From patchwork Mon Sep 18 19:00:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 141643 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp3065013vqi; Mon, 18 Sep 2023 18:27:04 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFmNj/FMjoYDH8tV1ZtYduH4oJQbAsTJi49b5RbRkMhMK2u4Ia+oXZsgsm67gz0zPxTc70K X-Received: by 2002:a05:6a00:1a15:b0:68a:2272:23e9 with SMTP id g21-20020a056a001a1500b0068a227223e9mr9753237pfv.17.1695086823854; Mon, 18 Sep 2023 18:27:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695086823; cv=none; d=google.com; s=arc-20160816; b=qOkjFyPMP2Ahbc91AJ3jAnMOq114pu0QVd18FgdwItFjFypahC5FwQrxlxM6JHVv6u Wmhw+4ljQ0Jlr8R1sB8p0/7Qq/MaCxJLQ9R2ukK/t9s/8EE+U4TReJJDIzsDFQ0gCAmh vFyu+54iSU/mruOrhpjwMaGRr9IQZRL9Eg598Md1TphT5oeURYOxs/s5J02v84eWZoRA FVAfDYA3C5qwyfD0IRMXRBFi92ceSTgH20lDHN7KJvUjn1vsRZeqtbWhy5vGHju/Bde2 2h7EMfSgKd0GqPuEaHQHnQP8whW4RiQ6sUt56sqXHJ31RJLpNNHzCvrImcxr1Y997Tpb e4+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=e7lAXgv89s+b4/Si+RYPviNawE407lEtcoAGzt92Zik=; fh=58X8Twod/aefd4Yph/F0FPyIOMSYi96Sqi5HmPAz0To=; b=TQ5Lvingk9qCTKNyE4UvQd3P0rHKEoOI4JXen6Vi9qRVgiMJ/SlEZTlyWQTuV4kLFA CdxCfTARZ0K0Q2H0tKjREPxVfTv9tlYhMzEK8Bc3/ybgE6JKH/ikzOUnYEnQLmm+7yTO XVmlSJnMLkmJ0JDno3BKd0034pJ27TwHTgVNDzZ2eyIreng6+p/T9kSqdyKnTsSb66LM Hy9/7mAe/cIp4cQLdtYPmSJVU22jNXH4TKWxdv2ekp4iXY2L4v2tKRNrqTN9Y037saPF U1Wiki8yC9MrUL0baxWphFW8ETUSy/C3aEzYH1OOzactIZ7STGiZcxm+zBCSAJkImgP4 XrbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=SJ7ZYzxD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id o186-20020a62cdc3000000b0068be710ee94si8519288pfg.394.2023.09.18.18.27.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Sep 2023 18:27:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=SJ7ZYzxD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 0A9BA8052BD4; Mon, 18 Sep 2023 12:03:02 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230017AbjIRTCc (ORCPT + 25 others); Mon, 18 Sep 2023 15:02:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230186AbjIRTBs (ORCPT ); Mon, 18 Sep 2023 15:01:48 -0400 Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB3DAE7C for ; Mon, 18 Sep 2023 12:01:13 -0700 (PDT) Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-404314388ceso51603205e9.2 for ; Mon, 18 Sep 2023 12:01:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1695063671; x=1695668471; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=e7lAXgv89s+b4/Si+RYPviNawE407lEtcoAGzt92Zik=; b=SJ7ZYzxDKZlRme99Mp+k6m78SyRW65tK2Q6GEdxC7NBJLQWvknKwg1tYesmiEZt4nz VBagKuynS/JU7T16h5WdQJGvc+s4HpdEzzDd7oNP45V+INkfuhYFI20UxoHKQAFAIieL eeMECDXd+/yEtTyIS5Cu0G83iBzqthewofgcv8rWQ83ctVFlM4J4frtDheYZhHEw/Gki y3yS0MGDbrP+ZUVeNS739EGBVQ3IcyrhBycvXLePCwqJeo/k3GEp55x5vY2lzmdP4KzM t+O/rQmLEsE+8Ox4JdM0bgGMhzg+a+ijw1HWX7UdO9Rj7fM/9GufedmfOel1LxafTa3E nkhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695063671; x=1695668471; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=e7lAXgv89s+b4/Si+RYPviNawE407lEtcoAGzt92Zik=; b=L7krWFwir9/vpVZvXAyMTo4l3HOgrtzFCA98ugm8NE5AMHavynIWrL9/B2L0Bqa8Fy QEsScz6HQlWJgOkYmDlDN6xRUyN7J44wb+bcHRlNUsrq2kNxkja1zB9xj9hmV586X69E hy7iEojFaLBaOC7gWmrOmjP05IsR9FsXGu8X18SvyuVP/ZEE6JU86SNn2MW9q5TYh/6g nbQmg4r5r6aeDvk7oGgSbNrqGkyJnRrxBqmAbkDzGI7FfVLJK9lKnf+k8yFKTgSBTvap 5lDjlJ4rGfTetJYc6JC0KFTU9BkRw96/B5oFSawkhcUE6oqFjAaPly9gwrEM0uHRjjVr HG4Q== X-Gm-Message-State: AOJu0YzLajOGSy9naUhM/7t53oUkJ8PRwwa+TthUSDXGFfv3BrEKsgQN 3KmDKKjabVyJt84e58qpcOzVYw== X-Received: by 2002:a1c:7507:0:b0:3fe:1cac:37d7 with SMTP id o7-20020a1c7507000000b003fe1cac37d7mr9074544wmc.10.1695063670768; Mon, 18 Sep 2023 12:01:10 -0700 (PDT) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id n9-20020a05600c3b8900b004047ac770d1sm10762707wms.8.2023.09.18.12.01.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Sep 2023 12:01:10 -0700 (PDT) From: Dmitry Safonov To: David Ahern , Eric Dumazet , Paolo Abeni , Jakub Kicinski , "David S. Miller" Cc: linux-kernel@vger.kernel.org, Dmitry Safonov , Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , Dan Carpenter , David Laight , Dmitry Safonov <0x7f454c46@gmail.com>, Donald Cassidy , Eric Biggers , "Eric W. Biederman" , Francesco Ruggeri , "Gaillardetz, Dominik" , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Leonard Crestez , "Nassiri, Mohammad" , Salam Noureddine , Simon Horman , "Tetreault, Francois" , netdev@vger.kernel.org Subject: [PATCH v12 net-next 19/23] net/tcp: Allow asynchronous delete for TCP-AO keys (MKTs) Date: Mon, 18 Sep 2023 20:00:17 +0100 Message-ID: <20230918190027.613430-20-dima@arista.