From: Jakub Sitnicki <jakub@cloudflare.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: davem@davemloft.net, netdev@vger.kernel.org,
edumazet@google.com, pabeni@redhat.com, andrew+netdev@lunn.ch,
horms@kernel.org, bpf@vger.kernel.org,
john.fastabend@gmail.com, sd@queasysnail.net
Subject: Re: [PATCH net-next 2/5] tls: remove dead sockmap (psock) handling from the SW path
Date: Mon, 15 Jun 2026 16:55:03 +0200 [thread overview]
Message-ID: <875x3jdfaw.fsf@cloudflare.com> (raw)
In-Reply-To: <20260614014102.461064-3-kuba@kernel.org> (Jakub Kicinski's message of "Sat, 13 Jun 2026 18:40:57 -0700")
On Sat, Jun 13, 2026 at 06:40 PM -07, Jakub Kicinski wrote:
> TLS and sockmap are now mutually exclusive. Try to delete the code
> from sendmsg and recvmsg path which is now obviously dead.
>
> The main goal is to delete enough code for AI security scanners
> to no longer bother us with sockmap related bugs. At the same
> time retain the code in case someone has the cycles to fix
> all of this and make the integration work, again.
>
> If the integration does not get restored we can wipe the rest
> of the skmsg code from TLS in two or three releases.
>
> The changes on the Tx side are deeper since that's where most
> of the bugs are, Rx side simply takes the data from sockmap
> and gives it to the user. On Tx split record handling and
> rolling back the iterator were the two problem areas.
>
> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
> ---
Nice! This unlocks further cleanup in tcp_bpf and tcp_ulp.
Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com>
next prev parent reply other threads:[~2026-06-15 14:55 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-14 1:40 [PATCH net-next 0/5] tls: reject the combination of TLS and sockmap Jakub Kicinski
2026-06-14 1:40 ` [PATCH net-next 1/5] " Jakub Kicinski
2026-06-14 8:09 ` Paolo Abeni
2026-06-14 19:12 ` Jakub Sitnicki
2026-06-15 18:20 ` Jakub Kicinski
2026-06-15 1:41 ` sashiko-bot
2026-06-15 18:45 ` Jakub Sitnicki
2026-06-15 22:00 ` Sabrina Dubroca
2026-06-14 1:40 ` [PATCH net-next 2/5] tls: remove dead sockmap (psock) handling from the SW path Jakub Kicinski
2026-06-15 14:55 ` Jakub Sitnicki [this message]
2026-06-15 22:20 ` Sabrina Dubroca
2026-06-14 1:40 ` [PATCH net-next 3/5] selftests/bpf: remove sockmap + ktls tests Jakub Kicinski
2026-06-14 1:40 ` [PATCH net-next 4/5] selftests/bpf: drop the unused kTLS program from test_sockmap Jakub Kicinski
2026-06-14 1:41 ` [PATCH net-next 5/5] selftests/bpf: test that TLS crypto is rejected on a sockmap socket Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875x3jdfaw.fsf@cloudflare.com \
--to=jakub@cloudflare.com \
--cc=andrew+netdev@lunn.ch \
--cc=bpf@vger.kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.