Re: [PATCH v10 2/4] net/handshake: Create a NETLINK service for handling handshake requests

[Nathan Chancellor <nathan@kernel.org>]

Hi Chuck,

On Mon, Apr 17, 2023 at 10:32:26AM -0400, Chuck Lever wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> 
> When a kernel consumer needs a transport layer security session, it
> first needs a handshake to negotiate and establish a session. This
> negotiation can be done in user space via one of the several
> existing library implementations, or it can be done in the kernel.
> 
> No in-kernel handshake implementations yet exist. In their absence,
> we add a netlink service that can:
> 
> a. Notify a user space daemon that a handshake is needed.
> 
> b. Once notified, the daemon calls the kernel back via this
>    netlink service to get the handshake parameters, including an
>    open socket on which to establish the session.
> 
> c. Once the handshake is complete, the daemon reports the
>    session status and other information via a second netlink
>    operation. This operation marks that it is safe for the
>    kernel to use the open socket and the security session
>    established there.
> 
> The notification service uses a multicast group. Each handshake
> mechanism (eg, tlshd) adopts its own group number so that the
> handshake services are completely independent of one another. The
> kernel can then tell via netlink_has_listeners() whether a handshake
> service is active and prepared to handle a handshake request.
> 
> A new netlink operation, ACCEPT, acts like accept(2) in that it
> instantiates a file descriptor in the user space daemon's fd table.
> If this operation is successful, the reply carries the fd number,
> which can be treated as an open and ready file descriptor.
> 
> While user space is performing the handshake, the kernel keeps its
> muddy paws off the open socket. A second new netlink operation,
> DONE, indicates that the user space daemon is finished with the
> socket and it is safe for the kernel to use again. The operation
> also indicates whether a session was established successfully.
> 
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
...
>  net/handshake/netlink.c                    |  312 ++++++++++++++++++++++++++
...
> +static struct pernet_operations __net_initdata handshake_genl_net_ops = {
> +	.init		= handshake_net_init,
> +	.exit		= handshake_net_exit,
> +	.id		= &handshake_net_id,
> +	.size		= sizeof(struct handshake_net),
> +};
...
> +static void __exit handshake_exit(void)
> +{
> +	unregister_pernet_subsys(&handshake_genl_net_ops);
> +	handshake_net_id = 0;
> +
> +	handshake_req_hash_destroy();
> +	genl_unregister_family(&handshake_nl_family);
> +}
> +
> +module_init(handshake_init);
> +module_exit(handshake_exit);

I am not sure if this has been reported yet but it appears this
introduces a section mismatch warning in several configurations
according to KernelCI:

https://lore.kernel.org/6441748e.170a0220.531bd.8013@mx.google.com/

  $ make -skj"$(nproc)" ARCH=mips CROSS_COMPILE=mips-linux- O=build jazz_defconfig all
  ...
  WARNING: modpost: vmlinux.o: section mismatch in reference: handshake_exit (section: .exit.text) -> handshake_genl_net_ops (section: .init.data)

I guess '__net_initdata' should be dropped from handshake_genl_net_ops?

Cheers,
Nathan