From patchwork Fri Jul 21 16:19:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 124005 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp345653vqg; Fri, 21 Jul 2023 10:06:55 -0700 (PDT) X-Google-Smtp-Source: APBJJlGWy2kO3uINOCpLd8sY6cEETkbXolfotTjNF+gwA9Kos3YbEkIh57KIZQom8ZOTMXBQ7Svf X-Received: by 2002:a17:902:d342:b0:1b8:9b66:8532 with SMTP id l2-20020a170902d34200b001b89b668532mr2458803plk.52.1689959215289; Fri, 21 Jul 2023 10:06:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689959215; cv=none; d=google.com; s=arc-20160816; b=IfmLgO8VMngfKIK88GDFxEnYVYv5AnNoQQ3Qo+sX2LNbPiNO+zWHAKQXqjb8KmhVmo CUssKgBWYgmQFbhVW4X9P1j+HSjliVBzW66cVmNjvckH4xWT9/og7B8qKkhYxs7L/yeY IUJ+Zu5zld6BPfS5gt/NZI3MetmG9OHPue7z8z9+t0RMEEu2vEXF1dNKOhY82wYicfgZ SgAbQIW8ySft6ShUN7fjFeJPM0IJj0k+/2aKYiLjflAgEyO/Le0UVjFKC5+XXmy6rRFw aBNzWD4VP5HmfZ0FtatFotceBRLjdd5Hk/ag21XEiI5NmZm/VHFYHUJ6P5WGe2400hdS nQmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1/W9xFvX6fMqz70zcOle30rc8tQkMB+vSAf+sEu95vI=; fh=+1v2wpWL3SwC67MevmNFbsOkJ0jlpe0KMhkxFTuop+s=; b=PWQ6V53BQAzK0Bhyo0o/xNR4Y5FzUTBkCxFmyVIiHl7sjVyKUGbewoMPb+yNAr/VAm /D3VXgQvHtgNwqhE/VWaVzfS+h1FLx+sBI/Gkkovxih7BSuzrzNEB+JBnK9+Tc6tUah1 aaKDjfTVwwMZzgrQhkDm3TVkQ0Bh2Z6DnTt+CemOUSDqX4DUIGRzq+p/bQ3zIKh6dOAF E2WPT3tnZZEBeUnzNNgsygU0j2dNEtgMYuh4I8FkVSgUrEZEpJmIbfERZs0wvutADP+E oaqPeXvSCh3sxnTAEX/X3OoBEzRHrUm+oBdu4zelLQhOyNG+B3ZOu2quI8rc/0WIDLjw nLxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=NSQFnxyj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lg15-20020a170902fb8f00b001b85ab52371si3097391plb.428.2023.07.21.10.06.41; Fri, 21 Jul 2023 10:06:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=NSQFnxyj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232786AbjGUQXd (ORCPT + 99 others); Fri, 21 Jul 2023 12:23:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232759AbjGUQWs (ORCPT ); Fri, 21 Jul 2023 12:22:48 -0400 Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 689A23AB2 for ; Fri, 21 Jul 2023 09:20:02 -0700 (PDT) Received: by mail-wm1-x332.google.com with SMTP id 5b1f17b1804b1-3fba8e2aa52so18815405e9.1 for ; Fri, 21 Jul 2023 09:20:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1689956397; x=1690561197; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1/W9xFvX6fMqz70zcOle30rc8tQkMB+vSAf+sEu95vI=; b=NSQFnxyjyLat4FyBBhcMXxwWB5o+a7ScVLtmstvpZoPfmZnio4OY3V5Gs3cTrGaz83 P4aKSRxDig7Lp/9KWX1phg8mswS6WDtDACtJTd68TysWBXrEzCzeL/06LTrLJ4aqImf5 GxUDfKYfB5keDYiESVf3AWoK3WLBoDMCjFhIt5JDZgBQGcbyQdroKh4NEZVgHQJupvL+ XTMadP0NzEI0CpCEgV5itGj+Kf9yCSk8NbhGiYn5kuDsLEMZ8ro9TVSgM/DYHtzVS9fU rb3bkewHojSlMbaKao0gyHImEgCz45O3Wy8nxTPR8kmmh5K+RMYBFNkY2NLx7xLnj9ZY gGFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689956397; x=1690561197; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1/W9xFvX6fMqz70zcOle30rc8tQkMB+vSAf+sEu95vI=; b=Wz9dtQPidW5tU6Y3ldeNEoJGPF8oNvy9KME1GoU6Tj+8Mvlrvmsls102bgfiI22Qs5 XZV4DgU9ikT0voOfsITZwULe7MRS3TynlXMBrubPqQ6FuSRSnl98ZZJ7xNAb6BWZfg9I VQRHO0M7KspBmMq1tGebSSshbbOvtzkEhrRdhVLOYYGkk9rVtH2KnmBA2e1BAcTC2LiM 8W9AleB+ZwN+DGO8n7tqWpteq0F/GHMbyI/EKtvLo9qLOdd1HgYMISPSQ9xMPtxAV/jR NNOKSR2W7xPGIp5EcEuE2gEb+8PVdgwy6sL2LTfJs/WBUDwhWyMVk+CzHRbwLzke1cVu kwYQ== X-Gm-Message-State: ABy/qLZmBactHvggSlwDhzkGDe/4IZVRtIms0kl2ccZslCUaoleCZGNZ FDqJykJWm1+46p0r/+Ot1N/1ng== X-Received: by 2002:a1c:f615:0:b0:3fb:c15c:698a with SMTP id w21-20020a1cf615000000b003fbc15c698amr1926795wmc.4.1689956397541; Fri, 21 Jul 2023 09:19:57 -0700 (PDT) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id l19-20020a7bc453000000b003fbc681c8d1sm6390210wmi.36.2023.07.21.09.19.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Jul 2023 09:19:57 -0700 (PDT) From: Dmitry Safonov To: David Ahern , Eric Dumazet , Paolo Abeni , Jakub Kicinski , "David S. Miller" Cc: linux-kernel@vger.kernel.org, Dmitry Safonov , Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , Dan Carpenter , David Laight , Dmitry Safonov <0x7f454c46@gmail.com>, Donald Cassidy , Eric Biggers , "Eric W. Biederman" , Francesco Ruggeri , "Gaillardetz, Dominik" , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Leonard Crestez , Salam Noureddine , "Tetreault, Francois" , netdev@vger.kernel.org Subject: [PATCH v8.1 net-next 19/23] net/tcp: Allow asynchronous delete for TCP-AO keys (MKTs) Date: Fri, 21 Jul 2023 17:19:10 +0100 Message-ID: <20230721161916.542667-20-dima@arista.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230721161916.542667-1-dima@arista.com> References: <20230721161916.542667-1-dima@arista.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1772050674431564738 X-GMAIL-MSGID: 1772050674431564738 Delete becomes very, very fast - almost free, but after setsockopt() syscall returns, the key is still alive until next RCU grace period. Which is fine for listen sockets as userspace needs to be aware of setsockopt(TCP_AO) and accept() race and resolve it with verification by getsockopt() after TCP connection was accepted. The benchmark results (on non-loaded box, worse with more RCU work pending): > ok 33 Worst case delete 16384 keys: min=5ms max=10ms mean=6.93904ms stddev=0.263421 > ok 34 Add a new key 16384 keys: min=1ms max=4ms mean=2.17751ms stddev=0.147564 > ok 35 Remove random-search 16384 keys: min=5ms max=10ms mean=6.50243ms stddev=0.254999 > ok 36 Remove async 16384 keys: min=0ms max=0ms mean=0.0296107ms stddev=0.0172078 Co-developed-by: Francesco Ruggeri Signed-off-by: Francesco Ruggeri Co-developed-by: Salam Noureddine Signed-off-by: Salam Noureddine Signed-off-by: Dmitry Safonov --- include/uapi/linux/tcp.h | 3 ++- net/ipv4/tcp_ao.c | 21 ++++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h index 1109093bbb24..979ff960fddb 100644 --- a/include/uapi/linux/tcp.h +++ b/include/uapi/linux/tcp.h @@ -383,7 +383,8 @@ struct tcp_ao_del { /* setsockopt(TCP_AO_DEL_KEY) */ __s32 ifindex; /* L3 dev index for VRF */ __u32 set_current :1, /* corresponding ::current_key */ set_rnext :1, /* corresponding ::rnext */ - reserved :30; /* must be 0 */ + del_async :1, /* only valid for listen sockets */ + reserved :29; /* must be 0 */ __u16 reserved2; /* padding, must be 0 */ __u8 prefix; /* peer's address prefix */ __u8 sndid; /* SendID for outgoing segments */ diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index faa6c5c0db28..567aa9400f7d 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -1606,7 +1606,7 @@ static int tcp_ao_add_cmd(struct sock *sk, unsigned short int family, } static int tcp_ao_delete_key(struct sock *sk, struct tcp_ao_info *ao_info, - struct tcp_ao_key *key, + bool del_async, struct tcp_ao_key *key, struct tcp_ao_key *new_current, struct tcp_ao_key *new_rnext) { @@ -1614,11 +1614,24 @@ static int tcp_ao_delete_key(struct sock *sk, struct tcp_ao_info *ao_info, hlist_del_rcu(&key->node); + /* Support for async delete on listening sockets: as they don't + * need current_key/rnext_key maintaining, we don't need to check + * them and we can just free all resources in RCU fashion. + */ + if (del_async) { + atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc); + call_rcu(&key->rcu, tcp_ao_key_free_rcu); + return 0; + } + /* At this moment another CPU could have looked this key up * while it was unlinked from the list. Wait for RCU grace period, * after which the key is off-list and can't be looked up again; * the rx path [just before RCU came] might have used it and set it * as current_key (very unlikely). + * Free the key with next RCU grace period (in case it was + * current_key before tcp_ao_current_rnext() might have + * changed it in forced-delete). */ synchronize_rcu(); if (new_current) @@ -1689,6 +1702,8 @@ static int tcp_ao_del_cmd(struct sock *sk, unsigned short int family, if (!new_rnext) return -ENOENT; } + if (cmd.del_async && sk->sk_state != TCP_LISTEN) + return -EINVAL; if (family == AF_INET) { struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.addr; @@ -1733,8 +1748,8 @@ static int tcp_ao_del_cmd(struct sock *sk, unsigned short int family, if (key == new_current || key == new_rnext) continue; - return tcp_ao_delete_key(sk, ao_info, key, - new_current, new_rnext); + return tcp_ao_delete_key(sk, ao_info, cmd.del_async, key, + new_current, new_rnext); } return -ENOENT; }