From: Chuck Lever <cel@kernel.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: John Fastabend <john.fastabend@gmail.com>,
Sabrina Dubroca <sd@queasysnail.net>,
Eric Dumazet <edumazet@google.com>,
Simon Horman <horms@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, kernel-tls-handshake@lists.linux.dev,
Chuck Lever <chuck.lever@oracle.com>,
Hannes Reinecke <hare@suse.de>,
Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH net-next v9 0/5] TLS read_sock performance scalability
Date: Sun, 3 May 2026 21:34:01 +0200 [thread overview]
Message-ID: <2d2b5da3-3bfc-4882-8886-8f20b61254e3@kernel.org> (raw)
In-Reply-To: <20260502180415.0b0bf12b@kernel.org>
On 5/3/26 3:04 AM, Jakub Kicinski wrote:
> On Wed, 29 Apr 2026 17:48:07 -0400 Chuck Lever wrote:
>> I'd like to encourage in-kernel kTLS consumers (i.e., NFS and
>> NVMe/TCP) to coalesce on the use of read_sock. When I suggested
>> this to Hannes, he reported a few performance scalability issues
>> with read_sock.
>
> Meaning, this series achieves.. what right now?
> I mean - the headline is "performance scalability" and there's no
> performance testing result in any of the messages :S
> Patch 5 for instance "seems logical" but how much difference does
> it make?
The cover Subject: line has not been changed so all the revisions of
this series can be located easily.
The cover letter makes it clear that the series is now only a clean-up
series. Since async_capable is set to false for TLSv1.3, there is no
performance benefit to these changes, so I don't intend to post a
motivation for it based on performance.
>> However, batch async decryption and its
>> submit/deliver scaffolding were dropped from this series because
>> async_capable is always false for TLS 1.3, the TLS version that
>> NFS and NVMe/TCP both require. Async crypto support for TLS 1.3
>> is a prerequisite for revisiting that work.
>>
>> This series is now only a set of clean-ups. Support for async
>> has been deferred until after TLS KeyUpdate has been merged.
>
> What does "after TLS KeyUpdate has been merged" mean?
> KeyUpdate is supported.. You mean in NFS? Or in async?
We want to support TLS KeyUpdate in the in-kernel TLS consumers, which
include NFSD, the NFS client, the NVMe/TCP host, and the NVMe/TCP
target. There are two pre-requisites:
1. The in-kernel TLS consumers need to reliably and securely handle TLS
Alerts. That is coming in the next series I plan to post.
2. The TLS handshake upcall needs to handle KeyUpdate operations. That
is the series Alistair has been posting since forever, and is waiting
on getting this series and support for TLS Alerts merged into the
four in-kernel TLS consumers listed above.
> FTR async support is a major pain and we'd rather get rid of it
> (and switch away from cryto API) than extend it.
That would have been nice to know three months ago when I started work
on this series.
Is there nothing left to do here but drop this series? We'd really like
to get TLS KeyUpdate working for in-kernel TLS consumers, so anything
that can move this process forward is welcome.
--
Chuck Lever
next prev parent reply other threads:[~2026-05-03 19:34 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 21:48 [PATCH net-next v9 0/5] TLS read_sock performance scalability Chuck Lever
2026-04-29 21:48 ` [PATCH net-next v9 1/5] tls: Abort the connection on decrypt failure Chuck Lever
2026-05-03 1:20 ` Jakub Kicinski
2026-04-29 21:48 ` [PATCH net-next v9 2/5] tls: Fix dangling skb pointer in tls_sw_read_sock() Chuck Lever
2026-05-03 1:05 ` Jakub Kicinski
2026-04-29 21:48 ` [PATCH net-next v9 3/5] tls: Factor tls_strp_msg_release() from tls_strp_msg_done() Chuck Lever
2026-05-03 1:09 ` Jakub Kicinski
2026-04-29 21:48 ` [PATCH net-next v9 4/5] tls: Suppress spurious saved_data_ready on all receive paths Chuck Lever
2026-05-03 1:19 ` Jakub Kicinski
2026-04-29 21:48 ` [PATCH net-next v9 5/5] tls: Flush backlog before waiting for a new record Chuck Lever
2026-04-29 23:13 ` [PATCH net-next v9 0/5] TLS read_sock performance scalability Jakub Kicinski
2026-04-29 23:15 ` Chuck Lever
2026-05-03 1:04 ` Jakub Kicinski
2026-05-03 19:34 ` Chuck Lever [this message]
2026-05-04 13:33 ` Sabrina Dubroca
2026-05-04 15:59 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2d2b5da3-3bfc-4882-8886-8f20b61254e3@kernel.org \
--to=cel@kernel.org \
--cc=alistair.francis@wdc.com \
--cc=chuck.lever@oracle.com \
--cc=edumazet@google.com \
--cc=hare@suse.de \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kernel-tls-handshake@lists.linux.dev \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox