[PATCH net 4/7] net: tls: handle backlogging of crypto requests

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Jakub Kicinski <kuba@kernel•org>
To: davem@davemloft•net
Cc: netdev@vger•kernel.org, edumazet@google•com, pabeni@redhat•com,
	sd@queasysnail•net, vadim.fedorenko@linux•dev,
	Jakub Kicinski <kuba@kernel•org>,
	borisp@nvidia•com, john.fastabend@gmail•com, vakul.garg@nxp•com,
	davejwatson@fb•com
Subject: [PATCH net 4/7] net: tls: handle backlogging of crypto requests
Date: Tue,  6 Feb 2024 17:18:21 -0800	[thread overview]
Message-ID: <20240207011824.2609030-5-kuba@kernel.org> (raw)
In-Reply-To: <20240207011824.2609030-1-kuba@kernel.org>

Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our
requests to the crypto API, crypto_aead_{encrypt,decrypt} can return
 -EBUSY instead of -EINPROGRESS in valid situations. For example, when
the cryptd queue for AESNI is full (easy to trigger with an
artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued
to the backlog but still processed. In that case, the async callback
will also be called twice: first with err == -EINPROGRESS, which it
seems we can just ignore, then with err == 0.

Compared to Sabrina's original patch this version uses the new
tls_*crypt_async_wait() helpers and converts the EBUSY to
EINPROGRESS to avoid having to modify all the error handling
paths. The handling is identical.

Fixes: a54667f6728c ("tls: Add support for encryption using async offload accelerator")
Fixes: 94524d8fc965 ("net/tls: Add support for async decryption of tls records")
Co-developed-by: Sabrina Dubroca <sd@queasysnail•net>
Signed-off-by: Sabrina Dubroca <sd@queasysnail•net>
Link: https://lore.kernel.org/netdev/9681d1febfec295449a62300938ed2ae66983f28.1694018970.git.sd@queasysnail.net/
Signed-off-by: Jakub Kicinski <kuba@kernel•org>
---
CC: borisp@nvidia•com
CC: john.fastabend@gmail•com
CC: vakul.garg@nxp•com
CC: davejwatson@fb•com
---
 net/tls/tls_sw.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 9374a61cef00..63bef5666e36 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -196,6 +196,17 @@ static void tls_decrypt_done(void *data, int err)
 	struct sock *sk;
 	int aead_size;
 
+	/* If requests get too backlogged crypto API returns -EBUSY and calls
+	 * ->complete(-EINPROGRESS) immediately followed by ->complete(0)
+	 * to make waiting for backlog to flush with crypto_wait_req() easier.
+	 * First wait converts -EBUSY -> -EINPROGRESS, and the second one
+	 * -EINPROGRESS -> 0.
+	 * We have a single struct crypto_async_request per direction, this
+	 * scheme doesn't help us, so just ignore the first ->complete().
+	 */
+	if (err == -EINPROGRESS)
+		return;
+
 	aead_size = sizeof(*aead_req) + crypto_aead_reqsize(aead);
 	aead_size = ALIGN(aead_size, __alignof__(*dctx));
 	dctx = (void *)((u8 *)aead_req + aead_size);
@@ -269,6 +280,10 @@ static int tls_do_decryption(struct sock *sk,
 	}
 
 	ret = crypto_aead_decrypt(aead_req);
+	if (ret == -EBUSY) {
+		ret = tls_decrypt_async_wait(ctx);
+		ret = ret ?: -EINPROGRESS;
+	}
 	if (ret == -EINPROGRESS) {
 		if (darg->async)
 			return 0;
@@ -449,6 +464,9 @@ static void tls_encrypt_done(void *data, int err)
 	struct sk_msg *msg_en;
 	struct sock *sk;
 
+	if (err == -EINPROGRESS) /* see the comment in tls_decrypt_done() */
+		return;
+
 	msg_en = &rec->msg_encrypted;
 
 	sk = rec->sk;
@@ -553,6 +571,10 @@ static int tls_do_encryption(struct sock *sk,
 	atomic_inc(&ctx->encrypt_pending);
 
 	rc = crypto_aead_encrypt(aead_req);
+	if (rc == -EBUSY) {
+		rc = tls_encrypt_async_wait(ctx);
+		rc = rc ?: -EINPROGRESS;
+	}
 	if (!rc || rc != -EINPROGRESS) {
 		atomic_dec(&ctx->encrypt_pending);
 		sge->offset -= prot->prepend_size;
-- 
2.43.0

next prev parent reply	other threads:[~2024-02-07  1:19 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-07  1:18 [PATCH net 0/7] net: tls: fix some issues with async encryption Jakub Kicinski
2024-02-07  1:18 ` [PATCH net 1/7] net: tls: factor out tls_*crypt_async_wait() Jakub Kicinski
2024-02-09  9:23   ` Simon Horman
2024-02-10  9:08   ` Sabrina Dubroca
2024-02-07  1:18 ` [PATCH net 2/7] tls: fix race between async notify and socket close Jakub Kicinski
2024-02-09  9:24   ` Simon Horman
2024-02-09  9:47   ` Eric Dumazet
2024-02-10  9:11   ` Sabrina Dubroca
2024-02-07  1:18 ` [PATCH net 3/7] tls: fix race between tx work scheduling " Jakub Kicinski
2024-02-09  9:24   ` Simon Horman
2024-02-10  9:12   ` Sabrina Dubroca
2024-02-07  1:18 ` Jakub Kicinski [this message]
2024-02-09  9:25   ` [PATCH net 4/7] net: tls: handle backlogging of crypto requests Simon Horman
2024-02-07  1:18 ` [PATCH net 5/7] net: tls: fix use-after-free with partial reads and async decrypt Jakub Kicinski
2024-02-09  9:25   ` Simon Horman
2024-02-07  1:18 ` [PATCH net 6/7] selftests: tls: use exact comparison in recv_partial Jakub Kicinski
2024-02-09  9:25   ` Simon Horman
2024-02-07  1:18 ` [PATCH net 7/7] net: tls: fix returned read length with async decrypt Jakub Kicinski
2024-02-09  9:22   ` Simon Horman
2024-02-10  9:02   ` Sabrina Dubroca
2024-02-12 17:11     ` Jakub Kicinski
2024-02-10  9:05 ` [PATCH net 0/7] net: tls: fix some issues with async encryption Sabrina Dubroca
2024-02-10 21:40 ` patchwork-bot+netdevbpf

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9374a61cef0 dfblob:63bef5666e3 )
 OR (
bs:"[PATCH net 4/7] net: tls: handle backlogging of crypto requests" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240207011824.2609030-5-kuba@kernel.org \
    --to=kuba@kernel$(echo .)org \
    --cc=borisp@nvidia$(echo .)com \
    --cc=davejwatson@fb$(echo .)com \
    --cc=davem@davemloft$(echo .)net \
    --cc=edumazet@google$(echo .)com \
    --cc=john.fastabend@gmail$(echo .)com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=pabeni@redhat$(echo .)com \
    --cc=sd@queasysnail$(echo .)net \
    --cc=vadim.fedorenko@linux$(echo .)dev \
    --cc=vakul.garg@nxp$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox