From: Jakub Kicinski <kuba@kernel.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: netdev@vger.kernel.org, Steve Sears <sjs@hammerspace.com>,
Thomas Haynes <loghyr@hammerspace.com>,
kernel-tls-handshake <kernel-tls-handshake@lists.linux.dev>,
Sabrina Dubroca <sd@queasysnail.net>
Subject: Re: RPC-with-TLS client does not receive traffic
Date: Mon, 19 May 2025 16:01:02 -0700 [thread overview]
Message-ID: <20250519160102.26d95e57@kernel.org> (raw)
In-Reply-To: <48aaf181-b7cf-45d1-ba60-bf90ad45d842@oracle.com>
On Sat, 17 May 2025 12:39:58 -0400 Chuck Lever wrote:
> > Hm, yes, my intuition would be to add a xs_poll_check_readable()
> > after connection set up to check if we raced with data being queued?
> >
> > IIUC sk->sk_user_data is not set up when the first event fires
> > so xs_data_ready() ignores it? We can't set user_data sooner?
>
> I think the answer to this is that sunrpc never sees a data ready event.
> The value contained in sk->sk_user_data is therefore irrelevant.
>
> Because tls_setsockopt() sets strp->msg_ready, when the underlying
> socket event arrives tls_data_ready() is a no-op. That terminates the
> ->data_ready call chain before xs_data_ready can be called.
>
> The handshake daemon sets the session key by calling tls_setsockopt.
> When it hangs:
>
> function: tls_setsockopt
> function: do_tls_setsockopt_conf
> function: tls_set_device_offload_rx
> function: tls_set_sw_offload
> function: init_prot_info
> function: tls_strp_init
> function: tls_sw_strparser_arm
> function: tls_strp_check_rcv
> function: tls_strp_read_sock
> function: tls_strp_load_anchor_with_queue
> function: tls_rx_msg_size
> function: tls_device_rx_resync_new_rec
> function: tls_rx_msg_ready <<<<<
>
> The next call to tls_data_ready sees strp->msg_ready is set, returns
> without doing anything, and progress stops.
>
> In the successful case, tls_strp_check_rcv() simply returns, leaving
> strp->msg_ready set to zero. The next call to tls_data_ready can
> then process the ingress data and call xs_data_ready.
Is there any data queued on the TLS socket already when it "hangs" ?
If it's getting into msg_ready state without the data - it's a bug
in TLS. If there's a full record queued at the time when handshake
passes the socket back to the kernel - it's up to the reader to read
the already queued data out.
prev parent reply other threads:[~2025-05-19 23:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-15 14:35 RPC-with-TLS client does not receive traffic Chuck Lever
2025-05-15 14:44 ` Chuck Lever
2025-05-15 15:02 ` Hannes Reinecke
2025-05-15 15:05 ` Chuck Lever
2025-05-16 23:27 ` Jakub Kicinski
[not found] ` <8ABF3663-1BDD-4B87-8DA5-AB39774B1B89@oracle.com>
[not found] ` <20250516165355.6efb470e@kernel.org>
2025-05-17 16:39 ` Chuck Lever
2025-05-19 23:01 ` Jakub Kicinski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250519160102.26d95e57@kernel.org \
--to=kuba@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=loghyr@hammerspace.com \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=sjs@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.