Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1151248iob; Thu, 28 Apr 2022 21:19:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzgH+G386H8VMLqGdT7CzjINs4bAJwKmNps0ZJpJuxhWVoKzTuFfaEgPc5cXxvQbnfeuPKM X-Received: by 2002:a05:6512:239e:b0:472:a32:c82e with SMTP id c30-20020a056512239e00b004720a32c82emr16200616lfv.514.1651205987436; Thu, 28 Apr 2022 21:19:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651205987; cv=none; d=google.com; s=arc-20160816; b=PGXhTfv2oz055kiwXBTKV0MEsgvwiqm8wcYO6qDeA4CBuysyxDeWW49GhxhZ93FISU QL6nD2GVfdEY6zDgbX8TZmJNIk0c8D9b1e/BhgSN/JTUNVyTkcvWvW/ACrfye1LE+0BE ykppyPnmUNSpwVzAz/FfuDqIXVjZvxEOSsEtA+AVBm1z0kOSgyEVEK4y+G4pLaO8p0+M sLCk+D1Quf66i+NvcNECoAxdQE+NroYstaE2D8h7rexDmMj0IrNDaI+BDIDkHovX/RAZ dp1CZDh3h+cTcKTNbmmCsXbbJKThBf1HfE2oBbrdta2fhdys6O8KGzRv+fgHVJcRjukF 1MvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=tmUDmlkZy0V/KcsZbbQj8FDvEOuLW2+iLS/1UsUlMHA=; b=Mckwh5kNNA/GKg0G++jrgA0xI5hfpXah/YX8TAb2Yuiqm150VJOQh5qZ4Sy7ArkpvL eRDPGyN1zHTBMWk8sTAzId1Jn+kAOcLHiM+F+pLc3qVy3iNnY4e0aQ8LYATJuqQVN+7G T1v+LgyFARl13HUnp/hKnsoo7RBmdtpZ9SwUod1nzyrzRvONV19bdqvTqmvtool8qGig 6tZYhjGa2RmlkEJKcFB4GI/hUOHs1BzLPc++EZDYTKSsfin/6QsY/H7wiHPBJ/8iVw/L wMXPE1zX+alcfeZCf3WYso/YC6gTTQ2dKcdjnZ4WjfCRGTwbfhFmmwmAVKJGvPHDp4R0 iGJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YQH4o1hm; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f12-20020a056512228c00b00471ef0de311si6684852lfu.119.2022.04.28.21.18.59; Thu, 28 Apr 2022 21:19:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=YQH4o1hm; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352011AbiD1VMM (ORCPT + 99 others); Thu, 28 Apr 2022 17:12:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44004 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352009AbiD1VML (ORCPT ); Thu, 28 Apr 2022 17:12:11 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3F260C0E7D; Thu, 28 Apr 2022 14:08:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 84A86B82C97; Thu, 28 Apr 2022 21:08:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D7E69C385AE; Thu, 28 Apr 2022 21:08:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1651180133; bh=NfJ7RXxovLcu/9DkEB6SDpL9K8C/TD0hKVuCmc9Ri8Y=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=YQH4o1hmxaL45wEfgIjIiJwwilyidxEfysZAhu8S5qc8b+72JUEOKhnSQneqZA+XN LYaFQK/v4xjK2sprRF9eP7zFpb1iUp3dqruDUn93HUUKWoovGICF2NDEWb9TOQx9N8 eEQ7uUiyZJFiB6eqrYfqRAJzWeA1ioptPFy+3T2Lk39ioYJEfjJ/fuWgblc3RK0phg lz48VVLmaoRkeAbTuz+SsnwfW0P1bc8afGH6v0fFXBVUoKkJe1RL/5d/ffV54INfAJ h/wWhK3rpaY7ewg6iv7HWHuwPw57DmRxqZxRhq+eE2qPNOHltVdOxKn2+Wrx5miWUY CzohEV0delN0w== Date: Thu, 28 Apr 2022 14:08:51 -0700 From: Jakub Kicinski To: Chuck Lever III Cc: netdev , Linux NFS Mailing List , "linux-nvme@lists.infradead.org" , "linux-cifs@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "ak@tempesta-tech.com" , "borisp@nvidia.com" , "simo@redhat.com" Subject: Re: [PATCH RFC 4/5] net/tls: Add support for PF_TLSH (a TLS handshake listener) Message-ID: <20220428140851.6e9eebd5@kernel.org> In-Reply-To: References: <165030051838.5073.8699008789153780301.stgit@oracle-102.nfsv4.dev> <165030059051.5073.16723746870370826608.stgit@oracle-102.nfsv4.dev> <20220425101459.15484d17@kernel.org> <20220426075504.18be4ee2@kernel.org> <20220426164712.068e365c@kernel.org> <7B871201-AC3C-46E2-98B0-52B44530E7BD@oracle.com> <20220427165354.2eed6c5b@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Thu, 28 Apr 2022 01:29:10 +0000 Chuck Lever III wrote: > > Is it possible to instead create a fd-passing-like structured message > > which could carry the fd and all the relevant context (what goes > > via the getsockopt() now)? > > > > The user space agent can open such upcall socket, then bind to > > whatever entity it wants to talk to on the kernel side and read > > the notifications via recv()? > > We considered this kind of design. A reasonable place to start there > would be to fabricate new NETLINK messages to do this. I don't see > much benefit over what is done now, it's just a different isomer of > syntactic sugar, but it could be considered. > > The issue is how the connected socket is materialized in user space. > accept(2) is the historical way to instantiate an already connected > socket in a process's file table, and seems like a natural fit. When > the handshake agent is done with the handshake, it closes the socket. > This invokes the tlsh_release() function which can check Actually - is that strictly necessary? It seems reasonable for NFS to check that it got TLS, since that's what it explicitly asks for per standard. But it may not always be the goal. In large data center networks there can be a policy the user space agent consults to choose what security to install. It may end up doing the auth but not enable crypto if confidentiality is deemed unnecessary. Obviously you may not have those requirements but if we can cover them without extra complexity it'd be great. > whether the IV implantation was successful. I'm used to IV meaning Initialization Vector in context of crypto, what does "IV implementation" stand for? > So instead of an AF_TLSH listener we could use a named pipe or a > netlink socket and a blocking recv(), as long as there is a reasonable > solution to how a connected socket fd is attached to the handshake > agent process. > > I'm flexible about the mechanism for passing handshake parameters. > Attaching them to the connected socket seems convenient, but perhaps > not aesthetic. recv()-based version would certainly make me happy.