[PATCH 09/14] nvme-tcp: control message handling for recvmsg()
Hannes Reinecke
hare at suse.de
Tue Aug 8 01:51:45 PDT 2023
On 8/8/23 10:41, Sagi Grimberg wrote:
>
>
> On 8/8/23 09:39, Hannes Reinecke wrote:
>> On 8/7/23 10:22, Sagi Grimberg wrote:
>>>
>>>
>>> On 8/3/23 13:50, Hannes Reinecke wrote:
>>>> kTLS is sending TLS ALERT messages as control messages for recvmsg().
>>>> As we can't do anything sensible with it just abort the connection
>>>> and let the userspace agent to a re-negotiation.
>>>>
>>>> Signed-off-by: Hannes Reinecke <hare at suse.de>
>>>> Reviewed-by: Sagi Grimberg <sagi at grimberg.me>
>>>> ---
>>>> drivers/nvme/host/tcp.c | 18 +++++++++++++++++-
>>>> 1 file changed, 17 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
>>>> index 98400ad5f969..4d0e3de39c26 100644
>>>> --- a/drivers/nvme/host/tcp.c
>>>> +++ b/drivers/nvme/host/tcp.c
>>>> @@ -14,6 +14,7 @@
>>>> #include <net/sock.h>
>>>> #include <net/tcp.h>
>>>> #include <net/tls.h>
>>>> +#include <net/tls_prot.h>
>>>> #include <net/handshake.h>
>>>> #include <linux/blk-mq.h>
>>>> #include <crypto/hash.h>
>>>> @@ -1369,6 +1370,10 @@ static int nvme_tcp_init_connection(struct
>>>> nvme_tcp_queue *queue)
>>>> {
>>>> struct nvme_tcp_icreq_pdu *icreq;
>>>> struct nvme_tcp_icresp_pdu *icresp;
>>>> +#ifdef CONFIG_NVME_TCP_TLS
>>>> + char cbuf[CMSG_LEN(sizeof(char))] = {};
>>>> + u8 ctype;
>>>> +#endif
>>>> struct msghdr msg = {};
>>>> struct kvec iov;
>>>> bool ctrl_hdgst, ctrl_ddgst;
>>>> @@ -1406,11 +1411,22 @@ static int nvme_tcp_init_connection(struct
>>>> nvme_tcp_queue *queue)
>>>> memset(&msg, 0, sizeof(msg));
>>>> iov.iov_base = icresp;
>>>> iov.iov_len = sizeof(*icresp);
>>>> +#ifdef CONFIG_NVME_TCP_TLS
>>>> + msg.msg_control = cbuf;
>>>> + msg.msg_controllen = sizeof(cbuf);
>>>> +#endif
>>>> ret = kernel_recvmsg(queue->sock, &msg, &iov, 1,
>>>> iov.iov_len, msg.msg_flags);
>>>> if (ret < 0)
>>>> goto free_icresp;
>>>
>>> Is the cmsg passed unconditionally? meaning this does not
>>> impact non-tls?
>>>
>>> If so, why is the ifdef needed?
>>>
>> Passing in a cmsg (and a controllen) always enables the use of
>> control messages, irrespective of the type.
>> As we never enabled control messages prior to this we would
>> change the implementation when TLS is not enabled; who knows,
>> someone might have been sending us control messages all along,
>> but we never checked. So I thought it prudent to only enable
>> it for TLS where we know that we might be getting control messages.
>
> But you are doing this only based on the compile-time config option, not
> based on a runtime setting. I am not sure I follow your logic.
For TLS I actually check the cmsg type, so even if we were to receive
other control messages they would be caught.
If I were to enable control messages in general I would need to check
for control messages on every packet, which may well impact performance.
Do we want that?
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, Frankenstr. 146, 90461 Nürnberg
Managing Directors: I. Totev, A. Myers, A. McDonald, M. B. Moerman
(HRB 36809, AG Nürnberg)
More information about the Linux-nvme
mailing list