[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220426080247.19bbb64e@kernel.org>
Date: Tue, 26 Apr 2022 08:02:47 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Sagi Grimberg <sagi@...mberg.me>
Cc: Hannes Reinecke <hare@...e.de>,
Chuck Lever <chuck.lever@...cle.com>, netdev@...r.kernel.org,
linux-nfs@...r.kernel.org, linux-nvme@...ts.infradead.org,
linux-cifs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
ak@...pesta-tech.com, borisp@...dia.com, simo@...hat.com
Subject: Re: [PATCH RFC 4/5] net/tls: Add support for PF_TLSH (a TLS
handshake listener)
On Tue, 26 Apr 2022 17:29:03 +0300 Sagi Grimberg wrote:
> >> Create the socket in user space, do all the handshakes you need there
> >> and then pass it to the kernel. This is how NBD + TLS works. Scales
> >> better and requires much less kernel code.
> >>
> > But we can't, as the existing mechanisms (at least for NVMe) creates the
> > socket in-kernel.
> > Having to create the socket in userspace would require a completely new
> > interface for nvme and will not be backwards compatible.
>
> And we will still need the upcall anyways when we reconnect
> (re-establish the socket)
That totally flew over my head, I have zero familiarity with in-kernel
storage network users :S
In all honesty the tls code in the kernel is a bit of a dumping ground.
People come, dump a bunch of code and disappear. Nobody seems to care
that the result is still (years in) not ready for production use :/
Until a month ago it'd break connections even under moderate memory
pressure. This set does not even have selftests.
Plus there are more protocols being actively worked on (QUIC, PSP etc.)
Having per ULP special sauce to invoke a user space helper is not the
paradigm we chose, and the time as inopportune as ever to change that.
Powered by blists - more mailing lists