From: Hannes Reinecke <hare@suse.de>
To: Chuck Lever <chuck.lever@oracle.com>,
Jakub Kicinski <kuba@kernel.org>,
Sabrina Dubroca <sd@queasysnail.net>
Cc: netdev@vger.kernel.org, Steve Sears <sjs@hammerspace.com>,
Thomas Haynes <loghyr@hammerspace.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
kernel-tls-handshake <kernel-tls-handshake@lists.linux.dev>
Subject: Re: RPC-with-TLS client does not receive traffic
Date: Thu, 15 May 2025 17:02:03 +0200 [thread overview]
Message-ID: <62cbd258-11df-4d76-9ab1-8e7b72f01ca4@suse.de> (raw)
In-Reply-To: <20d1d07b-a656-48ab-9e0e-7ba04214aa3f@oracle.com>
On 5/15/25 16:44, Chuck Lever wrote:
> Resending with linux-nfs and kernel-tls-handshake on Cc
>
>
> On 5/15/25 10:35 AM, Chuck Lever wrote:
>> Hi -
>>
>> I'm troubleshooting an issue where, after a successful handshake, the
>> kernel TLS socket's data_ready callback is never invoked. I'm able to
>> reproduce this 100% on an Atom-based system with a Realtek Ethernet
>> device. But on many other systems, the problem is intermittent or not
>> reproducible.
>>
>> The problem seems to be that strp->msg_ready is already set when
>> tls_data_ready is called, and that prevents any further processing. I
>> see that msg_ready is set when the handshake daemon sets the ktls
>> security parameters, and is then never cleared.
>>
>> function: tls_setsockopt
>> function: do_tls_setsockopt_conf
>> function: tls_set_device_offload_rx
>> function: tls_set_sw_offload
>> function: init_prot_info
>> function: tls_strp_init
>> function: tls_sw_strparser_arm
>> function: tls_strp_check_rcv
>> function: tls_strp_read_sock
>> function: tls_strp_load_anchor_with_queue
>> function: tls_rx_msg_size
>> function: tls_device_rx_resync_new_rec
>> function: tls_rx_msg_ready
>>
>> For a working system (a VMware guest using a VMXNet device), setsockopt
>> leaves msg_ready set to zero:
>>
>> function: tls_setsockopt
>> function: do_tls_setsockopt_conf
>> function: tls_set_device_offload_rx
>> function: tls_set_sw_offload
>> function: init_prot_info
>> function: tls_strp_init
>> function: tls_sw_strparser_arm
>> function: tls_strp_check_rcv
>>
>> The first tls_data_ready call then handles the waiting ingress data as
>> expected.
>>
>> Any advice is appreciated.
>>
>
I _think_ you are expected to set the callbacks prior to do the tls
handshake upcall (at least, that's what I'm doing).
It's not that you can (nor should) receive anything on the socket
while the handshake is active.
If it fails you can always reset them to the original callbacks.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
next prev parent reply other threads:[~2025-05-15 15:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <0288b61b-6a8e-409d-8e4c-3f482526cf46@oracle.com>
2025-05-15 14:44 ` RPC-with-TLS client does not receive traffic Chuck Lever
2025-05-15 15:02 ` Hannes Reinecke [this message]
2025-05-15 15:05 ` Chuck Lever
2025-05-16 23:27 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=62cbd258-11df-4d76-9ab1-8e7b72f01ca4@suse.de \
--to=hare@suse.de \
--cc=chuck.lever@oracle.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=kuba@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=loghyr@hammerspace.com \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=sjs@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox