From: Chuck Lever <cel@kernel.org>
To: john.fastabend@gmail.com, kuba@kernel.org, sd@queasysnail.net
Cc: netdev@vger.kernel.org, kernel-tls-handshake@lists.linux.dev,
Chuck Lever <chuck.lever@oracle.com>,
Hannes Reinecke <hare@suse.de>
Subject: [PATCH net-next v6 1/6] tls: Purge async_hold in tls_decrypt_async_wait()
Date: Thu, 26 Mar 2026 09:50:46 -0400 [thread overview]
Message-ID: <20260326-tls-read-sock-v6-1-fd887b9e7f06@oracle.com> (raw)
In-Reply-To: <20260326-tls-read-sock-v6-0-fd887b9e7f06@oracle.com>
From: Chuck Lever <chuck.lever@oracle.com>
The async_hold queue pins encrypted input skbs while
the AEAD engine references their scatterlist data. Once
tls_decrypt_async_wait() returns, every AEAD operation
has completed and the engine no longer references those
skbs, so they can be freed unconditionally.
A subsequent patch adds batch async decryption to
tls_sw_read_sock(), introducing a new call site that
must drain pending AEAD operations and release held
skbs. Move __skb_queue_purge(&ctx->async_hold) into
tls_decrypt_async_wait() so the purge is centralized
and every caller -- recvmsg's drain path, the -EBUSY
fallback in tls_do_decryption(), and the new read_sock
batch path -- releases held skbs on synchronization
without each site managing the purge independently.
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
net/tls/tls_sw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index a656ce235758..20f8fc84c5f5 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -246,6 +246,7 @@ static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx)
crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
atomic_inc(&ctx->decrypt_pending);
+ __skb_queue_purge(&ctx->async_hold);
return ctx->async_wait.err;
}
@@ -2224,7 +2225,6 @@ int tls_sw_recvmsg(struct sock *sk,
/* Wait for all previously submitted records to be decrypted */
ret = tls_decrypt_async_wait(ctx);
- __skb_queue_purge(&ctx->async_hold);
if (ret) {
if (err >= 0 || err == -EINPROGRESS)
--
2.53.0
next prev parent reply other threads:[~2026-03-26 13:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 13:50 [PATCH net-next v6 0/6] TLS read_sock performance scalability Chuck Lever
2026-03-26 13:50 ` Chuck Lever [this message]
2026-03-26 13:50 ` [PATCH net-next v6 2/6] tls: Abort the connection on decrypt failure Chuck Lever
2026-03-26 13:50 ` [PATCH net-next v6 3/6] tls: Fix dangling skb pointer in tls_sw_read_sock() Chuck Lever
2026-03-26 13:50 ` [PATCH net-next v6 4/6] tls: Factor tls_strp_msg_release() from tls_strp_msg_done() Chuck Lever
2026-03-26 13:50 ` [PATCH net-next v6 5/6] tls: Suppress spurious saved_data_ready on all receive paths Chuck Lever
2026-03-26 13:50 ` [PATCH net-next v6 6/6] tls: Flush backlog before waiting for a new record Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260326-tls-read-sock-v6-1-fd887b9e7f06@oracle.com \
--to=cel@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=hare@suse.de \
--cc=john.fastabend@gmail.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox