From: Chuck Lever <chuck.lever@oracle.com>
To: Alistair Francis <alistair23@gmail.com>
Cc: hare@kernel.org, kernel-tls-handshake@lists.linux.dev,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-doc@vger.kernel.org, linux-nvme@lists.infradead.org,
linux-nfs@vger.kernel.org, kbusch@kernel.org, axboe@kernel.dk,
hch@lst.de, sagi@grimberg.me, kch@nvidia.com, hare@suse.de,
Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH v5 2/6] net/handshake: Define handshake_sk_destruct_req
Date: Thu, 13 Nov 2025 09:01:26 -0500 [thread overview]
Message-ID: <0d77853e-7201-47c4-991c-bb492a12dd29@oracle.com> (raw)
In-Reply-To: <CAKmqyKN4SN6DkjaRMe4st23Xnc3gb6DcqUGHi72UTgaiE9EqGw@mail.gmail.com>
On 11/13/25 5:19 AM, Alistair Francis wrote:
> On Thu, Nov 13, 2025 at 1:47 AM Chuck Lever <chuck.lever@oracle.com> wrote:
>>
>> On 11/11/25 11:27 PM, alistair23@gmail.com wrote:
>>> From: Alistair Francis <alistair.francis@wdc.com>
>>>
>>> Define a `handshake_sk_destruct_req()` function to allow the destruction
>>> of the handshake req.
>>>
>>> This is required to avoid hash conflicts when handshake_req_hash_add()
>>> is called as part of submitting the KeyUpdate request.
>>>
>>> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
>>> Reviewed-by: Hannes Reinecke <hare@suse.de>
>>> ---
>>> v5:
>>> - No change
>>> v4:
>>> - No change
>>> v3:
>>> - New patch
>>>
>>> net/handshake/request.c | 16 ++++++++++++++++
>>> 1 file changed, 16 insertions(+)
>>>
>>> diff --git a/net/handshake/request.c b/net/handshake/request.c
>>> index 274d2c89b6b2..0d1c91c80478 100644
>>> --- a/net/handshake/request.c
>>> +++ b/net/handshake/request.c
>>> @@ -98,6 +98,22 @@ static void handshake_sk_destruct(struct sock *sk)
>>> sk_destruct(sk);
>>> }
>>>
>>> +/**
>>> + * handshake_sk_destruct_req - destroy an existing request
>>> + * @sk: socket on which there is an existing request
>>
>> Generally the kdoc style is unnecessary for static helper functions,
>> especially functions with only a single caller.
>>
>> This all looks so much like handshake_sk_destruct(). Consider
>> eliminating the code duplication by splitting that function into a
>> couple of helpers instead of adding this one.
>>
>>
>>> + */
>>> +static void handshake_sk_destruct_req(struct sock *sk)
>>
>> Because this function is static, I imagine that the compiler will
>> bark about the addition of an unused function. Perhaps it would
>> be better to combine 2/6 and 3/6.
>>
>> That would also make it easier for reviewers to check the resource
>> accounting issues mentioned below.
>>
>>
>>> +{
>>> + struct handshake_req *req;
>>> +
>>> + req = handshake_req_hash_lookup(sk);
>>> + if (!req)
>>> + return;
>>> +
>>> + trace_handshake_destruct(sock_net(sk), req, sk);
>>
>> Wondering if this function needs to preserve the socket's destructor
>> callback chain like so:
>>
>> + void (sk_destruct)(struct sock sk);
>>
>> ...
>>
>> + sk_destruct = req->hr_odestruct;
>> + sk->sk_destruct = sk_destruct;
>>
>> then:
>>
>>> + handshake_req_destroy(req);
>>
>> Because of the current code organization and patch ordering, it's
>> difficult to confirm that sock_put() isn't necessary here.
>>
>>
>>> +}
>>> +
>>> /**
>>> * handshake_req_alloc - Allocate a handshake request
>>> * @proto: security protocol
>>
>> There's no synchronization preventing concurrent handshake_req_cancel()
>> calls from accessing the request after it's freed during handshake
>> completion. That is one reason why handshake_complete() leaves completed
>> requests in the hash.
