Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1615157rwb;
        Thu, 1 Dec 2022 21:29:55 -0800 (PST)
X-Google-Smtp-Source: AA0mqf5b1zokk83sOYSJfiBI1MiJ+fHGlHjQ7KJRHaT1w4gFv+NIijajyu5U4u8+t+2SZBVyslGq
X-Received: by 2002:a63:a0f:0:b0:477:af25:387b with SMTP id 15-20020a630a0f000000b00477af25387bmr40449286pgk.288.1669958994711;
        Thu, 01 Dec 2022 21:29:54 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669958994; cv=none;
        d=google.com; s=arc-20160816;
        b=EpgJAAz10+AgUWyGGaBQc2Ybv6PM23j1fqu4Kov+BtVQFbUyPtzT9xCueHtGwO+Lq2
         X/xIKEqBxJCb+wPrBofrildmR1NQD3it5soFJ4zd3BWSlM5nxRelwqo7LDk3s163VZPc
         ZaM7P44evqXCIALVD1M1pKfFMehNjt3jQEEoAPqTYKMCRx9FEiKyKB16wu4boCHR071L
         RK10Pv/jqimX61Tul0618xn9cPda6INla5Lvhlej9XgISrxPTSd4J11ga7pyIUOWIjdk
         BgXBzF8HAMAi7fpJo0Ivj4mYyqSqVz7tg7EY5o0GknKxbwvof0VtTIQ3M4ICTZNKz2O6
         fgvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=Vhe0TmBmcMpXBlfJ6TPbqd5wC4r2cqoonsCw7lEpw8w=;
        b=oYD5cOLghl6zWJVSIHu5Ulv0ZdA4z9r2tZZCEIbx1hb6lIjT3JrzGclVyUhMsuVnol
         xv6i6laX+LjCc+s2lBmt7JkQvBF2yqiAiRx8DWyK7bzyB68Z0fzLLlTRKIUbh8A5jR7f
         sIgH4BKoLk/W9YodoCUPpyOFRs2dhoDTX37EPnxfkKGkcw2F0U5K09NxYx0slYZhrhYV
         0zWi3xn6b5PthMuJy+8QTPihrZS0id53WBcWe1aXAJr6GfrVOFXtxxK0K8hymKksV5XT
         4MyLrec9GIX2zJlxuwoehBb7vpOaHt8B9rsxeHWPclEa7QAZa36QJwQjaU6L9RW+3hjE
         FMCw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="SP1VJ/q9";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id u10-20020a63454a000000b004776765cf3csi6087663pgk.605.2022.12.01.21.29.43;
        Thu, 01 Dec 2022 21:29:54 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="SP1VJ/q9";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230447AbiLBFFo (ORCPT <rfc822;2014014876lha@gmail.com>
        + 81 others); Fri, 2 Dec 2022 00:05:44 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42606 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231904AbiLBFFl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 2 Dec 2022 00:05:41 -0500
Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5EEFCFE57
        for <linux-kernel@vger.kernel.org>; Thu,  1 Dec 2022 21:05:40 -0800 (PST)
Received: by mail-yb1-xb2a.google.com with SMTP id c140so4722313ybf.11
        for <linux-kernel@vger.kernel.org>; Thu, 01 Dec 2022 21:05:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=Vhe0TmBmcMpXBlfJ6TPbqd5wC4r2cqoonsCw7lEpw8w=;
        b=SP1VJ/q9/KT7X5Cgea3OTjfkzFzENKi5KluDmlkz0dWtDcTRLPiMYS1k/kldX5gDLC
         NJX9aPJWSG7yOEMvLW0xz7KOoDkmAgeNgglXF+t7hBT89ZL3Mbsv1TcZoN6W5WWg7AFS
         2AS5N9Wb5dpFos2BFs7b8QAnBxqyL6HXJASbIMOrtolVnUzOg4jidbP/v09pk2n1ThVI
         kVUp2RRV9HiBb96RpKGlTKCDdiGNM/BdImF3a1TjfqmPciO4VgZ+u0fGgHMa2jx4uSnD
         9kzioZ/sFe3QHOaYq2y30dfKGbG75cWV/3MhJfayDAsWbtPfzFM2OseY52KmjiniEXPT
         8M+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Vhe0TmBmcMpXBlfJ6TPbqd5wC4r2cqoonsCw7lEpw8w=;
        b=AFY8QmmUESt67nax0IPgQlpBGFIVJr1ft0reqXtxLw9PXZiP0fXJr9zBUTaKuFlAsv
         0cBl2uWGhcG+dwan9DLWMkreIb9bMrUDdUNXYL8Xm6jLwChrELY5n4RtcGdibBhUjM51
         yBJp0d+DpGGO20GOAFVqV1GzSKYMWUiyJ6lf7tyQBQBtKBg3y6SXak1HiNtF4FwCup4J
         jB0qSSpmrje409bd5jLskViy3HDAe6lzKk/a5DxbaVUuJrT711mATq9Q2iNG/KG6yQfG
         MLgoVjnnOypFCOTWKvNfCKG4gAvDwFTMI5Hl1xJyn+nZlzlMIg5Who04OLYe2DhYYVYO
         WD0w==
X-Gm-Message-State: ANoB5pnU+/g3n08oi1NQADdV3PF9gulRudphh8gHUIb3xuLU42SamKHu
        OvED0HanvpxEjwE22zOvvkvFHYMHKf1ca6vamOBzL4abJwTeFSZs
X-Received: by 2002:a25:d655:0:b0:6fc:1c96:c9fe with SMTP id
 n82-20020a25d655000000b006fc1c96c9femr5314859ybg.36.1669957539732; Thu, 01
 Dec 2022 21:05:39 -0800 (PST)
MIME-Version: 1.0
References: <20221123173859.473629-1-dima@arista.com> <20221123173859.473629-4-dima@arista.com>
 <CANn89iJEYhTFsF8vqe6enE7d107HfXZvgxN=iLGQj21sx9gwcQ@mail.gmail.com>
In-Reply-To: <CANn89iJEYhTFsF8vqe6enE7d107HfXZvgxN=iLGQj21sx9gwcQ@mail.gmail.com>
From:   Eric Dumazet <edumazet@google.com>
Date:   Fri, 2 Dec 2022 06:05:28 +0100
Message-ID: <CANn89i+6dKFvBRHNyfSbZ6e+Azjz-x48D1um0qrKVRw0xoUquA@mail.gmail.com>
Subject: Re: [PATCH v6 3/5] net/tcp: Disable TCP-MD5 static key on
 tcp_md5sig_info destruction
To:     Dmitry Safonov <dima@arista.com>
Cc:     linux-kernel@vger.kernel.org, David Ahern <dsahern@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Ard Biesheuvel <ardb@kernel.org>,
        Bob Gilligan <gilligan@arista.com>,
        "David S. Miller" <davem@davemloft.net>,
        Dmitry Safonov <0x7f454c46@gmail.com>,
        Francesco Ruggeri <fruggeri@arista.com>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        Jakub Kicinski <kuba@kernel.org>,
        Jason Baron <jbaron@akamai.com>,
        Josh Poimboeuf <jpoimboe@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>,
        Salam Noureddine <noureddine@arista.com>,
        Steven Rostedt <rostedt@goodmis.org>, netdev@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Dec 1, 2022 at 8:38 PM Eric Dumazet <edumazet@google.com> wrote:
>
> On Wed, Nov 23, 2022 at 6:39 PM Dmitry Safonov <dima@arista.com> wrote:
> >
> > To do that, separate two scenarios:
> > - where it's the first MD5 key on the system, which means that enabling
> >   of the static key may need to sleep;
> > - copying of an existing key from a listening socket to the request
> >   socket upon receiving a signed TCP segment, where static key was
> >   already enabled (when the key was added to the listening socket).
> >
> > Now the life-time of the static branch for TCP-MD5 is until:
> > - last tcp_md5sig_info is destroyed
> > - last socket in time-wait state with MD5 key is closed.
> >
> > Which means that after all sockets with TCP-MD5 keys are gone, the
> > system gets back the performance of disabled md5-key static branch.
> >
> > While at here, provide static_key_fast_inc() helper that does ref
> > counter increment in atomic fashion (without grabbing cpus_read_lock()
> > on CONFIG_JUMP_LABEL=y). This is needed to add a new user for
> > a static_key when the caller controls the lifetime of another user.
> >
> > Signed-off-by: Dmitry Safonov <dima@arista.com>
> > Acked-by: Jakub Kicinski <kuba@kernel.org>
>
> Reviewed-by: Eric Dumazet <edumazet@google.com>

Hmm, I missed two kfree_rcu(key) calls, I will send the following fix:

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 7fae586405cfb10011a0674289280bf400dfa8d8..8320d0ecb13ae1e3e259f3c13a4c2797fbd984a5
100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1245,7 +1245,7 @@ int tcp_md5_do_add(struct sock *sk, const union
tcp_md5_addr *addr,

                        md5sig =
rcu_dereference_protected(tp->md5sig_info, lockdep_sock_is_held(sk));
                        rcu_assign_pointer(tp->md5sig_info, NULL);
-                       kfree_rcu(md5sig);
+                       kfree_rcu(md5sig, rcu);
                        return -EUSERS;
                }
        }
@@ -1271,7 +1271,7 @@ int tcp_md5_key_copy(struct sock *sk, const
union tcp_md5_addr *addr,
                        md5sig =
rcu_dereference_protected(tp->md5sig_info, lockdep_sock_is_held(sk));
                        net_warn_ratelimited("Too many TCP-MD5 keys in
the system\n");
                        rcu_assign_pointer(tp->md5sig_info, NULL);
-                       kfree_rcu(md5sig);
+                       kfree_rcu(md5sig, rcu);
                        return -EUSERS;
                }
        }