Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1119642rwb; Thu, 1 Dec 2022 12:39:56 -0800 (PST) X-Google-Smtp-Source: AA0mqf5NLHuPog+YSH4pgF2FHbPdh7navNyVi9ZH6xV6t+2Yri4vqWxeLwNRgu0QP0yR34Orx1P4 X-Received: by 2002:a17:903:40c5:b0:186:738e:5703 with SMTP id t5-20020a17090340c500b00186738e5703mr61398724pld.136.1669927195912; Thu, 01 Dec 2022 12:39:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669927195; cv=none; d=google.com; s=arc-20160816; b=RxTX3yf0bMYGosDWNu0NSasiyY03HwgayGFR7GdtYTB7gct5hZ4+RbCtG862ZLyT60 uQQKiVDjcYowSWolZeSUP9Af1huOZ0AtvcFcRfySJgReLbequ3PVQaZ+22+VXgVoc2i0 5BcMyHt9MXJG3QcARo3me2xq1AmGm36sqqFei51PgZxtwA+dsl+bawh/ZtwN05XGQ6X6 o/myHy+24k73YDijOc5tOII2UiI7OI+p7VZrJ/izg5cwt9AgkzBiG8HKQVjN4nmgQMC9 KQqRbklrVxt3GHMJh77Zk3pSmQwZ5DxZlKXSylWdTcIpYBUYb1Fm/zt44VkrM5Wjo7FN /q+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=XakWQVkH9474LVaYgKMwnUxbaUgmjE7EAkkJC1goNog=; b=RM1IPKPo/Gd9jrw8hqrPwF6WzYWhTpFoiflodDRldzlLUMeAD86E5+M+Y1SS1xEn6r jNuEoptHIPQRPF4w03/Tar0T8X3Q7Xc6E9nRtLct2G8Vqto1Nvvgx0KcpyCzENQPBtyg PjWvwdxWzL4H0QjqXGbeMyLRGsEYd99QTzeS+cJkWbDounrGmKSMpA4LtDN2h26qJaSD q1+N8u9W7ElZtihDC6KV9EYnd7V/jDFKDY0oB/QkPwZR7eemYdBK0CUDTDdntB0PT8NH RZZLJGDdTRc0g/4gFhc4LGOE1CXtvxLvQimtxHbS5zn0q4LCZBM8rnm4U3lu47KOSOPR Jrwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=UERxYLpk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q9-20020a170902a3c900b0018981c84015si5054862plb.10.2022.12.01.12.39.45; Thu, 01 Dec 2022 12:39:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=UERxYLpk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229669AbiLATjE (ORCPT + 82 others); Thu, 1 Dec 2022 14:39:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229727AbiLATjC (ORCPT ); Thu, 1 Dec 2022 14:39:02 -0500 Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EE0CC9C619 for ; Thu, 1 Dec 2022 11:38:57 -0800 (PST) Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-3b10392c064so28171757b3.0 for ; Thu, 01 Dec 2022 11:38:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XakWQVkH9474LVaYgKMwnUxbaUgmjE7EAkkJC1goNog=; b=UERxYLpkqS4k9Ed3FNI5otOShDe6R6jHfsar2pSBef2+3coMLDt76z8xyuB/svcfFF JgSxng+DsuC9wJjOFGDmKF6f2sVqnKOXmNLncYtqdarC/IH2s3sSEIL0EguWBpqhM8zY P6Nw9Xc2qa59th4XoEkRXSnz0sEhr3O9Ov88gvtQI+IOAHf6va7AlrGitjuZvZ9p/mMT EVG5rvWPn6doD/js9rzu/S8zKesqrl5+FCWuzR/OJ9wss0KvH6k4opLWsqmuCQ7wilSb 7gHy80g3oQ2H7Y9WUf/AGoSa9GxXsS6+4cEDfop6WwwL746GkrKBMv7U7B0I7hZDZ+sl Pw4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XakWQVkH9474LVaYgKMwnUxbaUgmjE7EAkkJC1goNog=; b=my5jZS/bTAaSrC1btTJO7RQA7haiikkWksH2adG7I2znNDlShdHS907OdXmMKwPC0R WOvu/4nW9hJza43YOXQuiJZOj68S5MdPcL2aRJyKRDEwBvUddNA63CtB2fK+ECpUgjgt va3+ZDCe5McF02KjEFnzQ3w200tGiwkxvGCoenoTz/OYPlF4ywq4rP5/Ytb2gaKHpXzQ FGjwfGvaHLBbNEStRClyhG2f/MAIMWACXblmtIaluG7qj/+Qspr2GAZO6/1qSwsBWBaZ WYAYGd8cKPIWs0oHmxydtYmMqkd5nSZBxBnMQj5cH4W15vPfV3bC18cTznPT9jeIAp0G 5Zhw== X-Gm-Message-State: ANoB5plYixk0vt2xFiv2YxpOdt+S5HhPwkxuFeeBmfAbGpP9PD/U/NGP j8fGtOtVFuBj0IByPRVHdD59lqr4EhmpGQlfKXTpKg== X-Received: by 2002:a05:690c:a92:b0:36c:aaa6:e571 with SMTP id ci18-20020a05690c0a9200b0036caaa6e571mr63338613ywb.467.1669923536844; Thu, 01 Dec 2022 11:38:56 -0800 (PST) MIME-Version: 1.0 References: <20221123173859.473629-1-dima@arista.com> <20221123173859.473629-4-dima@arista.com> In-Reply-To: <20221123173859.473629-4-dima@arista.com> From: Eric Dumazet Date: Thu, 1 Dec 2022 20:38:44 +0100 Message-ID: Subject: Re: [PATCH v6 3/5] net/tcp: Disable TCP-MD5 static key on tcp_md5sig_info destruction To: Dmitry Safonov Cc: linux-kernel@vger.kernel.org, David Ahern , Peter Zijlstra , Ard Biesheuvel , Bob Gilligan , "David S. Miller" , Dmitry Safonov <0x7f454c46@gmail.com>, Francesco Ruggeri , Hideaki YOSHIFUJI , Jakub Kicinski , Jason Baron , Josh Poimboeuf , Paolo Abeni , Salam Noureddine , Steven Rostedt , netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 23, 2022 at 6:39 PM Dmitry Safonov wrote: > > To do that, separate two scenarios: > - where it's the first MD5 key on the system, which means that enabling > of the static key may need to sleep; > - copying of an existing key from a listening socket to the request > socket upon receiving a signed TCP segment, where static key was > already enabled (when the key was added to the listening socket). > > Now the life-time of the static branch for TCP-MD5 is until: > - last tcp_md5sig_info is destroyed > - last socket in time-wait state with MD5 key is closed. > > Which means that after all sockets with TCP-MD5 keys are gone, the > system gets back the performance of disabled md5-key static branch. > > While at here, provide static_key_fast_inc() helper that does ref > counter increment in atomic fashion (without grabbing cpus_read_lock() > on CONFIG_JUMP_LABEL=y). This is needed to add a new user for > a static_key when the caller controls the lifetime of another user. > > Signed-off-by: Dmitry Safonov > Acked-by: Jakub Kicinski Reviewed-by: Eric Dumazet