[PATCH 14/14] nvmet-tcp: control messages for recvmsg()

public inbox for linux-nvme@lists.infradead.org
 help / color / mirror / Atom feed

From: Hannes Reinecke <hare@suse.de>
To: Christoph Hellwig <hch@lst.de>
Cc: Sagi Grimberg <sagi@grimberg.me>, Keith Busch <kbusch@kernel.org>,
	linux-nvme@lists.infradead.org, Hannes Reinecke <hare@suse.de>
Subject: [PATCH 14/14] nvmet-tcp: control messages for recvmsg()
Date: Thu,  3 Aug 2023 12:51:02 +0200	[thread overview]
Message-ID: <20230803105102.30949-15-hare@suse.de> (raw)
In-Reply-To: <20230803105102.30949-1-hare@suse.de>

kTLS requires control messages for recvmsg() to relay any out-of-band
TLS messages (eg TLS alerts) to the caller.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 drivers/nvme/target/tcp.c | 87 +++++++++++++++++++++++++++++++++------
 1 file changed, 74 insertions(+), 13 deletions(-)

diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
index 7279c994abd6..e2db573d68d9 100644
--- a/drivers/nvme/target/tcp.c
+++ b/drivers/nvme/target/tcp.c
@@ -14,6 +14,7 @@
 #include <net/sock.h>
 #include <net/tcp.h>
 #include <net/tls.h>
+#include <net/tls_prot.h>
 #include <net/handshake.h>
 #include <linux/inet.h>
 #include <linux/llist.h>
@@ -118,6 +119,7 @@ struct nvmet_tcp_cmd {
 	u32				pdu_len;
 	u32				pdu_recv;
 	int				sg_idx;
+	char				recv_cbuf[CMSG_LEN(sizeof(char))];
 	struct msghdr			recv_msg;
 	struct bio_vec			*iov;
 	u32				flags;
@@ -1116,12 +1118,49 @@ static inline bool nvmet_tcp_pdu_valid(u8 type)
 	return false;
 }
 
+static int nvmet_tcp_tls_record_ok(struct socket *sock, struct msghdr *msg, char *cbuf)
+{
+	struct cmsghdr *cmsg = (struct cmsghdr *)cbuf;
+	u8 ctype, level, description;
+	int ret = 0;
+
+	if (!IS_ENABLED(CONFIG_NVME_TARGET_TCP_TLS))
+		return 0;
+
+	ctype = tls_get_record_type(sock->sk, cmsg);
+	switch (ctype) {
+	case 0:
+		break;
+	case TLS_RECORD_TYPE_DATA:
+		break;
+	case TLS_RECORD_TYPE_ALERT:
+		tls_alert_recv(sock->sk, msg, &level, &description);
+		pr_err("TLS Alert level %u desc %u\n", level, description);
+		ret = (level == TLS_ALERT_LEVEL_FATAL) ?
+			-ENOTCONN : -EAGAIN;
+		break;
+	default:
+		/* discard this record type */
+		pr_err("TLS record %d unhandled\n", ctype);
+		ret = -EAGAIN;
+		break;
+	}
+	return ret;
+}
+
 static int nvmet_tcp_try_recv_pdu(struct nvmet_tcp_queue *queue)
 {
 	struct nvme_tcp_hdr *hdr = &queue->pdu.cmd.hdr;
-	int len;
+	int len, ret;
 	struct kvec iov;
-	struct msghdr msg = { .msg_flags = MSG_DONTWAIT };
+	char cbuf[CMSG_LEN(sizeof(char))] = {};
+	struct msghdr msg = {
+#ifdef CONFIG_NVME_TARGET_TCP_TLS
+		.msg_control = cbuf,
+		.msg_controllen = sizeof(cbuf),
+#endif
+		.msg_flags = MSG_DONTWAIT
+	};
 
