From: Chuck Lever <cel@kernel.org>
To: john.fastabend@gmail.com, kuba@kernel.org, sd@queasysnail.net
Cc: <netdev@vger.kernel.org>, <kernel-tls-handshake@lists.linux.dev>,
Chuck Lever <chuck.lever@oracle.com>,
Alistair Francis <alistair.francis@wdc.com>,
Hannes Reinecke <hare@suse.de>
Subject: [PATCH v1 3/6] tls: Suppress spurious saved_data_ready during read_sock
Date: Thu, 5 Mar 2026 16:13:59 -0500 [thread overview]
Message-ID: <20260305211402.39408-4-cel@kernel.org> (raw)
In-Reply-To: <20260305211402.39408-1-cel@kernel.org>
From: Chuck Lever <chuck.lever@oracle.com>
During tls_sw_read_sock(), each record release triggers
tls_strp_msg_done(), which calls back through the strparser into
saved_data_ready(). For a batch of N records, the first N-1
wakeups are pure overhead: the read_sock callback is already
running and will pick up subsequent records on the next iteration.
Remove the per-record wakeup from the record-release path by
introducing tls_rx_rec_release(), which calls
tls_strp_msg_release() instead of tls_strp_msg_done(). Factor
tls_rx_msg_ready() out of tls_strp_read_sock() so that parsing a
record no longer fires the callback directly, and introduce
tls_strp_check_rcv_quiet() for use in tls_rx_rec_wait(), which
parses queued data without notifying. A single
tls_strp_check_rcv() at the read_sock_end exit point fires at
most one notification, and only when data remains after the loop
exits.
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
net/tls/tls.h | 1 +
net/tls/tls_strp.c | 21 +++++++++++++++++++--
net/tls/tls_sw.c | 13 +++++++++++--
3 files changed, 31 insertions(+), 4 deletions(-)
diff --git a/net/tls/tls.h b/net/tls/tls.h
index a97f1acef31d..d58d86e8e43e 100644
--- a/net/tls/tls.h
+++ b/net/tls/tls.h
@@ -193,6 +193,7 @@ int tls_strp_init(struct tls_strparser *strp, struct sock *sk);
void tls_strp_data_ready(struct tls_strparser *strp);
void tls_strp_check_rcv(struct tls_strparser *strp);
+void tls_strp_check_rcv_quiet(struct tls_strparser *strp);
void tls_strp_msg_release(struct tls_strparser *strp);
void tls_strp_msg_done(struct tls_strparser *strp);
diff --git a/net/tls/tls_strp.c b/net/tls/tls_strp.c
index a7648ebde162..7b9f5051becb 100644
--- a/net/tls/tls_strp.c
+++ b/net/tls/tls_strp.c
@@ -368,7 +368,6 @@ static int tls_strp_copyin(read_descriptor_t *desc, struct sk_buff *in_skb,
desc->count = 0;
WRITE_ONCE(strp->msg_ready, 1);
- tls_rx_msg_ready(strp);
}
return ret;
@@ -539,11 +538,27 @@ static int tls_strp_read_sock(struct tls_strparser *strp)
return tls_strp_read_copy(strp, false);
WRITE_ONCE(strp->msg_ready, 1);
- tls_rx_msg_ready(strp);
return 0;
}
+/**
+ * tls_strp_check_rcv_quiet - parse without consumer notification
+ * @strp: TLS stream parser instance
+ *
+ * Parse queued data without firing the consumer notification. A subsequent
+ * tls_strp_check_rcv() is required before the socket lock is released;
+ * otherwise queued data stalls until the next tls_strp_data_ready() event.
+ */
+void tls_strp_check_rcv_quiet(struct tls_strparser *strp)
+{
+ if (unlikely(strp->stopped) || strp->msg_ready)
+ return;
+
+ if (tls_strp_read_sock(strp) == -ENOMEM)
+ queue_work(tls_strp_wq, &strp->work);
+}
+
void tls_strp_check_rcv(struct tls_strparser *strp)
{
if (unlikely(strp->stopped) || strp->msg_ready)
@@ -551,6 +566,8 @@ void tls_strp_check_rcv(struct tls_strparser *strp)
if (tls_strp_read_sock(strp) == -ENOMEM)
queue_work(tls_strp_wq, &strp->work);
+ else if (strp->msg_ready)
+ tls_rx_msg_ready(strp);
}
/* Lower sock lock held */
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 108d417dcfb7..a5905f4c1ae2 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1372,7 +1372,10 @@ tls_rx_rec_wait(struct sock *sk, struct sk_psock *psock, bool nonblock,
return ret;
if (!skb_queue_empty(&sk->sk_receive_queue)) {
- tls_strp_check_rcv(&ctx->strp);
+ /* tls_strp_check_rcv() is called on the read_sock_end
+ * path before the socket lock is released.
+ */
+ tls_strp_check_rcv_quiet(&ctx->strp);
if (tls_strp_msg_ready(ctx))
break;
}
@@ -1853,6 +1856,11 @@ static int tls_record_content_type(struct msghdr *msg, struct tls_msg *tlm,
return 1;
}
+static void tls_rx_rec_release(struct tls_sw_context_rx *ctx)
+{
+ tls_strp_msg_release(&ctx->strp);
+}
+
static void tls_rx_rec_done(struct tls_sw_context_rx *ctx)
{
tls_strp_msg_done(&ctx->strp);
@@ -2383,7 +2391,7 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
tlm = tls_msg(skb);
decrypted += rxm->full_len;
- tls_rx_rec_done(ctx);
+ tls_rx_rec_release(ctx);
}
/* read_sock does not support reading control messages */
@@ -2413,6 +2421,7 @@ int tls_sw_read_sock(struct sock *sk, read_descriptor_t *desc,
}
read_sock_end:
+ tls_strp_check_rcv(&ctx->strp);
tls_rx_reader_release(sk, ctx);
return copied ? : err;
--
2.53.0
next prev parent reply other threads:[~2026-03-05 21:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 21:13 [PATCH v1 0/6] TLS read_sock performance scalability Chuck Lever
2026-03-05 21:13 ` [PATCH v1 1/6] tls: Fix dangling skb pointer in tls_sw_read_sock() Chuck Lever
2026-03-05 22:19 ` Jakub Kicinski
2026-03-06 14:33 ` Chuck Lever
2026-03-05 21:13 ` [PATCH v1 2/6] tls: Factor tls_strp_msg_release() from tls_strp_msg_done() Chuck Lever
2026-03-05 21:13 ` Chuck Lever [this message]
2026-03-05 21:14 ` [PATCH v1 4/6] tls: Flush backlog before tls_rx_rec_wait in read_sock Chuck Lever
2026-03-05 21:14 ` [PATCH v1 5/6] tls: Restructure tls_sw_read_sock() into submit/deliver phases Chuck Lever
2026-03-05 21:14 ` [PATCH v1 6/6] tls: Enable batch async decryption in read_sock Chuck Lever
2026-03-10 3:14 ` [PATCH v1 0/6] TLS read_sock performance scalability Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260305211402.39408-4-cel@kernel.org \
--to=cel@kernel.org \
--cc=alistair.francis@wdc.com \
--cc=chuck.lever@oracle.com \
--cc=hare@suse.de \
--cc=john.fastabend@gmail.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox