lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 23 Jun 2022 14:28:51 +0100
From:   David Howells <dhowells@...hat.com>
To:     linux-afs@...ts.infradead.org
Cc:     dhowells@...hat.com, Marc Dionne <marc.dionne@...istor.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [RFC PATCH net 0/8] rxrpc: Multiqueue, sendfile,
 splice and call security


Here are some patches to provide support for multiqueuing, sendfile and
splice on AF_RXRPC sockets and to allow calls to have individual security
settings:

 (1) Multiqueue support is provided in the sense that a number of AF_RXRPC
     sockets can be bound together such that they share a UDP socket, all
     listen on the same set of services and share a queue of as-yet
     unaccepted calls.

     This is done by creating a socket and setting it up to listen:

	fd1 = socket(AF_RXRPC, SOCK_DGRAM, IPPROTO_IPV6);
	bind(fd1, &address);
	listen(fd1, depth);

     then creating one or more additional sockets and binding them onto the
     first:

	fd2 = socket(AF_RXRPC, SOCK_DGRAM, IPPROTO_IPV6);
	setsockopt(fd2, SOL_RXRPC, RXRPC_BIND_CHANNEL, &fd1, sizeof(fd1));

     The sockets are then indistinguishable interfaces onto the local
     endpoint.  Note that each has its own non-overlapping set of user call
     IDs (tags passed in sendmsg/recvmsg control messages to indicate which
     call is being referred to).  This allows each socket to be used in a
     separate process with unshared VMs (pointers to management structs can
     be used as user call IDs).

     User call IDs can then be charged separately on each socket, as
     before:

	msg.msg_control	= control;
	msg.msg_controllen = ctrllen;
	RXRPC_ADD_CALLID(control, ctrllen, user_id);
	RXRPC_ADD_CHARGE_ACCEPT(control, ctrllen);
	ret = sendmsg(service, &msg, 0);

     If there are any user call IDs available on a particular socket,
     recvmsg() on that socket will pop a waiting call off the shared accept
     queue, tag it with the first ID and add it to the back of that
     socket's recvmsg queue.  From that point, that call can only be
     interacted with through that socket.  The same goes for client calls -
     they're bound to the socket they're started on.

     This allows a server to set up a pool of individual processes, each
     with a "copy" of the socket, with the kernel routing incoming calls as
     the processes announce their availabilty by providing a user ID.

 (2) Provide sendfile() support by allowing a call to be nominated through
     a sockopt as the target.  The call must be bound to that socket.  This
     is done by something like:

	setsockopt(client, SOL_RXRPC, RXRPC_SELECT_CALL_FOR_SEND,
		   &call_id, sizeof(call_id));
	sendfile(client, source, &pos, st.st_size);

     The target call is cleared when the call completion message is
     collected by recvmsg() or the sockopt is altered.  Setting 0 just
     clears it.  If no call is set, sendfile will fail.

 (3) Provide splice-read support by allowing a call to be nominated through
     a sockopt as the source.  The call must be bound to that socket.  This
     is done by something like:

	setsockopt(client, SOL_RXRPC, RXRPC_SELECT_CALL_FOR_RECV,
		   &call_id, sizeof(call_id));
	ret = splice(client, NULL, pipefd[1], NULL, count, 0);

     The source call is cleared when the call completion message is
     collected by recvmsg() or the sockopt is altered.  Setting 0 just
     clears it.  If no call is set, splice will fail.

 (4) Also limit recvmsg() by setting RXRPC_SELECT_CALL_FOR_RECV.  It will
     ignore other calls whilst it is effect.  The effect will be cancelled
     when the completion message is returned (MSG_EOR will be set).

 (5) Add two new control messages that can be passed to sendmsg() when
     initiating a client call to allow them to have authentication and
     crypto parameters individually set:

	RXRPC_SET_SECURITY_KEY
	RXRPC_SET_SECURITY_LEVEL

     The first allows a key to be specified to indicate the authentication
     and crypto; the second indicates the level of crypto required on the
     packet.

     Currently RXRPC_SET_SECURITY_KEY takes a key description, which it
     passes to request_key(), but possibly it should at least allow a key
     ID instead.

The patches can be found here also:

	http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-multiqueue

David
---
David Howells (8):
      rxrpc: List open sockets in /proc/net/rxrpc/sockets
      rxrpc: Allow UDP socket sharing for AF_RXRPC service sockets
      rxrpc: Allow multiple AF_RXRPC sockets to be bound together to form queues
      rxrpc: Allow the call to interact with to be preselected
      rxrpc: Implement sendfile() support
      rxrpc: Use selected call in recvmsg()
      rxrpc: Implement splice-read for rxrpc calls
      rxrpc: Set call security params in sendmsg() cmsg


 fs/afs/internal.h            |   3 -
 fs/afs/main.c                |   1 -
 fs/afs/rxrpc.c               |  83 +++---
 include/net/af_rxrpc.h       |   9 +-
 include/trace/events/afs.h   |   4 +
 include/trace/events/rxrpc.h |   9 +-
 include/uapi/linux/rxrpc.h   |   5 +
 net/rxrpc/af_rxrpc.c         | 510 ++++++++++++++++++++++++++++++-----
 net/rxrpc/ar-internal.h      | 112 +++++---
 net/rxrpc/call_accept.c      | 439 +++++++++++++++++++-----------
 net/rxrpc/call_object.c      | 133 +++++----
 net/rxrpc/conn_service.c     |  17 +-
 net/rxrpc/input.c            |  25 +-
 net/rxrpc/key.c              |  30 ++-
 net/rxrpc/local_object.c     |  24 +-
 net/rxrpc/net_ns.c           |   5 +
 net/rxrpc/peer_object.c      |  17 +-
 net/rxrpc/proc.c             | 120 ++++++++-
 net/rxrpc/recvmsg.c          | 330 ++++++++++++++++++++---
 net/rxrpc/security.c         |  22 +-
 net/rxrpc/sendmsg.c          |  78 +++++-
 net/rxrpc/server_key.c       |  12 +-
 22 files changed, 1524 insertions(+), 464 deletions(-)


Powered by blists - more mailing lists