| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220422075502.27532722@kernel.org>
Date: Fri, 22 Apr 2022 07:55:02 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Maxim Mikityanskiy <maximmi@...dia.com>
Cc: Boris Pismenny <borisp@...dia.com>,
John Fastabend <john.fastabend@...il.com>,
Daniel Borkmann <daniel@...earbox.net>,
"David S. Miller" <davem@...emloft.net>,
Paolo Abeni <pabeni@...hat.com>,
Tariq Toukan <tariqt@...dia.com>,
Aviad Yehezkel <aviadye@...lanox.com>,
Ilya Lesokhin <ilyal@...lanox.com>, netdev@...r.kernel.org
Subject: Re: [PATCH net] tls: Skip tls_append_frag on zero copy size
On Thu, 21 Apr 2022 12:47:18 +0300 Maxim Mikityanskiy wrote:
> On 2022-04-18 17:56, Maxim Mikityanskiy wrote:
> > On 2022-04-14 13:28, Jakub Kicinski wrote:
> >> I appreciate you're likely trying to keep the fix minimal but Greg
> >> always says "fix it right, worry about backports later".
> >>
> >> I think we should skip more, we can reorder the mins and if
> >> min(size, rec space) == 0 then we can skip the allocation as well.
> >
> > Sorry, I didn't get the idea. Could you elaborate?
> >
> > Reordering the mins:
> >
> > copy = min_t(size_t, size, max_open_record_len - record->len);
> > copy = min_t(size_t, copy, pfrag->size - pfrag->offset);
> >
> > I assume by skipping the allocation you mean skipping
> > tls_do_allocation(), right? Do you suggest to skip it if the result of
> > the first min_t() is 0?
> >
> > record->len used in the first min_t() comes from ctx->open_record, which
> > either exists or is allocated by tls_do_allocation(). If we move the
> > copy == 0 check above the tls_do_allocation() call, first we'll have to
> > check whether ctx->open_record is NULL, which is currently checked by
> > tls_do_allocation() itself.
> >
> > If open_record is not NULL, there isn't much to skip in
> > tls_do_allocation on copy == 0, the main part is already skipped,
> > regardless of the value of copy. If open_record is NULL, we can't skip
> > tls_do_allocation, and copy won't be 0 afterwards.
> >
> > To compare, before (pseudocode):
> >
> > tls_do_allocation {
> > if (!ctx->open_record)
> > ALLOCATE RECORD
> > Now ctx->open_record is not NULL
> > if (!sk_page_frag_refill(sk, pfrag))
> > return -ENOMEM
> > }
> > handle errors from tls_do_allocation
> > copy = min(size, pfrag->size - pfrag->offset)
> > copy = min(copy, max_open_record_len - ctx->open_record->len)
> > if (copy)
> > copy data and append frag
> >
> > After:
> >
> > if (ctx->open_record) {
> > copy = min(size, max_open_record_len - ctx->open_record->len)
> > if (copy) {
> > // You want to put this part of tls_do_allocation under if (copy)?
> > if (!sk_page_frag_refill(sk, pfrag))
> > handle errors
> > copy = min(copy, pfrag->size - pfrag->offset)
> > if (copy)
> > copy data and append frag
> > }
> > } else {
> > ALLOCATE RECORD
> > if (!sk_page_frag_refill(sk, pfrag))
> > handle errors
> > // Have to do this after the allocation anyway.
> > copy = min(size, max_open_record_len - ctx->open_record->len)
> > copy = min(copy, pfrag->size - pfrag->offset)
> > if (copy)
> > copy data and append frag
> > }
> >
> > Either I totally don't get what you suggested, or it doesn't make sense
> > to me, because we have +1 branch in the common path when a record is
> > open and copy is not 0, no changes when there is no record, and more
> > repeating code hard to compress.
> >
> > If I missed your idea, please explain in more details.
>
> Jakub, is your comment still relevant after my response? If not, can the
> patch be merged?
I'd prefer if you refactored the code so tls_push_data() looks more
natural. But the patch is correct so if you don't want to you can
repost.
Sorry for the delay.
Powered by blists - more mailing lists