[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20190425124112.629571a1@cakuba.netronome.com>
Date: Thu, 25 Apr 2019 12:41:12 -0700
From: Jakub Kicinski <jakub.kicinski@...ronome.com>
To: John Fastabend <john.fastabend@...il.com>
Cc: ast@...nel.org, daniel@...earbox.net, netdev@...r.kernel.org,
bpf@...r.kernel.org
Subject: Re: [bpf PATCH v2 1/3] bpf: tls, implement unhash to avoid
transition out of ESTABLISHED
On Thu, 25 Apr 2019 12:35:58 -0700, John Fastabend wrote:
> On 4/25/19 12:32 PM, John Fastabend wrote:
> > On 4/25/19 12:29 PM, Jakub Kicinski wrote:
> >> On Thu, 25 Apr 2019 09:03:08 -0700, John Fastabend wrote:
> >>> +static void tls_sk_proto_unhash(struct sock *sk)
> >>> +{
> >>> + struct tls_context *ctx = tls_get_ctx(sk);
> >>> + void (*sk_proto_unhash)(struct sock *sk);
> >>> + bool free_ctx;
> >>> +
> >>> + if (!ctx)
> >>> + return sk->sk_prot->unhash(sk);
> >>> + sk_proto_unhash = ctx->sk_proto_unhash;
> >>> + free_ctx = tls_sk_proto_destroy(sk, ctx, false);
> >>> + tls_put_ctx(sk);
> >>
> >> Oh, I think you can't put_ctx() unconditionally,
> >> when free_ctx is false, tls_device_sk_destruct()
> >> needs it the ctx pointer.
> >>
> >> I think this explains the offload crashing.
> >>
> >
> > ugh yeah. So we need to _not_ free it from tls_sk_proto_destroy
> > do the put_ctx and then finally free it. Otherwise we can't
> > restore the sk_proto fields. v3 on its way. Thanks.
> >
>
> I'm going to throw that patch I sent earlier in this thread
> on the series as well. Its the minimal set to get things working
> again for me. Will follow up some selftests so we don't get
> here again.
SGTM, I've been racking my brain trying to come up with a good test for
the offload stuff, because it's really hard to test that without actual
HW. I don't see any other way than adding full on per-packet crypto
logic into netdevsim or such :/ Trying to lie about having offloaded
the crypto breaks down in corner cases.
> >>> + if (sk_proto_unhash)
> >>> + sk_proto_unhash(sk);
> >>> + if (free_ctx)
> >>> + tls_ctx_free(ctx);
> >>> +}
> >>>
> >>> -skip_tx_cleanup:
> >>> +static void tls_sk_proto_close(struct sock *sk, long timeout)
> >>> +{
> >>> + void (*sk_proto_close)(struct sock *sk, long timeout);
> >>> + struct tls_context *ctx = tls_get_ctx(sk);
> >>> + bool free_ctx;
> >>> +
> >>> + if (!ctx)
> >>> + return sk->sk_prot->destroy(sk);
> >>> +
> >>> + lock_sock(sk);
> >>> + sk_proto_close = ctx->sk_proto_close;
> >>> + free_ctx = tls_sk_proto_destroy(sk, ctx, true);
> >>> + tls_put_ctx(sk);
Powered by blists - more mailing lists