| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8b200d4c-6c28-47f6-b43d-98ed10a9b4f5@kernel.dk>
Date: Thu, 12 Oct 2023 19:13:18 -0600
From: Jens Axboe <axboe@...nel.dk>
To: Sascha Hauer <sha@...gutronix.de>
Cc: Pavel Begunkov <asml.silence@...il.com>, io-uring@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel@...gutronix.de,
Boris Pismenny <borisp@...dia.com>,
John Fastabend <john.fastabend@...il.com>,
Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org
Subject: Re: Problem with io_uring splice and KTLS
On 10/12/23 7:34 AM, Sascha Hauer wrote:
> On Tue, Oct 10, 2023 at 08:28:13AM -0600, Jens Axboe wrote:
>> On 10/10/23 8:19 AM, Sascha Hauer wrote:
>>> Hi,
>>>
>>> I am working with a webserver using io_uring in conjunction with KTLS. The
>>> webserver basically splices static file data from a pipe to a socket which uses
>>> KTLS for encryption. When splice is done the socket is closed. This works fine
>>> when using software encryption in KTLS. Things go awry though when the software
>>> encryption is replaced with the CAAM driver which replaces the synchronous
>>> encryption with a asynchronous queue/interrupt/completion flow.
>>>
>>> So far I have traced it down to tls_push_sg() calling tcp_sendmsg_locked() to
>>> send the completed encrypted messages. tcp_sendmsg_locked() sometimes waits for
>>> more memory on the socket by calling sk_stream_wait_memory(). This in turn
>>> returns -ERESTARTSYS due to:
>>>
>>> if (signal_pending(current))
>>> goto do_interrupted;
>>>
>>> The current task has the TIF_NOTIFY_SIGNAL set due to:
>>>
>>> io_req_normal_work_add()
>>> {
>>> ...
>>> /* This interrupts sk_stream_wait_memory() (notify_method == TWA_SIGNAL) */
>>> task_work_add(req->task, &tctx->task_work, ctx->notify_method)))
>>> }
>>>
>>> The call stack when sk_stream_wait_memory() fails is as follows:
>>>
>>> [ 1385.428816] dump_backtrace+0xa0/0x128
>>> [ 1385.432568] show_stack+0x20/0x38
>>> [ 1385.435878] dump_stack_lvl+0x48/0x60
>>> [ 1385.439539] dump_stack+0x18/0x28
>>> [ 1385.442850] tls_push_sg+0x100/0x238
>>> [ 1385.446424] tls_tx_records+0x118/0x1d8
>>> [ 1385.450257] tls_sw_release_resources_tx+0x74/0x1a0
>>> [ 1385.455135] tls_sk_proto_close+0x2f8/0x3f0
>>> [ 1385.459315] inet_release+0x58/0xb8
>>> [ 1385.462802] inet6_release+0x3c/0x60
>>> [ 1385.466374] __sock_release+0x48/0xc8
>>> [ 1385.470035] sock_close+0x20/0x38
>>> [ 1385.473347] __fput+0xbc/0x280
>>> [ 1385.476399] ____fput+0x18/0x30
>>> [ 1385.479537] task_work_run+0x80/0xe0
>>> [ 1385.483108] io_run_task_work+0x40/0x108
>>> [ 1385.487029] __arm64_sys_io_uring_enter+0x164/0xad8
>>> [ 1385.491907] invoke_syscall+0x50/0x128
>>> [ 1385.495655] el0_svc_common.constprop.0+0x48/0xf0
>>> [ 1385.500359] do_el0_svc_compat+0x24/0x40
>>> [ 1385.504279] el0_svc_compat+0x38/0x108
>>> [ 1385.508026] el0t_32_sync_handler+0x98/0x140
>>> [ 1385.512294] el0t_32_sync+0x194/0x198
>>>
>>> So the socket is being closed and KTLS tries to send out the remaining
>>> completed messages. From a splice point of view everything has been sent
>>> successfully, but not everything made it through KTLS to the socket and the
>>> remaining data is sent while closing the socket.
>>>
>>> I vaguely understand what's going on here, but I haven't got the
>>> slightest idea what to do about this. Any ideas?
>>
>> Two things to try:
>>
>> 1) Depending on how you use the ring, set it up with
>> IORING_SETUP_SINGLE_ISSUER | IORING_SETUP_DEFER_TASKRUN. The latter will
>> avoid using signal based task_work notifications, which may be messing
>> you up here.
>>
>> 2) io_uring will hold a reference to the file/socket. I'm unsure if this
>> is a problem in the above case, but sometimes it'll prevent the final
>> flush.
>>
>> Do you have a reproducer that could be run to test? Sometimes easier to
>> see what's going on when you can experiment, it'll save some time.
>
> Okay, here is a reproducer:
>
> https://github.com/saschahauer/webserver-uring-test.git
>
> Execute ./prepare.sh in that repository, it will compile the webserver,
> generate cert.pem/key.pem and generate some testfile to download. If the
> meson build doesn't work for you then you can compile the program by
> hand with something like:
>
> gcc -O3 -Wall -o webserver webserver_liburing.c -lcrypto -lssl -luring
>
> When the webserver is started you can get a file from it with:
>
> curl -k https://<ipaddr>:8443/foo -o foo
>
> or:
>
> while true; do curl -k https://<ipaddr>:8443/foo -o foo; if [ $? != 0 ]; then break; fi; done
>
> This should run without problems as by default likely the encryption
> requests are running synchronously.
>
> In case you don't have encryption hardware you can create an
> asynchronous encryption module using cryptd. Compile a kernel with
> CONFIG_CRYPTO_USER_API_AEAD and CONFIG_CRYPTO_CRYPTD and start the
> webserver with the '-c' option. /proc/crypto should then contain an
> entry with:
>
> name : gcm(aes)
> driver : cryptd(gcm_base(ctr(aes-generic),ghash-generic))
> module : kernel
> priority : 150
>
> Make sure there is no other module providing gcm(aes) with a priority higher
> than 150 so that this one is actually used.
>
> With that the while true loop above should break out with a short read
> fairly fast. Passing IORING_SETUP_SINGLE_ISSUER | IORING_SETUP_DEFER_TASKRUN
> to io_uring_queue_init() makes it harder to reproduce for me. With that
> I need multiple shells in parallel running the above loop.
>
> The repository also contains a kernel patch which will provide you a
> stack dump when KTLS gets an error from tcp_sendmsg_locked().
>
> Now I hope I haven't done anything silly in the webserver ;)
Perfect! Thanks a lot for preparing all of that. Not sure I'll get to it
tomorrow, but if not, then definitely on Monday.
--
Jens Axboe
Powered by blists - more mailing lists