Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp1284750rwo; Wed, 2 Aug 2023 11:25:51 -0700 (PDT) X-Google-Smtp-Source: APBJJlERVeviq7cMz5BruvQ7swzipNputh7buQUpkuo5qvDrw/TSLOvUo4+KPBw86CWzG/A+B2Ne X-Received: by 2002:aa7:d7d1:0:b0:522:5980:ae08 with SMTP id e17-20020aa7d7d1000000b005225980ae08mr6454809eds.18.1691000751354; Wed, 02 Aug 2023 11:25:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691000751; cv=none; d=google.com; s=arc-20160816; b=0DDs4paWplbExu4p82hkMelkKIOZqG4qjYVHE981Kd2D58hWUznnr8eWM1lwdIya3f 1ol228pmA+c99g28uigHV9Yg5lD9e8CmV1DhpMoHHB7pa0HvQK9OmHBGGmC7nrTViGSY OcFyuuJGRc8KcjszXJA9cTPDIe+fUA5D/wLZN2HaFA1okbh5QBqFTcdPpt26805ZbHPQ wauTEzQ04KUegSEjRdmlcFvxTE33gqLHFdBXC6ZdMCjdBeWRvxX4A2r84cgofpGwSP1g FFX1zndt4wtckFqQFa8Kxnv6Ckw7pGCH3eKp+qRRhwZN+NfAexnT+8uKxFxqAFURjWeC vnag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=9bXzSAFf9UCvj45X1uAYegt5c9eZZ0ifPe4xyQWMuzQ=; fh=+1v2wpWL3SwC67MevmNFbsOkJ0jlpe0KMhkxFTuop+s=; b=raaGnvE3eJuyo9Q1rVCqvGDV88WRH3KgBeML+BfFIoZ4AOOYba4b1Bukcl/SL9etk1 /HzA+yy2rKPRM8w41R1WdOEBoBXfotbSF0BO7MyVRNNH9+0GUCVHRsObHaAWKsQWYEMX 5QfWD14q7/t+SQ3wVQIjDwFzQTuUL7wq4E9kseMlu+VTmUQDt55MOWNYnD6Xak0EoCn2 zb7zLl3Rpu3DnBYHevW5UbaDYQin5msGZ3tKTY2Bz8cxHkgQOc6t2dipfeV6cuFAobqx i+/MIbWRtEOpy+GKObvG52vxd0959Hz5GMUrubhJ2L9sfFvJWLN2HME1vsLK/jBu4kri LroA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=gRe3Zqrj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n17-20020a056402061100b0052229b7a96asi10371620edv.684.2023.08.02.11.25.26; Wed, 02 Aug 2023 11:25:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=google header.b=gRe3Zqrj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233451AbjHBR3o (ORCPT + 99 others); Wed, 2 Aug 2023 13:29:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233691AbjHBR2G (ORCPT ); Wed, 2 Aug 2023 13:28:06 -0400 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76ACD3AAC for ; Wed, 2 Aug 2023 10:27:39 -0700 (PDT) Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-3fe1d462762so1194795e9.0 for ; Wed, 02 Aug 2023 10:27:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1690997257; x=1691602057; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9bXzSAFf9UCvj45X1uAYegt5c9eZZ0ifPe4xyQWMuzQ=; b=gRe3ZqrjPppAVSXgp3IwiYjPhTxCzEFYJ71TAxtwnl0UIQpCVOv4Z4pgtk+Nc8kaI4 mW5EbdSr5HRJb3u9dt3KY6aHqv6Rz655siIE0LETSkd6NFJaFtCSRmeZc+umS26UTdxY NKZh+QES3X7Lulj9frzC5MqzGJclCW9rTOJE+5RFlzOzcjm1QLLegkwLyGQYB4wdIK4E 77nMi8vxaPUA2raqx12oS5V4Ow8uSkhhNiTGIoLrU81uxDDIX3tdsavtVfJWiRrAf97o meDAq9nIHjT6EX3SIX3LcpkEg5qz24Y54AvqiGO8RyIVDm3rIYS9zMnDHvAbcIxVQOCO PO+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690997257; x=1691602057; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9bXzSAFf9UCvj45X1uAYegt5c9eZZ0ifPe4xyQWMuzQ=; b=U7xe5bBzE29dR1QwVCKrdRjZh0qu+ke7eBTGSTybpY9eqGdpNyyBE4cjBEQKTQctG1 PFYj6nYmHiESqMuwiXJxwl7VeuELzrQhP9g3TPM4z2iKtygtgAX47bKbn6JxByzw3ybq o+ZiNe3GVDO2ja34P55hzRBdSu3kJSX7nzG6t7yVe17cv/Y2rOQTKYhjHYpYHUTyp9x7 cvujKV5Qb6zhfQpaUxrWYVYb7pHbRQvP/Je5pCr+Kle5ytHICPIqga0Qaj17/0Yjn6Zv U36q/WLJyirbZvqZsuJglLRVCxd+4gpAfpZYTqBxsMeurV0kLDiqTXtWVxxqvzp41pvq 8dwA== X-Gm-Message-State: ABy/qLbDqLB+vm5Mvhiq/BTrv/H6FKyZwNS5iqVorAImnqDa1zMKyrUm KHFJfMT54uQ4amxB3ae21eNKog== X-Received: by 2002:a05:600c:2949:b0:3fe:1cd8:acf3 with SMTP id n9-20020a05600c294900b003fe1cd8acf3mr5231547wmd.17.1690997257159; Wed, 02 Aug 2023 10:27:37 -0700 (PDT) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id q5-20020a1ce905000000b003fbc0a49b57sm2221770wmc.6.2023.08.02.10.27.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Aug 2023 10:27:36 -0700 (PDT) From: Dmitry Safonov To: David Ahern , Eric Dumazet , Paolo Abeni , Jakub Kicinski , "David S. Miller" Cc: linux-kernel@vger.kernel.org, Dmitry Safonov , Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , Dan Carpenter , David Laight , Dmitry Safonov <0x7f454c46@gmail.com>, Donald Cassidy , Eric Biggers , "Eric W. Biederman" , Francesco Ruggeri , "Gaillardetz, Dominik" , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Leonard Crestez , Salam Noureddine , "Tetreault, Francois" , netdev@vger.kernel.org Subject: [PATCH v9 net-next 19/23] net/tcp: Allow asynchronous delete for TCP-AO keys (MKTs) Date: Wed, 2 Aug 2023 18:26:46 +0100 Message-ID: <20230802172654.1467777-20-dima@arista.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230802172654.1467777-1-dima@arista.com> References: <20230802172654.1467777-1-dima@arista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Delete becomes very, very fast - almost free, but after setsockopt() syscall returns, the key is still alive until next RCU grace period. Which is fine for listen sockets as userspace needs to be aware of setsockopt(TCP_AO) and accept() race and resolve it with verification by getsockopt() after TCP connection was accepted. The benchmark results (on non-loaded box, worse with more RCU work pending): > ok 33 Worst case delete 16384 keys: min=5ms max=10ms mean=6.93904ms stddev=0.263421 > ok 34 Add a new key 16384 keys: min=1ms max=4ms mean=2.17751ms stddev=0.147564 > ok 35 Remove random-search 16384 keys: min=5ms max=10ms mean=6.50243ms stddev=0.254999 > ok 36 Remove async 16384 keys: min=0ms max=0ms mean=0.0296107ms stddev=0.0172078 Co-developed-by: Francesco Ruggeri Signed-off-by: Francesco Ruggeri Co-developed-by: Salam Noureddine Signed-off-by: Salam Noureddine Signed-off-by: Dmitry Safonov Acked-by: David Ahern --- include/uapi/linux/tcp.h | 3 ++- net/ipv4/tcp_ao.c | 21 ++++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/tcp.h b/include/uapi/linux/tcp.h index 1109093bbb24..979ff960fddb 100644 --- a/include/uapi/linux/tcp.h +++ b/include/uapi/linux/tcp.h @@ -383,7 +383,8 @@ struct tcp_ao_del { /* setsockopt(TCP_AO_DEL_KEY) */ __s32 ifindex; /* L3 dev index for VRF */ __u32 set_current :1, /* corresponding ::current_key */ set_rnext :1, /* corresponding ::rnext */ - reserved :30; /* must be 0 */ + del_async :1, /* only valid for listen sockets */ + reserved :29; /* must be 0 */ __u16 reserved2; /* padding, must be 0 */ __u8 prefix; /* peer's address prefix */ __u8 sndid; /* SendID for outgoing segments */ diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index 1f7d5f192e1d..afe509bb1d16 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -1581,7 +1581,7 @@ static int tcp_ao_add_cmd(struct sock *sk, unsigned short int family, } static int tcp_ao_delete_key(struct sock *sk, struct tcp_ao_info *ao_info, - struct tcp_ao_key *key, + bool del_async, struct tcp_ao_key *key, struct tcp_ao_key *new_current, struct tcp_ao_key *new_rnext) { @@ -1589,11 +1589,24 @@ static int tcp_ao_delete_key(struct sock *sk, struct tcp_ao_info *ao_info, hlist_del_rcu(&key->node); + /* Support for async delete on listening sockets: as they don't + * need current_key/rnext_key maintaining, we don't need to check + * them and we can just free all resources in RCU fashion. + */ + if (del_async) { + atomic_sub(tcp_ao_sizeof_key(key), &sk->sk_omem_alloc); + call_rcu(&key->rcu, tcp_ao_key_free_rcu); + return 0; + } + /* At this moment another CPU could have looked this key up * while it was unlinked from the list. Wait for RCU grace period, * after which the key is off-list and can't be looked up again; * the rx path [just before RCU came] might have used it and set it * as current_key (very unlikely). + * Free the key with next RCU grace period (in case it was + * current_key before tcp_ao_current_rnext() might have + * changed it in forced-delete). */ synchronize_rcu(); if (new_current) @@ -1664,6 +1677,8 @@ static int tcp_ao_del_cmd(struct sock *sk, unsigned short int family, if (!new_rnext) return -ENOENT; } + if (cmd.del_async && sk->sk_state != TCP_LISTEN) + return -EINVAL; if (family == AF_INET) { struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.addr; @@ -1711,8 +1726,8 @@ static int tcp_ao_del_cmd(struct sock *sk, unsigned short int family, if (key == new_current || key == new_rnext) continue; - return tcp_ao_delete_key(sk, ao_info, key, - new_current, new_rnext); + return tcp_ao_delete_key(sk, ao_info, cmd.del_async, key, + new_current, new_rnext); } return -ENOENT; } -- 2.41.0