 recv:
 	iov.iov_base = (void *)&queue->pdu + queue->offset;
@@ -1130,6 +1169,9 @@ static int nvmet_tcp_try_recv_pdu(struct nvmet_tcp_queue *queue)
 			iov.iov_len, msg.msg_flags);
 	if (unlikely(len < 0))
 		return len;
+	ret = nvmet_tcp_tls_record_ok(queue->sock, &msg, cbuf);
+	if (ret < 0)
+		return ret;
 
 	queue->offset += len;
 	queue->left -= len;
@@ -1182,16 +1224,21 @@ static void nvmet_tcp_prep_recv_ddgst(struct nvmet_tcp_cmd *cmd)
 static int nvmet_tcp_try_recv_data(struct nvmet_tcp_queue *queue)
 {
 	struct nvmet_tcp_cmd  *cmd = queue->cmd;
-	int ret;
+	int len, ret;
 
 	while (msg_data_left(&cmd->recv_msg)) {
-		ret = sock_recvmsg(cmd->queue->sock, &cmd->recv_msg,
+		len = sock_recvmsg(cmd->queue->sock, &cmd->recv_msg,
 			cmd->recv_msg.msg_flags);
-		if (ret <= 0)
+		if (len <= 0)
+			return len;
+		ret = nvmet_tcp_tls_record_ok(cmd->queue->sock,
+					      &cmd->recv_msg,
+					      cmd->recv_cbuf);
+		if (ret < 0)
 			return ret;
 
-		cmd->pdu_recv += ret;
-		cmd->rbytes_done += ret;
+		cmd->pdu_recv += len;
+		cmd->rbytes_done += len;
 	}
 
 	if (queue->data_digest) {
@@ -1209,20 +1256,30 @@ static int nvmet_tcp_try_recv_data(struct nvmet_tcp_queue *queue)
 static int nvmet_tcp_try_recv_ddgst(struct nvmet_tcp_queue *queue)
 {
 	struct nvmet_tcp_cmd *cmd = queue->cmd;
-	int ret;
-	struct msghdr msg = { .msg_flags = MSG_DONTWAIT };
+	int ret, len;
+	char cbuf[CMSG_LEN(sizeof(char))] = {};
+	struct msghdr msg = {
+#ifdef CONFIG_NVME_TARGET_TCP_TLS
+		.msg_control = cbuf,
+		.msg_controllen = sizeof(cbuf),
+#endif
+		.msg_flags = MSG_DONTWAIT
+	};
 	struct kvec iov = {
 		.iov_base = (void *)&cmd->recv_ddgst + queue->offset,
 		.iov_len = queue->left
 	};
 
-	ret = kernel_recvmsg(queue->sock, &msg, &iov, 1,
+	len = kernel_recvmsg(queue->sock, &msg, &iov, 1,
 			iov.iov_len, msg.msg_flags);
-	if (unlikely(ret < 0))
+	if (unlikely(len < 0))
+		return len;
+	ret = nvmet_tcp_tls_record_ok(queue->sock, &msg, cbuf);
+	if (ret < 0)
 		return ret;
 
-	queue->offset += ret;
-	queue->left -= ret;
+	queue->offset += len;
+	queue->left -= len;
 	if (queue->left)
 		return -EAGAIN;
 
@@ -1389,6 +1446,10 @@ static int nvmet_tcp_alloc_cmd(struct nvmet_tcp_queue *queue,
 	if (!c->r2t_pdu)
 		goto out_free_data;
 
+	if (IS_ENABLED(CONFIG_NVME_TARGET_TCP_TLS)) {
+		c->recv_msg.msg_control = c->recv_cbuf;
+		c->recv_msg.msg_controllen = sizeof(c->recv_cbuf);
+	}
 	c->recv_msg.msg_flags = MSG_DONTWAIT | MSG_NOSIGNAL;
 