>
> Ah, so you are worried that free-ing the request will race with
> accessing the request after a handshake_req_hash_lookup().
>
> Ok, makes sense. It seems like one answer to that is to add synchronisation
>
>>
>> So I'm thinking that removing requests like this is not going to work
>> out. Would it work better if handshake_req_hash_add() could recognize
>> that a KeyUpdate is going on, and allow replacement of a hashed
>> request? I haven't thought that through.
>
> I guess the idea would be to do something like this in
> handshake_req_hash_add() if the entry already exists?
>
> if (test_and_set_bit(HANDSHAKE_F_REQ_COMPLETED, &req->hr_flags)) {
> /* Request already completed */
> rhashtable_replace_fast(...);
> }
>
> I'm not sure that's better. That could possibly still race with
> something that hasn't yet set HANDSHAKE_F_REQ_COMPLETED and overwrite
> the request unexpectedly.
>
> What about adding synchronisation and keeping the current approach?
> From a quick look it should be enough to just edit
> handshake_sk_destruct() and handshake_req_cancel()
Or make the KeyUpdate requests somehow distinctive so they do not
collide with initial handshake requests.
> Alistair
>
>>
>>
>> As always, please double-check my questions and assumptions before
>> revising this patch!
>>
>>
>> --
>> Chuck Lever
--
Chuck Lever
next prev parent reply other threads:[~2025-11-13 14:02 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-12 4:27 [PATCH v5 0/6] nvme-tcp: Support receiving KeyUpdate requests alistair23
2025-11-12 4:27 ` [PATCH v5 1/6] net/handshake: Store the key serial number on completion alistair23
2025-11-12 15:02 ` Chuck Lever
2025-11-30 22:21 ` Sagi Grimberg
2025-11-12 4:27 ` [PATCH v5 2/6] net/handshake: Define handshake_sk_destruct_req alistair23
2025-11-12 15:47 ` Chuck Lever
2025-11-13 10:19 ` Alistair Francis
2025-11-13 14:01 ` Chuck Lever [this message]
2025-11-13 14:37 ` Chuck Lever
2025-11-14 3:44 ` Alistair Francis
2025-11-14 14:14 ` Chuck Lever
2025-11-19 0:45 ` Alistair Francis
2025-11-20 13:51 ` Chuck Lever
2025-11-25 5:00 ` Alistair Francis
2025-11-25 13:55 ` Chuck Lever
2025-11-12 4:27 ` [PATCH v5 3/6] net/handshake: Ensure the request is destructed on completion alistair23
2025-11-12 4:27 ` [PATCH v5 4/6] net/handshake: Support KeyUpdate message types alistair23
2025-11-12 15:49 ` Chuck Lever
2025-11-13 2:16 ` Alistair Francis
2025-11-13 14:41 ` Chuck Lever
2025-11-27 13:12 ` Hannes Reinecke
2025-11-12 4:27 ` [PATCH v5 5/6] nvme-tcp: Support KeyUpdate alistair23
2025-11-12 6:59 ` Christoph Hellwig
2025-11-12 14:31 ` Chuck Lever
2025-11-12 14:38 ` Christoph Hellwig
2025-11-12 14:38 ` Chuck Lever
2025-11-27 13:31 ` Hannes Reinecke
2025-12-01 4:18 ` Alistair Francis
2025-12-01 15:03 ` Hannes Reinecke
2025-11-30 22:31 ` Sagi Grimberg
2025-12-01 23:27 ` Alistair Francis
2025-11-12 4:27 ` [PATCH v5 6/6] nvmet-tcp: " alistair23
2025-11-12 7:01 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0d77853e-7201-47c4-991c-bb492a12dd29@oracle.com \
--to=chuck.lever@oracle.com \
--cc=alistair.francis@wdc.com \
--cc=alistair23@gmail.com \
--cc=axboe@kernel.dk \
--cc=hare@kernel.org \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=kch@nvidia.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=netdev@vger.kernel.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox