Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1386690rwd; Thu, 15 Jun 2023 09:49:49 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5LQJET84nCPDn3kvjDCem7eaqZs6s8X4C/NKbRrxKDI9Zswuc/KnjBARDbN2qTL5+vEcgP X-Received: by 2002:a05:6808:3014:b0:399:8529:672c with SMTP id ay20-20020a056808301400b003998529672cmr15253360oib.33.1686847788947; Thu, 15 Jun 2023 09:49:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686847788; cv=none; d=google.com; s=arc-20160816; b=L3OzZxtXC6wc+U/2Zwf0BXrTrJgxBiaUEadkBuGa2PYGIFRYXY974yCkydIktTvncC 1lZhNXXbNa7TlCxmg1Zi4q7TTkw+nJScgDdaHPTgMM+7rvnIExnoJbvurqND5CFykeG1 YOMf6CcnOgGPgBtpNTrD/wSspIk2W+WIveyWmWvRdRICMJ4qIwmvIYQRbGXr+t6q/rPN 2zuDJXydXiSF1VLnxivkAewz9jayXjaQVLeNLy+kLa3BgqTtTXQFzc1y4n7R4Rk+xXiq q4v8C8rW/sfgVev6Dq8Kk3IWwZX6s3QfX/hwD2ZuTQtWlRchgJxTtRQMmwVWQBUMuWL1 K2cA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=iTvO1ofEFZkX2L+3srAV8TMv0rP6MBqsvVOXrpHnSKY=; b=txWOIzIBLN0VKay54fQxODiVYhRClZeiYj6Mc1IQTQYuQvLow3u4lfNzAuCTqHlBJr pvd7lRh4JbUHgciwRCMiZLmwIig5DiRT3WaECKn3O3Lhk2X5ChHdJxOR2D1Ms1F/2lBG gI7n9l71XLTILFNXiBnD70HYJPqAtHP0vxmUDdAjA8iw1EQa+jRnnn4t9P5JeXiv2Tj+ Meso3rCOePVOKIpeWbu7bft8PLchUVIUHR6OsJrGcMPWP+o2eqrepaSJTHHWL44r1Tjf DxiHamHzgYIIfjgZg76ZfU1IFCZoVybfzi456H6WndZns6j34jBafY94dl1QHanQkl6l nA4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=NACQDV93; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r21-20020a632b15000000b0051b32aa267asi13160981pgr.671.2023.06.15.09.49.36; Thu, 15 Jun 2023 09:49:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=NACQDV93; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236509AbjFOQoq (ORCPT + 99 others); Thu, 15 Jun 2023 12:44:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42828 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237138AbjFOQoX (ORCPT ); Thu, 15 Jun 2023 12:44:23 -0400 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E11A2D4E for ; Thu, 15 Jun 2023 09:44:21 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-3f8cc04c278so20458325e9.0 for ; Thu, 15 Jun 2023 09:44:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1686847459; x=1689439459; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=iTvO1ofEFZkX2L+3srAV8TMv0rP6MBqsvVOXrpHnSKY=; b=NACQDV93NhQZI5WKTGNSxOdFtrlCCWlIOCTxU1CFVRJl98IMrtHfF/NFdhZtslzLJ3 OglZlAffARJZfpgrQlb9HSE4iwaEsmUMIMLCw9D87J8NCGvpQdGmMhENRAHlAUAsXCUG MiUijnnExwpzcncaKzP2N9FCnFL4t+76ofaOCa58JbIxHDgyHcpHkXoYgaxYxTnQPBxX ihC/sAqBA5H0pFb07NJ0emx9UFoKKkUJWDN8x+ZL8iTJxZ7GdZ2EKjB9JrlmslWcA9Nv PxeKeAyaZkD7tU9Bo4bHMOuMA+ysgdXO/WBIp3rt+yGengcQIVnOa6rBrQJ4vjWMCoj5 zNsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686847459; x=1689439459; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iTvO1ofEFZkX2L+3srAV8TMv0rP6MBqsvVOXrpHnSKY=; b=Bk5nmzLrLjFXteYiaHJaWyAA+X5RgL/T2aQbWMm3Cs7KVkq17UeAY1R7nwlH55ftZS o7I0Ov5271OInaeHrumTAxxe6KUgmv02vg/k+QgrPbw/LkI3uwSZI2fM6aNXCtCSGsLD 73aI478Sw0zFuSsaI2JUg1HPIRn9HKZVI2qJJyVvqt3j3dlFRYD9Nm4awRcn4m3fH18/ faREvgwqxgH3LRtfeoigG3AoJ50OWp/TwyYyvWVnKoJfCszyYsXO9CsgyFqEuGULqEpV DwBVTdycfBpia3JbBmWCO6hVhoEVcnp6BxYLddRddP4e9Ab3UC3zbaXbqMspapyotpcK LhZg== X-Gm-Message-State: AC+VfDwuXFMEx1USkwpAyogAHSrwV/7WDj5VRlMsFiIXGh8V3BkkjWcp 4JHxCJplSoqUgGJFj79LpShZBA== X-Received: by 2002:a05:600c:24c:b0:3f8:c8d1:b6de with SMTP id 12-20020a05600c024c00b003f8c8d1b6demr6520693wmj.15.1686847459649; Thu, 15 Jun 2023 09:44:19 -0700 (PDT) Received: from [10.83.37.24] ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id z8-20020a05600c220800b003f8db429095sm4739944wml.28.2023.06.15.09.44.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 15 Jun 2023 09:44:18 -0700 (PDT) Message-ID: <21845b01-a915-d80a-8b87-85c6987c7691@arista.com> Date: Thu, 15 Jun 2023 17:44:17 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH v7 01/22] net/tcp: Prepare tcp_md5sig_pool for TCP-AO Content-Language: en-US To: Steen Hegelund Cc: David Ahern , Eric Dumazet , Paolo Abeni , Jakub Kicinski , "David S. Miller" , linux-kernel@vger.kernel.org, Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , Dan Carpenter , David Laight , Dmitry Safonov <0x7f454c46@gmail.com>, Donald Cassidy , Eric Biggers , "Eric W. Biederman" , Francesco Ruggeri , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Leonard Crestez , Salam Noureddine , netdev@vger.kernel.org References: <20230614230947.3954084-1-dima@arista.com> <20230614230947.3954084-2-dima@arista.com> <255b4de132365501c6e1e97246c30d9729860546.camel@microchip.com> From: Dmitry Safonov In-Reply-To: <255b4de132365501c6e1e97246c30d9729860546.camel@microchip.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Steen, On 6/15/23 11:45, Steen Hegelund wrote: > Hi Dmitry, > > On Thu, 2023-06-15 at 00:09 +0100, Dmitry Safonov wrote: [..] >> +/** >> + * tcp_sigpool_alloc_ahash - allocates pool for ahash requests >> + * @alg: name of async hash algorithm >> + * @scratch_size: reserve a tcp_sigpool::scratch buffer of this size >> + */ >> +int tcp_sigpool_alloc_ahash(const char *alg, size_t scratch_size) >> +{ >> +       int i, ret; >> + >> +       /* slow-path */ >> +       mutex_lock(&cpool_mutex); >> +       ret = sigpool_reserve_scratch(scratch_size); >> +       if (ret) >> +               goto out; >> +       for (i = 0; i < cpool_populated; i++) { >> +               if (!cpool[i].alg) >> +                       continue; >> +               if (strcmp(cpool[i].alg, alg)) >> +                       continue; >> + >> +               if (kref_read(&cpool[i].kref) > 0) >> +                       kref_get(&cpool[i].kref); >> +               else >> +                       kref_init(&cpool[i].kref); >> +               ret = i; >> +               goto out; >> +       } > > Here it looks to me like you will never get to this part of the code since you > always end up going to the out label in the previous loop. Well, not exactly: this part is looking if the crypto algorithm is already in this pool, so that it can increment refcounter rather than initialize a new tfm. In case strcmp(cpool[i].alg, alg) fails, this loop will never goto out. I.e., you issued previously setsockopt()s for TCP-MD5 and TCP-AO with HMAC-SHA1, so in this pool there'll be two algorithms: "md5" and "hmac(sha1)". Now if you want to use TCP-AO with "cmac(aes128)" or "hmac(sha256)", you won't find them in the pool yet. > >> + >> +       for (i = 0; i < cpool_populated; i++) { >> +               if (!cpool[i].alg) >> +                       break; >> +       } >> +       if (i >= CPOOL_SIZE) { >> +               ret = -ENOSPC; >> +               goto out; >> +       } >> + >> +       ret = __cpool_alloc_ahash(&cpool[i], alg); >> +       if (!ret) { >> +               ret = i; >> +               if (i == cpool_populated) >> +                       cpool_populated++; >> +       } >> +out: >> +       mutex_unlock(&cpool_mutex); >> +       return ret; >> +} >> +EXPORT_SYMBOL_GPL(tcp_sigpool_alloc_ahash); >> + > > ... snip ... > > >>  clear_hash: >> -       tcp_put_md5sig_pool(); >> -clear_hash_noput: >> +       tcp_sigpool_end(&hp); >> +clear_hash_nostart: >>         memset(md5_hash, 0, 16); >>         return 1; >>  } Thanks, Dmitry