[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <507d2140-1f22-174d-f55e-16ebcf03f249@nvidia.com>
Date: Fri, 13 May 2022 10:57:06 +0300
From: Maxim Mikityanskiy <maximmi@...dia.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: "David S. Miller" <davem@...emloft.net>,
Daniel Borkmann <daniel@...earbox.net>,
Paolo Abeni <pabeni@...hat.com>,
Boris Pismenny <borisp@...dia.com>,
Tariq Toukan <tariqt@...dia.com>,
Saeed Mahameed <saeedm@...dia.com>,
Gal Pressman <gal@...dia.com>, netdev@...r.kernel.org
Subject: Re: [PATCH net-next v2] tls: Add opt-in zerocopy mode of sendfile()
On 2022-05-13 02:34, Jakub Kicinski wrote:
> On Wed, 11 May 2022 15:15:25 +0300 Maxim Mikityanskiy wrote:
>> TLS device offload copies sendfile data to a bounce buffer before
>> transmitting. It allows to maintain the valid MAC on TLS records when
>> the file contents change and a part of TLS record has to be
>> retransmitted on TCP level.
>>
>> In many common use cases (like serving static files over HTTPS) the file
>> contents are not changed on the fly. In many use cases breaking the
>> connection is totally acceptable if the file is changed during
>> transmission, because it would be received corrupted in any case.
>>
>> This commit allows to optimize performance for such use cases to
>> providing a new optional mode of TLS sendfile(), in which the extra copy
>> is skipped. Removing this copy improves performance significantly, as
>> TLS and TCP sendfile perform the same operations, and the only overhead
>> is TLS header/trailer insertion.
>>
>> The new mode can only be enabled with the new socket option named
>> TLS_TX_ZEROCOPY_SENDFILE on per-socket basis. It preserves backwards
>> compatibility with existing applications that rely on the copying
>> behavior.
>>
>> The new mode is safe, meaning that unsolicited modifications of the file
>> being sent can't break integrity of the kernel. The worst thing that can
>> happen is sending a corrupted TLS record, which is in any case not
>> forbidden when using regular TCP sockets.
>>
>> Sockets other than TLS device offload are not affected by the new socket
>> option.
>
> What about the reporting via sock diag? Am I misremembering something?
I recall we discussed that "zerocopy is active" can be restored as
"hardware offload && setsockopt flag requested", and I saw that
tls_get_info exposes the hardware offload state for the socket, so I
thought the existing information in sock_diag was enough.
If you think, though, that it will be better to have an explicit
indication of the zerocopy flag to sock_diag, I can add it, it's not a
problem.
Does the rest of the patch look good to you?
Thanks,
Max
Powered by blists - more mailing lists