Re: [PATCH net-next v7 0/5] TLS read_sock performance scalability

["Chuck Lever" <cel@kernel.org>]

On Sat, Mar 28, 2026, at 11:17 AM, Chuck Lever wrote:
> I'd like to encourage in-kernel kTLS consumers (i.e., NFS and
> NVMe/TCP) to coalesce on the use of read_sock. When I suggested
> this to Hannes, he reported a number of nagging performance
> scalability issues with read_sock. This series is an attempt to
> run these issues down and get them fixed before we convert the
> above sock_recvmsg consumers over to read_sock.
>
> Batch async decryption and its submit/deliver scaffolding were
> dropped from this series because async_capable is always false
> for TLS 1.3, which NFS and NVMe/TCP both require. Async crypto
> support for TLS 1.3 is a prerequisite for revisiting that work.
>
> ---
> Changes since v6:
> - Rebased on net-next, v5's 1/6 was merged upstream
>
> Changes since v5:
> - Patch 6: Set released = true when sk_flush_backlog() returns
>   true, so tls_strp_msg_load() knows the socket lock was
>   released (Sabrina)
> - Patch 6: Drop Fixes tag; submit bug fix separately via net
>   if warranted (Sabrina)
> - Patch 6: Note redundant flush on cold path in commit message
>   (Sabrina)
>
> Changes since v4:
> - Drop batch async decryption and submit/deliver restructure:
>   async_capable is always false for TLS 1.3, so the new code
>   was unreachable for NFS and NVMe/TCP
> - Purge async_hold directly in tls_decrypt_async_wait() and drop
>   the tls_decrypt_async_drain() wrapper
> - Merge tls_strp_check_rcv_quiet() into tls_strp_check_rcv() with
>   a bool wake parameter; fix lost wakeup on the recvmsg exit path
>
> Changes since v3:
> - Clarify why tls_decrypt_async_drain() is separate from _wait()
> - Fold tls_err_abort() into tls_rx_one_record(), drop tls_rx_decrypt_record()
> - Move backlog flush into tls_rx_rec_wait() so all RX paths benefit
>
> Changes since v2:
> - Fix short read self tests
>
> Changes since v1:
> - Add C11 reference
> - Extend data_ready reduction to recvmsg and splice
> - Restructure read_sock and recvmsg using shared helpers
>
> ---
> Chuck Lever (5):
>       tls: Abort the connection on decrypt failure
>       tls: Fix dangling skb pointer in tls_sw_read_sock()
>       tls: Factor tls_strp_msg_release() from tls_strp_msg_done()
>       tls: Suppress spurious saved_data_ready on all receive paths
>       tls: Flush backlog before waiting for a new record
>
>  net/tls/tls.h      |  4 ++--
>  net/tls/tls_main.c |  2 +-
>  net/tls/tls_strp.c | 42 +++++++++++++++++++++++++++++++-----------
>  net/tls/tls_sw.c   | 50 ++++++++++++++++++++++++++++++--------------------
>  4 files changed, 64 insertions(+), 34 deletions(-)
> ---
> base-commit: ced629dc8e5c51ff2b5d847adeeb1035cd655d58
> change-id: 20260317-tls-read-sock-a0022c9df265

I see that this series is currently not in v7.1. What is left to do?


-- 
Chuck Lever