From: Hannes Reinecke <hare@suse.de>
To: Wilfred Mallawa <wilfred.opensource@gmail.com>,
alistair.francis@wdc.com, dlemoal@kernel.org,
chuck.lever@oracle.com, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com, horms@kernel.org,
donald.hunter@gmail.com, corbet@lwn.net, kbusch@kernel.org,
axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, kch@nvidia.com,
borisp@nvidia.com, john.fastabend@gmail.com, jlayton@kernel.org,
neil@brown.name, okorniev@redhat.com, Dai.Ngo@oracle.com,
tom@talpey.com, trondmy@kernel.org, anna@kernel.org,
kernel-tls-handshake@lists.linux.dev, netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-nvme@lists.infradead.org, linux-nfs@vger.kernel.org,
Wilfred Mallawa <wilfred.mallawa@wdc.com>
Subject: Re: [RFC 3/4] nvme/host/tcp: set max record size in the tls context
Date: Tue, 29 Jul 2025 10:16:02 +0200 [thread overview]
Message-ID: <7e18e224-ba9f-420d-ad2e-e349d25b58e0@suse.de> (raw)
In-Reply-To: <20250729024150.222513-6-wilfred.opensource@gmail.com>
On 7/29/25 04:41, Wilfred Mallawa wrote:
> From: Wilfred Mallawa <wilfred.mallawa@wdc.com>
>
> During a tls handshake, a host may specify the tls record size limit
> using the tls "record_size_limit" extension. Currently, the NVMe TCP
> host driver does not specify this value to the tls layer.
>
> This patch adds support for setting the tls record size limit into the
> tls context, such that outgoing records may not exceed this limit
> specified by the endpoint.
>
> Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
> ---
> drivers/nvme/host/tcp.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
> index 65ceadb4ffed..84a55736f269 100644
> --- a/drivers/nvme/host/tcp.c
> +++ b/drivers/nvme/host/tcp.c
> @@ -1677,6 +1677,7 @@ static void nvme_tcp_tls_done(void *data, int status, key_serial_t pskid,
> size_t tls_record_size_limit)
> {
> struct nvme_tcp_queue *queue = data;
> + struct tls_context *tls_ctx = tls_get_ctx(queue->sock->sk);
> struct nvme_tcp_ctrl *ctrl = queue->ctrl;
> int qid = nvme_tcp_queue_id(queue);
> struct key *tls_key;
> @@ -1700,6 +1701,20 @@ static void nvme_tcp_tls_done(void *data, int status, key_serial_t pskid,
> ctrl->ctrl.tls_pskid = key_serial(tls_key);
> key_put(tls_key);
> queue->tls_err = 0;
> +
> + /* Endpoint has specified a maximum tls record size limit */
> + if (tls_record_size_limit > TLS_MAX_PAYLOAD_SIZE) {
> + dev_err(ctrl->ctrl.device,
> + "queue %d: invalid tls max record size limit: %zd\n",
> + nvme_tcp_queue_id(queue), tls_record_size_limit);
> + queue->tls_err = -EINVAL;
> + goto out_complete;
> + } else if (tls_record_size_limit > 0) {
> + tls_ctx->tls_record_size_limit = (u32)tls_record_size_limit;
> + dev_dbg(ctrl->ctrl.device,
> + "queue %d: target specified tls_record_size_limit %u\n",
> + nvme_tcp_queue_id(queue), tls_ctx->tls_record_size_limit);
> + }
> }
>
> out_complete:
Why do we need to do that?
This value is never used in that driver, so why can't the TLS layer
handle it?
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
next prev parent reply other threads:[~2025-07-29 8:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-29 2:41 [RFC 0/4] net/tls: add support for the record size limit extension Wilfred Mallawa
2025-07-29 2:41 ` [RFC 1/4] net/handshake: get negotiated tls record size limit Wilfred Mallawa
2025-07-29 8:07 ` Damien Le Moal
2025-07-29 8:12 ` Hannes Reinecke
2025-08-07 0:03 ` Wilfred Mallawa
2025-07-29 2:41 ` [RFC 2/4] net/tls/tls_sw: use the record size limit specified Wilfred Mallawa
2025-07-29 8:13 ` Damien Le Moal
2025-08-07 0:04 ` Wilfred Mallawa
2025-07-29 2:41 ` [RFC 3/4] nvme/host/tcp: set max record size in the tls context Wilfred Mallawa
2025-07-29 8:16 ` Hannes Reinecke [this message]
2025-07-29 2:41 ` [RFC 4/4] nvme/target/tcp: " Wilfred Mallawa
2025-07-29 8:16 ` Hannes Reinecke
2025-07-29 13:37 ` [RFC 0/4] net/tls: add support for the record size limit extension Chuck Lever
2025-08-07 0:14 ` Wilfred Mallawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7e18e224-ba9f-420d-ad2e-e349d25b58e0@suse.de \
--to=hare@suse.de \
--cc=Dai.Ngo@oracle.com \
--cc=alistair.francis@wdc.com \
--cc=anna@kernel.org \
--cc=axboe@kernel.dk \
--cc=borisp@nvidia.com \
--cc=chuck.lever@oracle.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=dlemoal@kernel.org \
--cc=donald.hunter@gmail.com \
--cc=edumazet@google.com \
--cc=hch@lst.de \
--cc=horms@kernel.org \
--cc=jlayton@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kbusch@kernel.org \
--cc=kch@nvidia.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=kuba@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=neil@brown.name \
--cc=netdev@vger.kernel.org \
--cc=okorniev@redhat.com \
--cc=pabeni@redhat.com \
--cc=sagi@grimberg.me \
--cc=tom@talpey.com \
--cc=trondmy@kernel.org \
--cc=wilfred.mallawa@wdc.com \
--cc=wilfred.opensource@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).