)) { + ret = rls_sw_sendmsg_splice(sk, msg, msg_pl, + try_to_copy, &copied); + if (ret < 0) + goto send_end; + tls_ctx->pending_open_record_frags = true; + if (full_record || eor || sk_msg_full(msg_pl)) + goto copied; + continue; + } + if (!is_kvec && (full_record || eor) && !async_capable) { u32 first = msg_pl->sg.end; @@ -1078,8 +1132,9 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) /* Open records defined only if successfully copied, otherwise * we would trim the sg but not reset the open record frags. */ - tls_ctx->pending_open_record_frags = true; copied += try_to_copy; +copied: + tls_ctx->pending_open_record_frags = true; if (full_record || eor) { ret = bpf_exec_tx_verdict(msg_pl, sk, full_record, record_type, &copied,