From: Rouven Czerwinski <r.czerwinski@pengutronix.de>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Aviad Yehezkel <aviadye@mellanox.com>,
Boris Pismenny <borisp@mellanox.com>,
Daniel Borkmann <daniel@iogearbox.net>,
netdev@vger.kernel.org, John Fastabend <john.fastabend@gmail.com>,
linux-kernel@vger.kernel.org, kernel@pengutronix.de,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH v2 net-next] net/tls: allow MSG_CMSG_COMPAT in sendmsg
Date: Fri, 07 Aug 2020 10:26:54 +0200 [thread overview]
Message-ID: <b55718ad4e675ed9a9c3eb1c5d952945f8b20c7a.camel@pengutronix.de> (raw)
In-Reply-To: <20200806114657.42f1ce8c@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
On Thu, 2020-08-06 at 11:46 -0700, Jakub Kicinski wrote:
> On Thu, 6 Aug 2020 08:49:06 +0200 Rouven Czerwinski wrote:
> > Trying to use ktls on a system with 32-bit userspace and 64-bit
> > kernel
> > results in a EOPNOTSUPP message during sendmsg:
> >
> > setsockopt(3, SOL_TLS, TLS_TX, …, 40) = 0
> > sendmsg(3, …, msg_flags=0}, 0) = -1 EOPNOTSUPP (Operation not
> > supported)
> >
> > The tls_sw implementation does strict flag checking and does not
> > allow
> > the MSG_CMSG_COMPAT flag, which is set if the message comes in
> > through
> > the compat syscall.
> >
> > This patch adds MSG_CMSG_COMPAT to the flag check to allow the
> > usage of
> > the TLS SW implementation on systems using the compat syscall path.
> >
> > Note that the same check is present in the sendmsg path for the TLS
> > device implementation, however the flag hasn't been added there for
> > lack
> > of testing hardware.
> >
> > Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
>
> I don't know much about the compat stuff, I trust our cmsg handling
> is
> fine?
>
> Just to be sure - did you run tools/testing/selftests/net/tls ?
After some pains to get this to correctly compile I have two failing
tests, both for multi_chunk_sendfile:
root@192:~ /usr/lib/kselftest/net/tls
[==========] Running 93 tests from 4 test cases.
…
[ RUN ] tls.12.multi_chunk_sendfile
multi_chunk_sendfile: Test terminated by timeout
[ FAIL ] tls.12.multi_chunk_sendfile
…
[ RUN ] tls.13.multi_chunk_sendfile
multi_chunk_sendfile: Test terminated by timeout
[ FAIL ] tls.13.multi_chunk_sendfile
…
[==========] 91 / 93 tests passed.
[ FAILED ]
Looks like the test is hanging within the recv, strace output:
write(1, "[ RUN ] tls.12.multi_chunk_"..., 41[ RUN ] tls.12.multi_chunk_sendfile
) = 41
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDstrace: Process 674 attached
, child_tidptr=0xf7e557b8) = 674
[pid 668] rt_sigaction(SIGALRM, {sa_handler=0x4b77d9, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0xf7d61a71}, <unfinished ...>
[pid 674] socket(AF_INET, SOCK_STREAM, IPPROTO_IP <unfinished ...>
[pid 668] <... rt_sigaction resumed>{sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0xf7d61a61}, 8) = 0
[pid 674] <... socket resumed>) = 3
[pid 668] setitimer(ITIMER_REAL, {it_interval={tv_sec=0, tv_usec=0}, it_value={tv_sec=30, tv_usec=0}}, <unfinished ...>
[pid 674] socket(AF_INET, SOCK_STREAM, IPPROTO_IP <unfinished ...>
[pid 668] <... setitimer resumed>{it_interval={tv_sec=0, tv_usec=0}, it_value={tv_sec=0, tv_usec=0}}) = 0
[pid 674] <... socket resumed>) = 4
[pid 668] wait4(674, <unfinished ...>
[pid 674] bind(4, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[pid 674] listen(4, 10) = 0
[pid 674] getsockname(4, {sa_family=AF_INET, sin_port=htons(48719), sin_addr=inet_addr("0.0.0.0")}, [16]) = 0
[pid 674] connect(3, {sa_family=AF_INET, sin_port=htons(48719), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
[pid 674] setsockopt(3, SOL_TCP, TCP_ULP, [7564404], 4) = 0
[pid 674] setsockopt(3, SOL_TLS, TLS_TX, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0
[pid 674] accept(4, {sa_family=AF_INET, sin_port=htons(33780), sin_addr=inet_addr("127.0.0.1")}, [16]) = 5 [pid 674] setsockopt(5, SOL_TCP, TCP_ULP, [7564404], 4) = 0
[pid 674] setsockopt(5, SOL_TLS, TLS_RX, "\3\0033\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 40) = 0
[pid 674] close(4) = 0 [pid 674] clock_gettime(CLOCK_MONOTONIC, {tv_sec=922, tv_nsec=578176800}) = 0
[pid 674] getpid() = 674
[pid 674] openat(AT_FDCWD, "/tmp/mytemp.8TBuLa", O_RDWR|O_CREAT|O_EXCL, 0600) = 4 [pid 674] unlink("/tmp/mytemp.8TBuLa") = 0
[pid 674] write(4, "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1"..., 8192) = 8192
[pid 674] fsync(4) = 0 [pid 674] sendfile(3, 4, [0] => [4096], 4096) = 4096
[pid 674] sendfile(3, 4, [4096] => [8192], 4096) = 4096
[pid 674] recv(5, "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1"..., 8192, MSG_WAITALL) = 8192 [pid 674] close(4) = 0
[pid 674] clock_gettime(CLOCK_MONOTONIC, {tv_sec=922, tv_nsec=579166200}) = 0
[pid 674] getpid() = 674 [pid 674] openat(AT_FDCWD, "/tmp/mytemp.yfOW98", O_RDWR|O_CREAT|O_EXCL, 0600) = 4
[pid 674] unlink("/tmp/mytemp.yfOW98") = 0
[pid 674] write(4, "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1"..., 4096) = 4096 [pid 674] fsync(4) = 0
[pid 674] sendfile(3, 4, [0] => [4096], 4096) = 4096
[pid 674] recv(5, "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1"..., 4096, MSG_WAITALL) = 4096
[pid 674] close(4) = 0
[pid 674] clock_gettime(CLOCK_MONOTONIC, {tv_sec=922, tv_nsec=579828840}) = 0
[pid 674] getpid() = 674
[pid 674] openat(AT_FDCWD, "/tmp/mytemp.90qtNb", O_RDWR|O_CREAT|O_EXCL, 0600) = 4
[pid 674] unlink("/tmp/mytemp.90qtNb") = 0
[pid 674] write(4, "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1"..., 4097) = 4097
[pid 674] fsync(4) = 0
[pid 674] sendfile(3, 4, [0] => [4096], 4096) = 4096
[pid 674] sendfile(3, 4, [4096] => [4097], 4096) = 1
[pid 674] recv(5, <unfinished ...>
[pid 668] <... wait4 resumed>0xffa225b8, 0, NULL) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 668] --- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---
[pid 668] kill(674, SIGKILL) = 0
[pid 674] <... recv resumed>"", 4097, MSG_WAITALL) = 0
[pid 668] rt_sigreturn({mask=[]}) = -1 EINTR (Interrupted system call)
[pid 668] setitimer(ITIMER_REAL, {it_interval={tv_sec=0, tv_usec=0}, it_value={tv_sec=0, tv_usec=0}}, {it_interval={tv_sec=0, tv_usec=0}, it_value={tv_sec=0, tv_usec=0}}) = 0
[pid 668] rt_sigaction(SIGALRM, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0xf7d61a61}, NULL, 8) = 0
[pid 668] write(2, "multi_chunk_sendfile: Test termi"..., 49 <unfinished ...>
[pid 674] +++ killed by SIGKILL +++
<... write resumed>) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=674, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} ---
write(2, "multi_chunk_sendfile: Test termi"..., 49multi_chunk_sendfile: Test terminated by timeout
) = 49
write(1, "[ FAIL ] tls.12.multi_chunk_"..., 41[ FAIL ] tls.12.multi_chunk_sendfile
I'll look into the recv failure.
Regards,
Rouven
next prev parent reply other threads:[~2020-08-07 8:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-06 6:49 [PATCH v2 net-next] net/tls: allow MSG_CMSG_COMPAT in sendmsg Rouven Czerwinski
2020-08-06 18:46 ` Jakub Kicinski
2020-08-07 8:26 ` Rouven Czerwinski [this message]
2020-08-07 12:27 ` Rouven Czerwinski
2020-08-07 18:04 ` Jakub Kicinski
2020-08-08 0:41 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b55718ad4e675ed9a9c3eb1c5d952945f8b20c7a.camel@pengutronix.de \
--to=r.czerwinski@pengutronix.de \
--cc=aviadye@mellanox.com \
--cc=borisp@mellanox.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=john.fastabend@gmail.com \
--cc=kernel@pengutronix.de \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).