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230918190027.613430-1-dima@arista.com> References: <20230918190027.613430-1-dima@arista.com> MIME-Version: 1.0 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Mon, 18 Sep 2023 12:03:02 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1777427361186621396 X-GMAIL-MSGID: 1777427361186621396 Delete becomes very, very fast - almost free, but after setsockopt() syscall returns, the key is still alive until next RCU grace period. Which is fine for listen sockets as userspace needs to be aware of setsockopt(TCP_AO) and accept() race and resolve it with verification by getsockopt() after TCP connection was accepted. The benchmark results (on non-loaded box, worse with more RCU work pending): > ok 33 Worst case delete 16384 keys: min=5ms max=10ms mean=6.93904ms stddev=0.263421 > ok 34 Add a new key 16384 keys: min=1ms max=4ms mean=2.17751ms stddev=0.147564 > ok 35 Remove random-search 16384 keys: min=5ms max=10ms mean=6.50243ms stddev=0.254999 > ok 36 Remove async 16384 keys: min=0ms max=0ms mean=0.0296107ms stddev=0.0172078 Co-developed-by: Francesco Ruggeri Signed-off-by: Francesco Ruggeri Co-developed-by: Salam Noureddine Signed-off-by: Salam Noureddine Signed-off-by: Dmitry Safonov Acked-by: David Ahern --- include/uapi/linux/tcp.h | 3 ++- net/ipv4/tcp_ao.c | 21 ++++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h index a411aef00318..25d62ecb9532 100644 --- a/include/uapi/linux/tcp.h +++ b/include/uapi/linux/tcp.h @@ -395,7 +395,8 @@ struct tcp_ao_del { /* setsockopt(TCP_AO_DEL_KEY) */ __s32 ifindex; /* L3 dev index for VRF */ __u32 set_current :1, /* corresponding ::current_key */ set_rnext :1, /* corresponding ::rnext */ - reserved :30; /* must be 0 */ + del_async :1, /* only valid for listen sockets */ + reserved :29; /* must be 0 */ __u16 reserved2; /* padding, must be 0 */ __u8 prefix; /* peer's address prefix */ __u8 sndid; /* SendID for outgoing segments */ diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index edb881f90075..c5bde089916d 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -1577,7 +1577,7 @@ static int tcp_ao_add_cmd(struct sock *sk, unsigned short int family, } static int tcp_ao_delete_key(struct sock *sk, struct tcp_ao_info *ao_info, - struct tcp_ao_key *key, + bool del_async, struct tcp_ao_key *key, struct tcp_ao_key *new_current, struct tcp_ao_key *new_rnext) { @@ -1585,11 +1585,24 @@ static int tcp_ao_delete_key(struct sock *sk, struct tcp_ao_info *ao_info, hlist_del_rcu(&key->node); + /* Support for async delete on listening sockets: as they don't + * need current_key/rnext_key maintaining, we don't need to check + * them and we can just free all resources in RCU fashion. + */ + if (del_async) { + atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc); + call_rcu(&key->rcu, tcp_ao_key_free_rcu); + return 0; + } + /* At this moment another CPU could have looked this key up * while it was unlinked from the list. Wait for RCU grace period, * after which the key is off-list and can't be looked up again; * the rx path [just before RCU came] might have used it and set it * as current_key (very unlikely). + * Free the key with next RCU grace period (in case it was + * current_key before tcp_ao_current_rnext() might have + * changed it in forced-delete). */ synchronize_rcu(); if (new_current) @@ -1660,6 +1673,8 @@ static int tcp_ao_del_cmd(struct sock *sk, unsigned short int family, if (!new_rnext) return -ENOENT; } + if (cmd.del_async && sk->sk_state != TCP_LISTEN) + return -EINVAL; if (family == AF_INET) { struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.addr; @@ -1707,8 +1722,8 @@ static int tcp_ao_del_cmd(struct sock *sk, unsigned short int family, if (key == new_current || key == new_rnext) continue; - return tcp_ao_delete_key(sk, ao_info, key, - new_current, new_rnext); + return tcp_ao_delete_key(sk, ao_info, cmd.del_async, key, + new_current, new_rnext); } return -ENOENT; }