2020-05-01 19:05:26

by Chuck Lever

[permalink] [raw]
Subject: [PATCH RFC] SUNRPC: crypto calls should never schedule

Do not allow the crypto core to reschedule while processing RPC
requests. gss_krb5_crypto.c does make crypto API calls in process
context. However:

- When handling a received Call, rescheduling can introduce
latencies that result in processing delays causing a request to
fall outside the GSS sequence number window. When that occurs,
the server is required to drop that request and the connection on
which it arrived.

- On the client side, ostensibly RPC tasks are not supposed to sleep
or reschedule outside the RPC scheduler. Otherwise there is a risk
of deadlock.

Generally speaking, the risk of removing the cond_resched() is low.
A block of data handled in these paths will not exceed 1MB + a
little a overhead, and processing a single RPC is already
appropriately interleaved amongst both processes and CPUs.

Signed-off-by: Chuck Lever <[email protected]>
---
net/sunrpc/auth_gss/gss_krb5_crypto.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index e7180da1fc6a..083438f73e52 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -209,7 +209,7 @@ make_checksum_hmac_md5(struct krb5_ctx *kctx, char *header, int hdrlen,
if (!req)
goto out_free_hmac_md5;

- ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
+ ahash_request_set_callback(req, 0, NULL, NULL);

err = crypto_ahash_init(req);
if (err)
@@ -239,7 +239,7 @@ make_checksum_hmac_md5(struct krb5_ctx *kctx, char *header, int hdrlen,
if (!req)
goto out_free_hmac_md5;

- ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
+ ahash_request_set_callback(req, 0, NULL, NULL);

err = crypto_ahash_setkey(hmac_md5, cksumkey, kctx->gk5e->keylength);
if (err)
@@ -307,7 +307,7 @@ make_checksum(struct krb5_ctx *kctx, char *header, int hdrlen,
if (!req)
goto out_free_ahash;

- ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
+ ahash_request_set_callback(req, 0, NULL, NULL);

checksumlen = crypto_ahash_digestsize(tfm);

@@ -403,7 +403,7 @@ make_checksum_v2(struct krb5_ctx *kctx, char *header, int hdrlen,
if (!req)
goto out_free_ahash;

- ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
+ ahash_request_set_callback(req, 0, NULL, NULL);

err = crypto_ahash_setkey(tfm, cksumkey, kctx->gk5e->keylength);
if (err)