 	list_add_tail(&c->entry, &queue->free_list);
-- 
2.35.3

     prev parent reply	other threads:[~2023-08-03 10:53 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-03 10:50 [PATCHv5 00/14] nvme: In-kernel TLS support for TCP Hannes Reinecke
2023-08-03 10:50 ` [PATCH 01/14] nvme-keyring: register '.nvme' keyring Hannes Reinecke
2023-08-07  7:09   ` Sagi Grimberg
2023-08-03 10:50 ` [PATCH 02/14] nvme-keyring: define a 'psk' keytype Hannes Reinecke
2023-08-07  7:11   ` Sagi Grimberg
2023-08-03 10:50 ` [PATCH 03/14] nvme: add TCP TSAS definitions Hannes Reinecke
2023-08-03 10:50 ` [PATCH 04/14] nvme-tcp: add definitions for TLS cipher suites Hannes Reinecke
2023-08-03 10:50 ` [PATCH 05/14] nvme-keyring: implement nvme_tls_psk_default() Hannes Reinecke
2023-08-07  7:13   ` Sagi Grimberg
2023-08-03 10:50 ` [PATCH 06/14] security/keys: export key_lookup() Hannes Reinecke
2023-08-07  7:13   ` Sagi Grimberg
2023-08-03 10:50 ` [PATCH 07/14] nvme/tcp: allocate socket file Hannes Reinecke
2023-08-07  7:15   ` Sagi Grimberg
2023-08-07  7:23     ` Hannes Reinecke
2023-08-03 10:50 ` [PATCH 08/14] nvme-tcp: enable TLS handshake upcall Hannes Reinecke
2023-08-07  8:20   ` Sagi Grimberg
2023-08-07  8:32     ` Hannes Reinecke
2023-08-03 10:50 ` [PATCH 09/14] nvme-tcp: control message handling for recvmsg() Hannes Reinecke
2023-08-07  8:22   ` Sagi Grimberg
2023-08-08  6:39     ` Hannes Reinecke
2023-08-08  8:41       ` Sagi Grimberg
2023-08-08  8:51         ` Hannes Reinecke
2023-08-08  9:05           ` Sagi Grimberg
2023-08-08 10:57             ` Pawel Baldysiak
     [not found]             ` <20230808105403.3949653-1-pawel.baldysiak@dell.com>
2023-08-08 11:45               ` Sagi Grimberg
2023-08-08 11:56                 ` Hannes Reinecke
2023-08-03 10:50 ` [PATCH 10/14] nvme-fabrics: parse options 'keyring' and 'tls_key' Hannes Reinecke
2023-08-07  8:23   ` Sagi Grimberg
2023-08-07  8:34     ` Hannes Reinecke
2023-08-03 10:50 ` [PATCH 11/14] nvmet: make TCP sectype settable via configfs Hannes Reinecke
2023-08-07  8:25   ` Sagi Grimberg
2023-08-03 10:51 ` [PATCH 12/14] nvmet-tcp: allocate socket file Hannes Reinecke
2023-08-07  8:27   ` Sagi Grimberg
2023-08-07  8:49     ` Hannes Reinecke
2023-08-07  8:53       ` Sagi Grimberg
2023-08-07  9:17         ` Hannes Reinecke
2023-08-07 10:42           ` Sagi Grimberg
2023-08-08  6:08             ` Hannes Reinecke
2023-08-08  8:44               ` Sagi Grimberg
2023-08-03 10:51 ` [PATCH 13/14] nvmet-tcp: enable TLS handshake upcall Hannes Reinecke
2023-08-07  8:51   ` Sagi Grimberg
2023-08-07  9:15     ` Hannes Reinecke
2023-08-07 11:49       ` Sagi Grimberg
2023-08-08  6:16         ` Hannes Reinecke
2023-08-03 10:51 ` Hannes Reinecke [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7279c994abd dfblob:e2db573d68d )
 OR (
bs:"[PATCH 14/14] nvmet-tcp: control messages for recvmsg()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230803105102.30949-15-hare@suse.de \
    --to=hare@suse.de \
    --cc=hch@lst.de \
    --cc=kbusch@kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=sagi@grimberg.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox