2016-01-22 02:23:18 +00:00
|
|
|
/*-
|
|
|
|
|
* Copyright (c) 2013-2015 Gleb Smirnoff <glebius@FreeBSD.org>
|
|
|
|
|
* Copyright (c) 1998, David Greenman. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2016-09-15 13:16:20 +00:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
2016-01-22 02:23:18 +00:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#include "opt_kern_tls.h"
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/systm.h>
|
|
|
|
|
#include <sys/capsicum.h>
|
|
|
|
|
#include <sys/kernel.h>
|
|
|
|
|
#include <sys/lock.h>
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#include <sys/ktls.h>
|
2016-01-22 02:23:18 +00:00
|
|
|
#include <sys/mutex.h>
|
|
|
|
|
#include <sys/malloc.h>
|
|
|
|
|
#include <sys/mman.h>
|
|
|
|
|
#include <sys/mount.h>
|
|
|
|
|
#include <sys/mbuf.h>
|
2020-03-30 21:40:35 +00:00
|
|
|
#include <sys/proc.h>
|
2016-01-22 02:23:18 +00:00
|
|
|
#include <sys/protosw.h>
|
|
|
|
|
#include <sys/rwlock.h>
|
|
|
|
|
#include <sys/sf_buf.h>
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <sys/socketvar.h>
|
|
|
|
|
#include <sys/syscallsubr.h>
|
|
|
|
|
#include <sys/sysctl.h>
|
2020-03-30 21:40:35 +00:00
|
|
|
#include <sys/sysproto.h>
|
2016-01-22 02:23:18 +00:00
|
|
|
#include <sys/vnode.h>
|
|
|
|
|
|
|
|
|
|
#include <net/vnet.h>
|
2020-03-30 21:40:35 +00:00
|
|
|
#include <netinet/in.h>
|
2019-10-08 21:34:06 +00:00
|
|
|
#include <netinet/tcp.h>
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
#include <security/audit/audit.h>
|
|
|
|
|
#include <security/mac/mac_framework.h>
|
|
|
|
|
|
|
|
|
|
#include <vm/vm.h>
|
|
|
|
|
#include <vm/vm_object.h>
|
|
|
|
|
#include <vm/vm_pager.h>
|
|
|
|
|
|
2020-03-30 21:50:51 +00:00
|
|
|
static MALLOC_DEFINE(M_SENDFILE, "sendfile", "sendfile dynamic memory");
|
|
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
#define EXT_FLAG_SYNC EXT_FLAG_VENDOR1
|
|
|
|
|
#define EXT_FLAG_NOCACHE EXT_FLAG_VENDOR2
|
2019-06-29 00:49:35 +00:00
|
|
|
#define EXT_FLAG_CACHE_LAST EXT_FLAG_VENDOR3
|
2017-10-09 21:06:16 +00:00
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* Structure describing a single sendfile(2) I/O, which may consist of
|
|
|
|
|
* several underlying pager I/Os.
|
|
|
|
|
*
|
|
|
|
|
* The syscall context allocates the structure and initializes 'nios'
|
|
|
|
|
* to 1. As sendfile_swapin() runs through pages and starts asynchronous
|
|
|
|
|
* paging operations, it increments 'nios'.
|
|
|
|
|
*
|
|
|
|
|
* Every I/O completion calls sendfile_iodone(), which decrements the 'nios',
|
|
|
|
|
* and the syscall also calls sendfile_iodone() after allocating all mbufs,
|
|
|
|
|
* linking them and sending to socket. Whoever reaches zero 'nios' is
|
|
|
|
|
* responsible to * call pru_ready on the socket, to notify it of readyness
|
|
|
|
|
* of the data.
|
|
|
|
|
*/
|
|
|
|
|
struct sf_io {
|
|
|
|
|
volatile u_int nios;
|
|
|
|
|
u_int error;
|
|
|
|
|
int npages;
|
2017-09-13 22:11:05 +00:00
|
|
|
struct socket *so;
|
2016-01-22 02:23:18 +00:00
|
|
|
struct mbuf *m;
|
2020-01-19 23:47:32 +00:00
|
|
|
vm_object_t obj;
|
2020-03-30 22:13:32 +00:00
|
|
|
vm_pindex_t pindex0;
|
2019-08-27 22:21:18 +00:00
|
|
|
#ifdef KERN_TLS
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
struct ktls_session *tls;
|
2019-08-27 22:21:18 +00:00
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
vm_page_t pa[];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Structure used to track requests with SF_SYNC flag.
|
|
|
|
|
*/
|
|
|
|
|
struct sendfile_sync {
|
|
|
|
|
struct mtx mtx;
|
|
|
|
|
struct cv cv;
|
|
|
|
|
unsigned count;
|
2020-04-28 15:02:44 +00:00
|
|
|
bool waiting;
|
2016-01-22 02:23:18 +00:00
|
|
|
};
|
|
|
|
|
|
2020-04-28 15:02:44 +00:00
|
|
|
static void
|
|
|
|
|
sendfile_sync_destroy(struct sendfile_sync *sfs)
|
|
|
|
|
{
|
|
|
|
|
KASSERT(sfs->count == 0, ("sendfile sync %p still busy", sfs));
|
|
|
|
|
|
|
|
|
|
cv_destroy(&sfs->cv);
|
|
|
|
|
mtx_destroy(&sfs->mtx);
|
|
|
|
|
free(sfs, M_SENDFILE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
sendfile_sync_signal(struct sendfile_sync *sfs)
|
|
|
|
|
{
|
|
|
|
|
mtx_lock(&sfs->mtx);
|
|
|
|
|
KASSERT(sfs->count > 0, ("sendfile sync %p not busy", sfs));
|
|
|
|
|
if (--sfs->count == 0) {
|
|
|
|
|
if (!sfs->waiting) {
|
|
|
|
|
/* The sendfile() waiter was interrupted by a signal. */
|
|
|
|
|
sendfile_sync_destroy(sfs);
|
|
|
|
|
return;
|
|
|
|
|
} else {
|
|
|
|
|
cv_signal(&sfs->cv);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
mtx_unlock(&sfs->mtx);
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)];
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
sfstat_init(const void *unused)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) / sizeof(uint64_t),
|
|
|
|
|
M_WAITOK);
|
|
|
|
|
}
|
|
|
|
|
SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL);
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sfstat_sysctl(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
struct sfstat s;
|
|
|
|
|
|
|
|
|
|
COUNTER_ARRAY_COPY(sfstat, &s, sizeof(s) / sizeof(uint64_t));
|
|
|
|
|
if (req->newptr)
|
|
|
|
|
COUNTER_ARRAY_ZERO(sfstat, sizeof(s) / sizeof(uint64_t));
|
|
|
|
|
return (SYSCTL_OUT(req, &s, sizeof(s)));
|
|
|
|
|
}
|
2020-02-26 14:26:36 +00:00
|
|
|
SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat,
|
2021-12-26 17:02:28 +00:00
|
|
|
CTLTYPE_OPAQUE | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, 0,
|
2020-02-26 14:26:36 +00:00
|
|
|
sfstat_sysctl, "I",
|
|
|
|
|
"sendfile statistics");
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
static void
|
|
|
|
|
sendfile_free_mext(struct mbuf *m)
|
2016-01-22 02:23:18 +00:00
|
|
|
{
|
2017-10-09 21:06:16 +00:00
|
|
|
struct sf_buf *sf;
|
|
|
|
|
vm_page_t pg;
|
2019-07-29 22:01:28 +00:00
|
|
|
int flags;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
KASSERT(m->m_flags & M_EXT && m->m_ext.ext_type == EXT_SFBUF,
|
|
|
|
|
("%s: m %p !M_EXT or !EXT_SFBUF", __func__, m));
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
sf = m->m_ext.ext_arg1;
|
|
|
|
|
pg = sf_buf_page(sf);
|
2019-07-29 22:01:28 +00:00
|
|
|
flags = (m->m_ext.ext_flags & EXT_FLAG_NOCACHE) != 0 ? VPR_TRYFREE : 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
sf_buf_free(sf);
|
2019-07-29 22:01:28 +00:00
|
|
|
vm_page_release(pg, flags);
|
2017-10-09 21:06:16 +00:00
|
|
|
|
|
|
|
|
if (m->m_ext.ext_flags & EXT_FLAG_SYNC) {
|
|
|
|
|
struct sendfile_sync *sfs = m->m_ext.ext_arg2;
|
2020-04-28 15:02:44 +00:00
|
|
|
sendfile_sync_signal(sfs);
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-29 00:49:35 +00:00
|
|
|
static void
|
|
|
|
|
sendfile_free_mext_pg(struct mbuf *m)
|
|
|
|
|
{
|
|
|
|
|
vm_page_t pg;
|
2019-07-29 22:01:28 +00:00
|
|
|
int flags, i;
|
|
|
|
|
bool cache_last;
|
2019-06-29 00:49:35 +00:00
|
|
|
|
2020-05-03 00:37:16 +00:00
|
|
|
M_ASSERTEXTPG(m);
|
2019-06-29 00:49:35 +00:00
|
|
|
|
|
|
|
|
cache_last = m->m_ext.ext_flags & EXT_FLAG_CACHE_LAST;
|
2019-07-29 22:01:28 +00:00
|
|
|
flags = (m->m_ext.ext_flags & EXT_FLAG_NOCACHE) != 0 ? VPR_TRYFREE : 0;
|
2019-06-29 00:49:35 +00:00
|
|
|
|
2020-05-03 00:12:56 +00:00
|
|
|
for (i = 0; i < m->m_epg_npgs; i++) {
|
|
|
|
|
if (cache_last && i == m->m_epg_npgs - 1)
|
2019-07-29 22:01:28 +00:00
|
|
|
flags = 0;
|
2020-05-02 22:39:26 +00:00
|
|
|
pg = PHYS_TO_VM_PAGE(m->m_epg_pa[i]);
|
2019-07-29 22:01:28 +00:00
|
|
|
vm_page_release(pg, flags);
|
2019-06-29 00:49:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (m->m_ext.ext_flags & EXT_FLAG_SYNC) {
|
KTLS: Re-work unmapped mbufs to carry ext_pgs in the mbuf itself.
While the original implementation of unmapped mbufs was a large
step forward in terms of reducing cache misses by enabling mbufs
to carry more than a single page for sendfile, they are rather
cache unfriendly when accessing the ext_pgs metadata and
data. This is because the ext_pgs part of the mbuf is allocated
separately, and almost guaranteed to be cold in cache.
This change takes advantage of the fact that unmapped mbufs
are never used at the same time as pkthdr mbufs. Given this
fact, we can overlap the ext_pgs metadata with the mbuf
pkthdr, and carry the ext_pgs meta directly in the mbuf itself.
Similarly, we can carry the ext_pgs data (TLS hdr/trailer/array
of pages) directly after the existing m_ext.
In order to be able to carry 5 pages (which is the minimum
required for a 16K TLS record which is not perfectly aligned) on
LP64, I've had to steal ext_arg2. The only user of this in the
xmit path is sendfile, and I've adjusted it to use arg1 when
using unmapped mbufs.
This change is almost entirely mechanical, except that we
change mb_alloc_ext_pgs() to no longer allow allocating
pkthdrs, the change to avoid ext_arg2 as mentioned above,
and the removal of the ext_pgs zone,
This change saves roughly 2% "raw" CPU (~59% -> 57%), or over
3% "scaled" CPU on a Netflix 100% software kTLS workload at
90+ Gb/s on Broadwell Xeons.
In a follow-on commit, I plan to remove some hacks to avoid
access ext_pgs fields of mbufs, since they will now be in
cache.
Many thanks to glebius for helping to make this better in
the Netflix tree.
Reviewed by: hselasky, jhb, rrs, glebius (early version)
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D24213
2020-04-14 14:46:06 +00:00
|
|
|
struct sendfile_sync *sfs = m->m_ext.ext_arg1;
|
2020-04-28 15:02:44 +00:00
|
|
|
sendfile_sync_signal(sfs);
|
2019-06-29 00:49:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* Helper function to calculate how much data to put into page i of n.
|
|
|
|
|
* Only first and last pages are special.
|
|
|
|
|
*/
|
|
|
|
|
static inline off_t
|
|
|
|
|
xfsize(int i, int n, off_t off, off_t len)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (i == 0)
|
|
|
|
|
return (omin(PAGE_SIZE - (off & PAGE_MASK), len));
|
|
|
|
|
|
|
|
|
|
if (i == n - 1 && ((off + len) & PAGE_MASK) > 0)
|
|
|
|
|
return ((off + len) & PAGE_MASK);
|
|
|
|
|
|
|
|
|
|
return (PAGE_SIZE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Helper function to get offset within object for i page.
|
|
|
|
|
*/
|
2017-06-03 16:19:33 +00:00
|
|
|
static inline vm_ooffset_t
|
2016-01-22 02:23:18 +00:00
|
|
|
vmoff(int i, off_t off)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (i == 0)
|
2017-06-03 16:19:33 +00:00
|
|
|
return ((vm_ooffset_t)off);
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
return (trunc_page(off + i * PAGE_SIZE));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Helper function used when allocation of a page or sf_buf failed.
|
|
|
|
|
* Pretend as if we don't have enough space, subtract xfsize() of
|
|
|
|
|
* all pages that failed.
|
|
|
|
|
*/
|
|
|
|
|
static inline void
|
|
|
|
|
fixspace(int old, int new, off_t off, int *space)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
KASSERT(old > new, ("%s: old %d new %d", __func__, old, new));
|
|
|
|
|
|
|
|
|
|
/* Subtract last one. */
|
|
|
|
|
*space -= xfsize(old - 1, old, off, *space);
|
|
|
|
|
old--;
|
|
|
|
|
|
|
|
|
|
if (new == old)
|
|
|
|
|
/* There was only one page. */
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* Subtract first one. */
|
|
|
|
|
if (new == 0) {
|
|
|
|
|
*space -= xfsize(0, old, off, *space);
|
|
|
|
|
new++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Rest of pages are full sized. */
|
|
|
|
|
*space -= (old - new) * PAGE_SIZE;
|
|
|
|
|
|
|
|
|
|
KASSERT(*space >= 0, ("%s: space went backwards", __func__));
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-30 21:57:28 +00:00
|
|
|
/*
|
|
|
|
|
* Wait for all in-flight ios to complete, we must not unwire pages
|
|
|
|
|
* under them.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
sendfile_iowait(struct sf_io *sfio, const char *wmesg)
|
|
|
|
|
{
|
|
|
|
|
while (atomic_load_int(&sfio->nios) != 1)
|
|
|
|
|
pause(wmesg, 1);
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* I/O completion callback.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2020-03-30 22:13:32 +00:00
|
|
|
sendfile_iodone(void *arg, vm_page_t *pa, int count, int error)
|
2016-01-22 02:23:18 +00:00
|
|
|
{
|
|
|
|
|
struct sf_io *sfio = arg;
|
2020-02-25 19:29:05 +00:00
|
|
|
struct socket *so;
|
2020-03-30 22:13:32 +00:00
|
|
|
int i;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2020-06-06 00:02:50 +00:00
|
|
|
if (error != 0)
|
2016-01-22 02:23:18 +00:00
|
|
|
sfio->error = error;
|
2020-06-06 00:02:50 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Restore the valid page pointers. They are already
|
|
|
|
|
* unbusied, but still wired.
|
|
|
|
|
*
|
|
|
|
|
* XXXKIB since pages are only wired, and we do not
|
|
|
|
|
* own the object lock, other users might have
|
|
|
|
|
* invalidated them in meantime. Similarly, after we
|
|
|
|
|
* unbusied the swapped-in pages, they can become
|
|
|
|
|
* invalid under us.
|
|
|
|
|
*/
|
|
|
|
|
MPASS(count == 0 || pa[0] != bogus_page);
|
|
|
|
|
for (i = 0; i < count; i++) {
|
|
|
|
|
if (pa[i] == bogus_page) {
|
|
|
|
|
sfio->pa[(pa[0]->pindex - sfio->pindex0) + i] =
|
|
|
|
|
pa[i] = vm_page_relookup(sfio->obj,
|
|
|
|
|
pa[0]->pindex + i);
|
|
|
|
|
KASSERT(pa[i] != NULL,
|
|
|
|
|
("%s: page %p[%d] disappeared",
|
|
|
|
|
__func__, pa, i));
|
|
|
|
|
} else {
|
|
|
|
|
vm_page_xunbusy_unchecked(pa[i]);
|
2020-03-30 22:13:32 +00:00
|
|
|
}
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
if (!refcount_release(&sfio->nios))
|
|
|
|
|
return;
|
|
|
|
|
|
2020-04-18 03:09:25 +00:00
|
|
|
#ifdef INVARIANTS
|
|
|
|
|
for (i = 1; i < sfio->npages; i++) {
|
|
|
|
|
if (sfio->pa[i] == NULL)
|
|
|
|
|
break;
|
|
|
|
|
KASSERT(vm_page_wired(sfio->pa[i]),
|
|
|
|
|
("sfio %p page %d %p not wired", sfio, i, sfio->pa[i]));
|
|
|
|
|
if (i == 0)
|
|
|
|
|
continue;
|
|
|
|
|
KASSERT(sfio->pa[0]->object == sfio->pa[i]->object,
|
|
|
|
|
("sfio %p page %d %p wrong owner %p %p", sfio, i,
|
|
|
|
|
sfio->pa[i], sfio->pa[0]->object, sfio->pa[i]->object));
|
|
|
|
|
KASSERT(sfio->pa[0]->pindex + i == sfio->pa[i]->pindex,
|
|
|
|
|
("sfio %p page %d %p wrong index %jx %jx", sfio, i,
|
|
|
|
|
sfio->pa[i], (uintmax_t)sfio->pa[0]->pindex,
|
|
|
|
|
(uintmax_t)sfio->pa[i]->pindex));
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-01-19 23:47:32 +00:00
|
|
|
vm_object_pip_wakeup(sfio->obj);
|
|
|
|
|
|
2020-02-25 19:29:05 +00:00
|
|
|
if (sfio->m == NULL) {
|
2019-11-06 23:45:43 +00:00
|
|
|
/*
|
2020-02-25 19:29:05 +00:00
|
|
|
* Either I/O operation failed, or we failed to allocate
|
|
|
|
|
* buffers, or we bailed out on first busy page, or we
|
|
|
|
|
* succeeded filling the request without any I/Os. Anyway,
|
|
|
|
|
* pru_send hadn't been executed - nothing had been sent
|
|
|
|
|
* to the socket yet.
|
2019-11-06 23:45:43 +00:00
|
|
|
*/
|
2020-02-25 19:29:05 +00:00
|
|
|
MPASS((curthread->td_pflags & TDP_KTHREAD) == 0);
|
2020-03-30 21:50:51 +00:00
|
|
|
free(sfio, M_SENDFILE);
|
2019-11-06 23:45:43 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-27 22:21:18 +00:00
|
|
|
#if defined(KERN_TLS) && defined(INVARIANTS)
|
2020-05-03 00:37:16 +00:00
|
|
|
if ((sfio->m->m_flags & M_EXTPG) != 0)
|
2020-05-03 00:12:56 +00:00
|
|
|
KASSERT(sfio->tls == sfio->m->m_epg_tls,
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
("TLS session mismatch"));
|
|
|
|
|
else
|
|
|
|
|
KASSERT(sfio->tls == NULL,
|
|
|
|
|
("non-ext_pgs mbuf with TLS session"));
|
|
|
|
|
#endif
|
2020-02-25 19:29:05 +00:00
|
|
|
so = sfio->so;
|
2018-01-05 20:21:46 +00:00
|
|
|
CURVNET_SET(so->so_vnet);
|
2019-11-06 23:45:43 +00:00
|
|
|
if (__predict_false(sfio->error)) {
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* I/O operation failed. The state of data in the socket
|
|
|
|
|
* is now inconsistent, and all what we can do is to tear
|
|
|
|
|
* it down. Protocol abort method would tear down protocol
|
|
|
|
|
* state, free all ready mbufs and detach not ready ones.
|
|
|
|
|
* We will free the mbufs corresponding to this I/O manually.
|
|
|
|
|
*
|
|
|
|
|
* The socket would be marked with EIO and made available
|
|
|
|
|
* for read, so that application receives EIO on next
|
|
|
|
|
* syscall and eventually closes the socket.
|
|
|
|
|
*/
|
|
|
|
|
so->so_proto->pr_usrreqs->pru_abort(so);
|
|
|
|
|
so->so_error = EIO;
|
|
|
|
|
|
2019-06-29 00:49:35 +00:00
|
|
|
mb_free_notready(sfio->m, sfio->npages);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
2019-10-08 21:34:06 +00:00
|
|
|
} else if (sfio->tls != NULL && sfio->tls->mode == TCP_TLS_MODE_SW) {
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
/*
|
|
|
|
|
* I/O operation is complete, but we still need to
|
|
|
|
|
* encrypt. We cannot do this in the interrupt thread
|
|
|
|
|
* of the disk controller, so forward the mbufs to a
|
|
|
|
|
* different thread.
|
|
|
|
|
*
|
|
|
|
|
* Donate the socket reference from sfio to rather
|
|
|
|
|
* than explicitly invoking soref().
|
|
|
|
|
*/
|
|
|
|
|
ktls_enqueue(sfio->m, so, sfio->npages);
|
|
|
|
|
goto out_with_ref;
|
|
|
|
|
#endif
|
2018-01-05 20:21:46 +00:00
|
|
|
} else
|
2019-06-11 22:06:05 +00:00
|
|
|
(void)(so->so_proto->pr_usrreqs->pru_ready)(so, sfio->m,
|
2016-01-22 02:23:18 +00:00
|
|
|
sfio->npages);
|
|
|
|
|
|
2017-09-13 22:11:05 +00:00
|
|
|
sorele(so);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
out_with_ref:
|
|
|
|
|
#endif
|
2018-01-05 20:21:46 +00:00
|
|
|
CURVNET_RESTORE();
|
2020-03-30 21:50:51 +00:00
|
|
|
free(sfio, M_SENDFILE);
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Iterate through pages vector and request paging for non-valid pages.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2019-07-19 18:03:30 +00:00
|
|
|
sendfile_swapin(vm_object_t obj, struct sf_io *sfio, int *nios, off_t off,
|
2020-12-26 21:07:40 +00:00
|
|
|
off_t len, int rhpages, int flags)
|
2016-01-22 02:23:18 +00:00
|
|
|
{
|
2020-03-30 22:13:32 +00:00
|
|
|
vm_page_t *pa;
|
2020-12-26 21:07:40 +00:00
|
|
|
int a, count, count1, grabbed, i, j, npages, rv;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2020-03-30 22:13:32 +00:00
|
|
|
pa = sfio->pa;
|
2020-12-26 21:07:40 +00:00
|
|
|
npages = sfio->npages;
|
2019-07-19 18:03:30 +00:00
|
|
|
*nios = 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
flags = (flags & SF_NODISKIO) ? VM_ALLOC_NOWAIT : 0;
|
2020-03-30 22:13:32 +00:00
|
|
|
sfio->pindex0 = OFF_TO_IDX(off);
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* First grab all the pages and wire them. Note that we grab
|
|
|
|
|
* only required pages. Readahead pages are dealt with later.
|
|
|
|
|
*/
|
2020-02-28 20:34:30 +00:00
|
|
|
grabbed = vm_page_grab_pages_unlocked(obj, OFF_TO_IDX(off),
|
2017-08-11 16:32:24 +00:00
|
|
|
VM_ALLOC_NORMAL | VM_ALLOC_WIRED | flags, pa, npages);
|
|
|
|
|
if (grabbed < npages) {
|
|
|
|
|
for (int i = grabbed; i < npages; i++)
|
|
|
|
|
pa[i] = NULL;
|
|
|
|
|
npages = grabbed;
|
|
|
|
|
rhpages = 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
|
2020-03-30 22:13:32 +00:00
|
|
|
for (i = 0; i < npages;) {
|
2016-01-22 02:23:18 +00:00
|
|
|
/* Skip valid pages. */
|
|
|
|
|
if (vm_page_is_valid(pa[i], vmoff(i, off) & PAGE_MASK,
|
|
|
|
|
xfsize(i, npages, off, len))) {
|
|
|
|
|
vm_page_xunbusy(pa[i]);
|
|
|
|
|
SFSTAT_INC(sf_pages_valid);
|
|
|
|
|
i++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2016-11-17 21:02:55 +00:00
|
|
|
* Next page is invalid. Check if it belongs to pager. It
|
|
|
|
|
* may not be there, which is a regular situation for shmem
|
|
|
|
|
* pager. For vnode pager this happens only in case of
|
|
|
|
|
* a sparse file.
|
2016-01-22 02:23:18 +00:00
|
|
|
*
|
|
|
|
|
* Important feature of vm_pager_has_page() is the hint
|
|
|
|
|
* stored in 'a', about how many pages we can pagein after
|
|
|
|
|
* this page in a single I/O.
|
|
|
|
|
*/
|
2020-02-28 21:42:48 +00:00
|
|
|
VM_OBJECT_RLOCK(obj);
|
2016-11-17 21:02:55 +00:00
|
|
|
if (!vm_pager_has_page(obj, OFF_TO_IDX(vmoff(i, off)), NULL,
|
|
|
|
|
&a)) {
|
2020-02-28 21:42:48 +00:00
|
|
|
VM_OBJECT_RUNLOCK(obj);
|
2016-01-22 02:23:18 +00:00
|
|
|
pmap_zero_page(pa[i]);
|
2020-01-23 04:54:49 +00:00
|
|
|
vm_page_valid(pa[i]);
|
2017-08-11 16:27:54 +00:00
|
|
|
MPASS(pa[i]->dirty == 0);
|
2016-01-22 02:23:18 +00:00
|
|
|
vm_page_xunbusy(pa[i]);
|
|
|
|
|
i++;
|
|
|
|
|
continue;
|
2016-11-17 21:02:55 +00:00
|
|
|
}
|
2020-02-28 21:42:48 +00:00
|
|
|
VM_OBJECT_RUNLOCK(obj);
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We want to pagein as many pages as possible, limited only
|
|
|
|
|
* by the 'a' hint and actual request.
|
|
|
|
|
*/
|
|
|
|
|
count = min(a + 1, npages - i);
|
|
|
|
|
|
2016-11-17 21:02:55 +00:00
|
|
|
/*
|
2020-03-30 22:13:32 +00:00
|
|
|
* We should not pagein into a valid page because
|
|
|
|
|
* there might be still unfinished write tracked by
|
|
|
|
|
* e.g. a buffer, thus we substitute any valid pages
|
|
|
|
|
* with the bogus one.
|
|
|
|
|
*
|
|
|
|
|
* We must not leave around xbusy pages which are not
|
|
|
|
|
* part of the run passed to vm_pager_getpages(),
|
|
|
|
|
* otherwise pager might deadlock waiting for the busy
|
|
|
|
|
* status of the page, e.g. if it constitues the
|
|
|
|
|
* buffer needed to validate other page.
|
|
|
|
|
*
|
|
|
|
|
* First trim the end of the run consisting of the
|
|
|
|
|
* valid pages, then replace the rest of the valid
|
|
|
|
|
* with bogus.
|
2016-11-17 21:02:55 +00:00
|
|
|
*/
|
2020-03-30 22:13:32 +00:00
|
|
|
count1 = count;
|
2016-11-17 21:02:55 +00:00
|
|
|
for (j = i + count - 1; j > i; j--) {
|
|
|
|
|
if (vm_page_is_valid(pa[j], vmoff(j, off) & PAGE_MASK,
|
|
|
|
|
xfsize(j, npages, off, len))) {
|
2020-03-30 22:13:32 +00:00
|
|
|
vm_page_xunbusy(pa[j]);
|
|
|
|
|
SFSTAT_INC(sf_pages_valid);
|
2016-11-17 21:02:55 +00:00
|
|
|
count--;
|
2020-03-30 22:13:32 +00:00
|
|
|
} else {
|
2016-11-17 21:02:55 +00:00
|
|
|
break;
|
2020-03-30 22:13:32 +00:00
|
|
|
}
|
2016-11-17 21:02:55 +00:00
|
|
|
}
|
2020-03-30 22:13:32 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The last page in the run pa[i + count - 1] is
|
|
|
|
|
* guaranteed to be invalid by the trim above, so it
|
|
|
|
|
* is not replaced with bogus, thus -1 in the loop end
|
|
|
|
|
* condition.
|
|
|
|
|
*/
|
|
|
|
|
MPASS(pa[i + count - 1]->valid != VM_PAGE_BITS_ALL);
|
|
|
|
|
for (j = i + 1; j < i + count - 1; j++) {
|
2016-11-17 21:02:55 +00:00
|
|
|
if (vm_page_is_valid(pa[j], vmoff(j, off) & PAGE_MASK,
|
|
|
|
|
xfsize(j, npages, off, len))) {
|
|
|
|
|
vm_page_xunbusy(pa[j]);
|
|
|
|
|
SFSTAT_INC(sf_pages_valid);
|
|
|
|
|
SFSTAT_INC(sf_pages_bogus);
|
|
|
|
|
pa[j] = bogus_page;
|
|
|
|
|
}
|
2020-03-30 22:13:32 +00:00
|
|
|
}
|
2016-11-17 21:02:55 +00:00
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
refcount_acquire(&sfio->nios);
|
|
|
|
|
rv = vm_pager_get_pages_async(obj, pa + i, count, NULL,
|
|
|
|
|
i + count == npages ? &rhpages : NULL,
|
|
|
|
|
&sendfile_iodone, sfio);
|
2019-11-06 23:45:43 +00:00
|
|
|
if (__predict_false(rv != VM_PAGER_OK)) {
|
2020-03-30 21:57:28 +00:00
|
|
|
sendfile_iowait(sfio, "sferrio");
|
|
|
|
|
|
2019-11-06 23:45:43 +00:00
|
|
|
/*
|
2020-06-06 00:02:50 +00:00
|
|
|
* Do remaining pages recovery before returning EIO.
|
2019-11-06 23:45:43 +00:00
|
|
|
* Pages from 0 to npages are wired.
|
2020-06-06 00:02:50 +00:00
|
|
|
* Pages from (i + count1) to npages are busied.
|
2019-11-06 23:45:43 +00:00
|
|
|
*/
|
|
|
|
|
for (j = 0; j < npages; j++) {
|
2020-06-06 00:02:50 +00:00
|
|
|
if (j >= i + count1)
|
2019-11-06 23:45:43 +00:00
|
|
|
vm_page_xunbusy(pa[j]);
|
|
|
|
|
KASSERT(pa[j] != NULL && pa[j] != bogus_page,
|
|
|
|
|
("%s: page %p[%d] I/O recovery failure",
|
|
|
|
|
__func__, pa, j));
|
|
|
|
|
vm_page_unwire(pa[j], PQ_INACTIVE);
|
2021-01-03 16:35:42 +00:00
|
|
|
pa[j] = NULL;
|
2019-07-19 18:03:30 +00:00
|
|
|
}
|
2019-07-29 20:50:26 +00:00
|
|
|
return (EIO);
|
2019-07-19 18:03:30 +00:00
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
SFSTAT_INC(sf_iocnt);
|
|
|
|
|
SFSTAT_ADD(sf_pages_read, count);
|
|
|
|
|
if (i + count == npages)
|
|
|
|
|
SFSTAT_ADD(sf_rhpages_read, rhpages);
|
|
|
|
|
|
2020-03-30 22:13:32 +00:00
|
|
|
i += count1;
|
2019-07-19 18:03:30 +00:00
|
|
|
(*nios)++;
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
|
2019-07-19 18:03:30 +00:00
|
|
|
if (*nios == 0 && npages != 0)
|
2016-01-22 02:23:18 +00:00
|
|
|
SFSTAT_INC(sf_noiocnt);
|
|
|
|
|
|
2019-07-19 18:03:30 +00:00
|
|
|
return (0);
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sendfile_getobj(struct thread *td, struct file *fp, vm_object_t *obj_res,
|
|
|
|
|
struct vnode **vp_res, struct shmfd **shmfd_res, off_t *obj_size,
|
|
|
|
|
int *bsize)
|
|
|
|
|
{
|
|
|
|
|
struct vattr va;
|
|
|
|
|
vm_object_t obj;
|
|
|
|
|
struct vnode *vp;
|
|
|
|
|
struct shmfd *shmfd;
|
|
|
|
|
int error;
|
|
|
|
|
|
2021-04-02 21:12:56 +00:00
|
|
|
error = 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
vp = *vp_res = NULL;
|
|
|
|
|
obj = NULL;
|
|
|
|
|
shmfd = *shmfd_res = NULL;
|
|
|
|
|
*bsize = 0;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The file descriptor must be a regular file and have a
|
|
|
|
|
* backing VM object.
|
|
|
|
|
*/
|
|
|
|
|
if (fp->f_type == DTYPE_VNODE) {
|
|
|
|
|
vp = fp->f_vnode;
|
|
|
|
|
vn_lock(vp, LK_SHARED | LK_RETRY);
|
|
|
|
|
if (vp->v_type != VREG) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
*bsize = vp->v_mount->mnt_stat.f_iosize;
|
|
|
|
|
obj = vp->v_object;
|
|
|
|
|
if (obj == NULL) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
sendfile: Use the pager size to determine the file extent when possible
Previously sendfile would issue a VOP_GETATTR and use the returned size,
i.e., the file size. When paging in file data, sendfile_swapin() will
use the pager to determine whether it needs to zero-fill, most often
because of a hole in a sparse file. An attempt to page in beyond the
end of a file is treated this way, and occurs when the requested page is
past the end of the pager. In other words, both the file size and pager
size were used interchangeably.
With ZFS, updates to the pager and file sizes are not synchronized by
the exclusive vnode lock, at least partially due to its use of
MNTK_SHARED_WRITES. In particular, the pager size is updated after the
file size, so in the presence of a writer concurrently extending the
file, sendfile could incorrectly instantiate "holes" in the page cache
pages backing the file, which manifests as data corruption when reading
the file back from the page cache. The on-disk copy is unaffected.
Fix this by consistently using the pager size when available.
Reported by: dumbbell
Reviewed by: chs, kib
Tested by: dumbbell, pho
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28811
2021-02-25 15:04:44 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Use the pager size when available to simplify synchronization
|
|
|
|
|
* with filesystems, which otherwise must atomically update both
|
|
|
|
|
* the vnode pager size and file size.
|
|
|
|
|
*/
|
|
|
|
|
if (obj->type == OBJT_VNODE) {
|
|
|
|
|
VM_OBJECT_RLOCK(obj);
|
|
|
|
|
*obj_size = obj->un_pager.vnp.vnp_size;
|
|
|
|
|
} else {
|
|
|
|
|
error = VOP_GETATTR(vp, &va, td->td_ucred);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
*obj_size = va.va_size;
|
|
|
|
|
VM_OBJECT_RLOCK(obj);
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
} else if (fp->f_type == DTYPE_SHM) {
|
|
|
|
|
shmfd = fp->f_data;
|
|
|
|
|
obj = shmfd->shm_object;
|
sendfile: Use the pager size to determine the file extent when possible
Previously sendfile would issue a VOP_GETATTR and use the returned size,
i.e., the file size. When paging in file data, sendfile_swapin() will
use the pager to determine whether it needs to zero-fill, most often
because of a hole in a sparse file. An attempt to page in beyond the
end of a file is treated this way, and occurs when the requested page is
past the end of the pager. In other words, both the file size and pager
size were used interchangeably.
With ZFS, updates to the pager and file sizes are not synchronized by
the exclusive vnode lock, at least partially due to its use of
MNTK_SHARED_WRITES. In particular, the pager size is updated after the
file size, so in the presence of a writer concurrently extending the
file, sendfile could incorrectly instantiate "holes" in the page cache
pages backing the file, which manifests as data corruption when reading
the file back from the page cache. The on-disk copy is unaffected.
Fix this by consistently using the pager size when available.
Reported by: dumbbell
Reviewed by: chs, kib
Tested by: dumbbell, pho
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28811
2021-02-25 15:04:44 +00:00
|
|
|
VM_OBJECT_RLOCK(obj);
|
2016-01-22 02:23:18 +00:00
|
|
|
*obj_size = shmfd->shm_size;
|
|
|
|
|
} else {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((obj->flags & OBJ_DEAD) != 0) {
|
sendfile: Use the pager size to determine the file extent when possible
Previously sendfile would issue a VOP_GETATTR and use the returned size,
i.e., the file size. When paging in file data, sendfile_swapin() will
use the pager to determine whether it needs to zero-fill, most often
because of a hole in a sparse file. An attempt to page in beyond the
end of a file is treated this way, and occurs when the requested page is
past the end of the pager. In other words, both the file size and pager
size were used interchangeably.
With ZFS, updates to the pager and file sizes are not synchronized by
the exclusive vnode lock, at least partially due to its use of
MNTK_SHARED_WRITES. In particular, the pager size is updated after the
file size, so in the presence of a writer concurrently extending the
file, sendfile could incorrectly instantiate "holes" in the page cache
pages backing the file, which manifests as data corruption when reading
the file back from the page cache. The on-disk copy is unaffected.
Fix this by consistently using the pager size when available.
Reported by: dumbbell
Reviewed by: chs, kib
Tested by: dumbbell, pho
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28811
2021-02-25 15:04:44 +00:00
|
|
|
VM_OBJECT_RUNLOCK(obj);
|
2016-01-22 02:23:18 +00:00
|
|
|
error = EBADF;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Temporarily increase the backing VM object's reference
|
|
|
|
|
* count so that a forced reclamation of its vnode does not
|
|
|
|
|
* immediately destroy it.
|
|
|
|
|
*/
|
|
|
|
|
vm_object_reference_locked(obj);
|
sendfile: Use the pager size to determine the file extent when possible
Previously sendfile would issue a VOP_GETATTR and use the returned size,
i.e., the file size. When paging in file data, sendfile_swapin() will
use the pager to determine whether it needs to zero-fill, most often
because of a hole in a sparse file. An attempt to page in beyond the
end of a file is treated this way, and occurs when the requested page is
past the end of the pager. In other words, both the file size and pager
size were used interchangeably.
With ZFS, updates to the pager and file sizes are not synchronized by
the exclusive vnode lock, at least partially due to its use of
MNTK_SHARED_WRITES. In particular, the pager size is updated after the
file size, so in the presence of a writer concurrently extending the
file, sendfile could incorrectly instantiate "holes" in the page cache
pages backing the file, which manifests as data corruption when reading
the file back from the page cache. The on-disk copy is unaffected.
Fix this by consistently using the pager size when available.
Reported by: dumbbell
Reviewed by: chs, kib
Tested by: dumbbell, pho
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28811
2021-02-25 15:04:44 +00:00
|
|
|
VM_OBJECT_RUNLOCK(obj);
|
2016-01-22 02:23:18 +00:00
|
|
|
*obj_res = obj;
|
|
|
|
|
*vp_res = vp;
|
|
|
|
|
*shmfd_res = shmfd;
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
if (vp != NULL)
|
2020-01-03 22:29:58 +00:00
|
|
|
VOP_UNLOCK(vp);
|
2016-01-22 02:23:18 +00:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sendfile_getsock(struct thread *td, int s, struct file **sock_fp,
|
|
|
|
|
struct socket **so)
|
|
|
|
|
{
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
*sock_fp = NULL;
|
|
|
|
|
*so = NULL;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The socket must be a stream socket and connected.
|
|
|
|
|
*/
|
2018-05-09 18:47:24 +00:00
|
|
|
error = getsock_cap(td, s, &cap_send_rights,
|
2016-09-22 09:58:46 +00:00
|
|
|
sock_fp, NULL, NULL);
|
2016-01-22 02:23:18 +00:00
|
|
|
if (error != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
*so = (*sock_fp)->f_data;
|
|
|
|
|
if ((*so)->so_type != SOCK_STREAM)
|
|
|
|
|
return (EINVAL);
|
2020-03-13 18:38:28 +00:00
|
|
|
/*
|
|
|
|
|
* SCTP one-to-one style sockets currently don't work with
|
|
|
|
|
* sendfile(). So indicate EINVAL for now.
|
|
|
|
|
*/
|
|
|
|
|
if ((*so)->so_proto->pr_protocol == IPPROTO_SCTP)
|
|
|
|
|
return (EINVAL);
|
2016-01-22 02:23:18 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
|
|
|
|
|
struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
struct thread *td)
|
2016-01-22 02:23:18 +00:00
|
|
|
{
|
|
|
|
|
struct file *sock_fp;
|
|
|
|
|
struct vnode *vp;
|
|
|
|
|
struct vm_object *obj;
|
2020-04-10 01:28:47 +00:00
|
|
|
vm_page_t pga;
|
2016-01-22 02:23:18 +00:00
|
|
|
struct socket *so;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
struct ktls_session *tls;
|
|
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
struct mbuf *m, *mh, *mhtail;
|
|
|
|
|
struct sf_buf *sf;
|
|
|
|
|
struct shmfd *shmfd;
|
|
|
|
|
struct sendfile_sync *sfs;
|
|
|
|
|
struct vattr va;
|
sendfile: Use the pager size to determine the file extent when possible
Previously sendfile would issue a VOP_GETATTR and use the returned size,
i.e., the file size. When paging in file data, sendfile_swapin() will
use the pager to determine whether it needs to zero-fill, most often
because of a hole in a sparse file. An attempt to page in beyond the
end of a file is treated this way, and occurs when the requested page is
past the end of the pager. In other words, both the file size and pager
size were used interchangeably.
With ZFS, updates to the pager and file sizes are not synchronized by
the exclusive vnode lock, at least partially due to its use of
MNTK_SHARED_WRITES. In particular, the pager size is updated after the
file size, so in the presence of a writer concurrently extending the
file, sendfile could incorrectly instantiate "holes" in the page cache
pages backing the file, which manifests as data corruption when reading
the file back from the page cache. The on-disk copy is unaffected.
Fix this by consistently using the pager size when available.
Reported by: dumbbell
Reviewed by: chs, kib
Tested by: dumbbell, pho
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28811
2021-02-25 15:04:44 +00:00
|
|
|
off_t off, sbytes, rem, obj_size, nobj_size;
|
2019-06-29 00:49:35 +00:00
|
|
|
int bsize, error, ext_pgs_idx, hdrlen, max_pgs, softerr;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
int tls_enq_cnt;
|
|
|
|
|
#endif
|
2019-06-29 00:49:35 +00:00
|
|
|
bool use_ext_pgs;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
obj = NULL;
|
|
|
|
|
so = NULL;
|
|
|
|
|
m = mh = NULL;
|
|
|
|
|
sfs = NULL;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
tls = NULL;
|
|
|
|
|
#endif
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
hdrlen = sbytes = 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
softerr = 0;
|
2019-06-29 00:49:35 +00:00
|
|
|
use_ext_pgs = false;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
error = sendfile_getobj(td, fp, &obj, &vp, &shmfd, &obj_size, &bsize);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
error = sendfile_getsock(td, sockfd, &sock_fp, &so);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
#ifdef MAC
|
|
|
|
|
error = mac_socket_check_send(td->td_ucred, so);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
SFSTAT_INC(sf_syscalls);
|
|
|
|
|
SFSTAT_ADD(sf_rhpages_requested, SF_READAHEAD(flags));
|
|
|
|
|
|
|
|
|
|
if (flags & SF_SYNC) {
|
2020-03-30 21:50:51 +00:00
|
|
|
sfs = malloc(sizeof(*sfs), M_SENDFILE, M_WAITOK | M_ZERO);
|
2016-01-22 02:23:18 +00:00
|
|
|
mtx_init(&sfs->mtx, "sendfile", NULL, MTX_DEF);
|
|
|
|
|
cv_init(&sfs->cv, "sendfile");
|
2020-04-28 15:02:44 +00:00
|
|
|
sfs->waiting = true;
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rem = nbytes ? omin(nbytes, obj_size - offset) : obj_size - offset;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Protect against multiple writers to the socket.
|
|
|
|
|
*
|
|
|
|
|
* XXXRW: Historically this has assumed non-interruptibility, so now
|
|
|
|
|
* we implement that, but possibly shouldn't.
|
|
|
|
|
*/
|
2021-09-07 18:49:31 +00:00
|
|
|
error = SOCK_IO_SEND_LOCK(so, SBL_WAIT | SBL_NOINTR);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
tls = ktls_hold(so->so_snd.sb_tls_info);
|
|
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Loop through the pages of the file, starting with the requested
|
|
|
|
|
* offset. Get a file page (do I/O if necessary), map the file page
|
|
|
|
|
* into an sf_buf, attach an mbuf header to the sf_buf, and queue
|
|
|
|
|
* it on the socket.
|
|
|
|
|
* This is done in two loops. The inner loop turns as many pages
|
|
|
|
|
* as it can, up to available socket buffer space, without blocking
|
|
|
|
|
* into mbufs to have it bulk delivered into the socket send buffer.
|
|
|
|
|
* The outer loop checks the state and available space of the socket
|
|
|
|
|
* and takes care of the overall progress.
|
|
|
|
|
*/
|
|
|
|
|
for (off = offset; rem > 0; ) {
|
|
|
|
|
struct sf_io *sfio;
|
|
|
|
|
vm_page_t *pa;
|
2020-02-25 19:29:05 +00:00
|
|
|
struct mbuf *m0, *mtail;
|
2016-01-22 02:23:18 +00:00
|
|
|
int nios, space, npages, rhpages;
|
|
|
|
|
|
|
|
|
|
mtail = NULL;
|
|
|
|
|
/*
|
|
|
|
|
* Check the socket state for ongoing connection,
|
|
|
|
|
* no errors and space in socket buffer.
|
|
|
|
|
* If space is low allow for the remainder of the
|
|
|
|
|
* file to be processed if it fits the socket buffer.
|
|
|
|
|
* Otherwise block in waiting for sufficient space
|
|
|
|
|
* to proceed, or if the socket is nonblocking, return
|
|
|
|
|
* to userland with EAGAIN while reporting how far
|
|
|
|
|
* we've come.
|
|
|
|
|
* We wait until the socket buffer has significant free
|
|
|
|
|
* space to do bulk sends. This makes good use of file
|
|
|
|
|
* system read ahead and allows packet segmentation
|
|
|
|
|
* offloading hardware to take over lots of work. If
|
|
|
|
|
* we were not careful here we would send off only one
|
|
|
|
|
* sfbuf at a time.
|
|
|
|
|
*/
|
|
|
|
|
SOCKBUF_LOCK(&so->so_snd);
|
|
|
|
|
if (so->so_snd.sb_lowat < so->so_snd.sb_hiwat / 2)
|
|
|
|
|
so->so_snd.sb_lowat = so->so_snd.sb_hiwat / 2;
|
|
|
|
|
retry_space:
|
|
|
|
|
if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
|
|
|
|
|
error = EPIPE;
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
goto done;
|
|
|
|
|
} else if (so->so_error) {
|
|
|
|
|
error = so->so_error;
|
|
|
|
|
so->so_error = 0;
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
2017-10-10 22:21:05 +00:00
|
|
|
if ((so->so_state & SS_ISCONNECTED) == 0) {
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
error = ENOTCONN;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
space = sbspace(&so->so_snd);
|
|
|
|
|
if (space < rem &&
|
|
|
|
|
(space <= 0 ||
|
|
|
|
|
space < so->so_snd.sb_lowat)) {
|
|
|
|
|
if (so->so_state & SS_NBIO) {
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
error = EAGAIN;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* sbwait drops the lock while sleeping.
|
|
|
|
|
* When we loop back to retry_space the
|
|
|
|
|
* state may have changed and we retest
|
|
|
|
|
* for it.
|
|
|
|
|
*/
|
|
|
|
|
error = sbwait(&so->so_snd);
|
|
|
|
|
/*
|
|
|
|
|
* An error from sbwait usually indicates that we've
|
|
|
|
|
* been interrupted by a signal. If we've sent anything
|
|
|
|
|
* then return bytes sent, otherwise return the error.
|
|
|
|
|
*/
|
|
|
|
|
if (error != 0) {
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
goto retry_space;
|
|
|
|
|
}
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
|
|
|
|
|
/*
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
* At the beginning of the first loop check if any headers
|
|
|
|
|
* are specified and copy them into mbufs. Reduce space in
|
|
|
|
|
* the socket buffer by the size of the header mbuf chain.
|
|
|
|
|
* Clear hdr_uio here and hdrlen at the end of the first loop.
|
2016-01-22 02:23:18 +00:00
|
|
|
*/
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
if (hdr_uio != NULL && hdr_uio->uio_resid > 0) {
|
|
|
|
|
hdr_uio->uio_td = td;
|
|
|
|
|
hdr_uio->uio_rw = UIO_WRITE;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
if (tls != NULL)
|
|
|
|
|
mh = m_uiotombuf(hdr_uio, M_WAITOK, space,
|
2020-05-03 00:21:11 +00:00
|
|
|
tls->params.max_frame_len, M_EXTPG);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
mh = m_uiotombuf(hdr_uio, M_WAITOK,
|
|
|
|
|
space, 0, 0);
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
hdrlen = m_length(mh, &mhtail);
|
|
|
|
|
space -= hdrlen;
|
Fix regression from r297400, which truncates headers in case of low socket
buffer and put a small optimization for low socket buffer case:
- Do not hack uio_resid, and let m_uiotombuf() properly take care of it. This
fixes truncation of headers at low buffer.
- If headers ate all the space, jump right to the end of the cycle, to
avoid doing single page I/O and allocating zero length mbuf.
- Clear hdr_uio only if space is positive, which indicates that all uio
was copied in.
Reviewed by: pluknet, jtl, emax, rrs, lstewart, emax, gallatin, scottl
2016-09-22 20:34:44 +00:00
|
|
|
/*
|
|
|
|
|
* If header consumed all the socket buffer space,
|
|
|
|
|
* don't waste CPU cycles and jump to the end.
|
|
|
|
|
*/
|
|
|
|
|
if (space == 0) {
|
|
|
|
|
sfio = NULL;
|
|
|
|
|
nios = 0;
|
|
|
|
|
goto prepend_header;
|
|
|
|
|
}
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
hdr_uio = NULL;
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
if (vp != NULL) {
|
|
|
|
|
error = vn_lock(vp, LK_SHARED);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto done;
|
sendfile: Use the pager size to determine the file extent when possible
Previously sendfile would issue a VOP_GETATTR and use the returned size,
i.e., the file size. When paging in file data, sendfile_swapin() will
use the pager to determine whether it needs to zero-fill, most often
because of a hole in a sparse file. An attempt to page in beyond the
end of a file is treated this way, and occurs when the requested page is
past the end of the pager. In other words, both the file size and pager
size were used interchangeably.
With ZFS, updates to the pager and file sizes are not synchronized by
the exclusive vnode lock, at least partially due to its use of
MNTK_SHARED_WRITES. In particular, the pager size is updated after the
file size, so in the presence of a writer concurrently extending the
file, sendfile could incorrectly instantiate "holes" in the page cache
pages backing the file, which manifests as data corruption when reading
the file back from the page cache. The on-disk copy is unaffected.
Fix this by consistently using the pager size when available.
Reported by: dumbbell
Reviewed by: chs, kib
Tested by: dumbbell, pho
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28811
2021-02-25 15:04:44 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check to see if the file size has changed.
|
|
|
|
|
*/
|
|
|
|
|
if (obj->type == OBJT_VNODE) {
|
|
|
|
|
VM_OBJECT_RLOCK(obj);
|
|
|
|
|
nobj_size = obj->un_pager.vnp.vnp_size;
|
|
|
|
|
VM_OBJECT_RUNLOCK(obj);
|
|
|
|
|
} else {
|
|
|
|
|
error = VOP_GETATTR(vp, &va, td->td_ucred);
|
|
|
|
|
if (error != 0) {
|
|
|
|
|
VOP_UNLOCK(vp);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
nobj_size = va.va_size;
|
|
|
|
|
}
|
|
|
|
|
if (off >= nobj_size) {
|
2020-01-03 22:29:58 +00:00
|
|
|
VOP_UNLOCK(vp);
|
2016-01-22 02:23:18 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
sendfile: Use the pager size to determine the file extent when possible
Previously sendfile would issue a VOP_GETATTR and use the returned size,
i.e., the file size. When paging in file data, sendfile_swapin() will
use the pager to determine whether it needs to zero-fill, most often
because of a hole in a sparse file. An attempt to page in beyond the
end of a file is treated this way, and occurs when the requested page is
past the end of the pager. In other words, both the file size and pager
size were used interchangeably.
With ZFS, updates to the pager and file sizes are not synchronized by
the exclusive vnode lock, at least partially due to its use of
MNTK_SHARED_WRITES. In particular, the pager size is updated after the
file size, so in the presence of a writer concurrently extending the
file, sendfile could incorrectly instantiate "holes" in the page cache
pages backing the file, which manifests as data corruption when reading
the file back from the page cache. The on-disk copy is unaffected.
Fix this by consistently using the pager size when available.
Reported by: dumbbell
Reviewed by: chs, kib
Tested by: dumbbell, pho
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28811
2021-02-25 15:04:44 +00:00
|
|
|
if (nobj_size != obj_size) {
|
|
|
|
|
obj_size = nobj_size;
|
|
|
|
|
rem = nbytes ? omin(nbytes + offset, obj_size) :
|
|
|
|
|
obj_size;
|
2017-03-24 16:01:19 +00:00
|
|
|
rem -= off;
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (space > rem)
|
|
|
|
|
space = rem;
|
2019-06-29 00:49:35 +00:00
|
|
|
else if (space > PAGE_SIZE) {
|
|
|
|
|
/*
|
|
|
|
|
* Use page boundaries when possible for large
|
|
|
|
|
* requests.
|
|
|
|
|
*/
|
|
|
|
|
if (off & PAGE_MASK)
|
|
|
|
|
space -= (PAGE_SIZE - (off & PAGE_MASK));
|
|
|
|
|
space = trunc_page(space);
|
|
|
|
|
if (off & PAGE_MASK)
|
|
|
|
|
space += (PAGE_SIZE - (off & PAGE_MASK));
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
npages = howmany(space + (off & PAGE_MASK), PAGE_SIZE);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Calculate maximum allowed number of pages for readahead
|
2016-11-17 21:36:18 +00:00
|
|
|
* at this iteration. If SF_USER_READAHEAD was set, we don't
|
|
|
|
|
* do any heuristics and use exactly the value supplied by
|
|
|
|
|
* application. Otherwise, we allow readahead up to "rem".
|
2016-01-22 02:23:18 +00:00
|
|
|
* If application wants more, let it be, but there is no
|
Make MAXPHYS tunable. Bump MAXPHYS to 1M.
Replace MAXPHYS by runtime variable maxphys. It is initialized from
MAXPHYS by default, but can be also adjusted with the tunable kern.maxphys.
Make b_pages[] array in struct buf flexible. Size b_pages[] for buffer
cache buffers exactly to atop(maxbcachebuf) (currently it is sized to
atop(MAXPHYS)), and b_pages[] for pbufs is sized to atop(maxphys) + 1.
The +1 for pbufs allow several pbuf consumers, among them vmapbuf(),
to use unaligned buffers still sized to maxphys, esp. when such
buffers come from userspace (*). Overall, we save significant amount
of otherwise wasted memory in b_pages[] for buffer cache buffers,
while bumping MAXPHYS to desired high value.
Eliminate all direct uses of the MAXPHYS constant in kernel and driver
sources, except a place which initialize maxphys. Some random (and
arguably weird) uses of MAXPHYS, e.g. in linuxolator, are converted
straight. Some drivers, which use MAXPHYS to size embeded structures,
get private MAXPHYS-like constant; their convertion is out of scope
for this work.
Changes to cam/, dev/ahci, dev/ata, dev/mpr, dev/mpt, dev/mvs,
dev/siis, where either submitted by, or based on changes by mav.
Suggested by: mav (*)
Reviewed by: imp, mav, imp, mckusick, scottl (intermediate versions)
Tested by: pho
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D27225
2020-11-28 12:12:51 +00:00
|
|
|
* reason to go above maxphys. Also check against "obj_size",
|
2016-01-22 02:23:18 +00:00
|
|
|
* since vm_pager_has_page() can hint beyond EOF.
|
|
|
|
|
*/
|
2016-11-17 21:36:18 +00:00
|
|
|
if (flags & SF_USER_READAHEAD) {
|
|
|
|
|
rhpages = SF_READAHEAD(flags);
|
|
|
|
|
} else {
|
|
|
|
|
rhpages = howmany(rem + (off & PAGE_MASK), PAGE_SIZE) -
|
|
|
|
|
npages;
|
|
|
|
|
rhpages += SF_READAHEAD(flags);
|
|
|
|
|
}
|
Make MAXPHYS tunable. Bump MAXPHYS to 1M.
Replace MAXPHYS by runtime variable maxphys. It is initialized from
MAXPHYS by default, but can be also adjusted with the tunable kern.maxphys.
Make b_pages[] array in struct buf flexible. Size b_pages[] for buffer
cache buffers exactly to atop(maxbcachebuf) (currently it is sized to
atop(MAXPHYS)), and b_pages[] for pbufs is sized to atop(maxphys) + 1.
The +1 for pbufs allow several pbuf consumers, among them vmapbuf(),
to use unaligned buffers still sized to maxphys, esp. when such
buffers come from userspace (*). Overall, we save significant amount
of otherwise wasted memory in b_pages[] for buffer cache buffers,
while bumping MAXPHYS to desired high value.
Eliminate all direct uses of the MAXPHYS constant in kernel and driver
sources, except a place which initialize maxphys. Some random (and
arguably weird) uses of MAXPHYS, e.g. in linuxolator, are converted
straight. Some drivers, which use MAXPHYS to size embeded structures,
get private MAXPHYS-like constant; their convertion is out of scope
for this work.
Changes to cam/, dev/ahci, dev/ata, dev/mpr, dev/mpt, dev/mvs,
dev/siis, where either submitted by, or based on changes by mav.
Suggested by: mav (*)
Reviewed by: imp, mav, imp, mckusick, scottl (intermediate versions)
Tested by: pho
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D27225
2020-11-28 12:12:51 +00:00
|
|
|
rhpages = min(howmany(maxphys, PAGE_SIZE), rhpages);
|
2016-01-22 02:23:18 +00:00
|
|
|
rhpages = min(howmany(obj_size - trunc_page(off), PAGE_SIZE) -
|
|
|
|
|
npages, rhpages);
|
|
|
|
|
|
|
|
|
|
sfio = malloc(sizeof(struct sf_io) +
|
2020-03-30 21:50:51 +00:00
|
|
|
npages * sizeof(vm_page_t), M_SENDFILE, M_WAITOK);
|
2016-01-22 02:23:18 +00:00
|
|
|
refcount_init(&sfio->nios, 1);
|
2020-01-19 23:47:32 +00:00
|
|
|
sfio->obj = obj;
|
2016-01-22 02:23:18 +00:00
|
|
|
sfio->error = 0;
|
2020-02-25 19:29:05 +00:00
|
|
|
sfio->m = NULL;
|
2020-12-26 21:07:40 +00:00
|
|
|
sfio->npages = npages;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
/*
|
|
|
|
|
* This doesn't use ktls_hold() because sfio->m will
|
|
|
|
|
* also have a reference on 'tls' that will be valid
|
|
|
|
|
* for all of sfio's lifetime.
|
|
|
|
|
*/
|
|
|
|
|
sfio->tls = tls;
|
|
|
|
|
#endif
|
2020-02-25 19:29:05 +00:00
|
|
|
vm_object_pip_add(obj, 1);
|
2020-12-26 21:07:40 +00:00
|
|
|
error = sendfile_swapin(obj, sfio, &nios, off, space, rhpages,
|
|
|
|
|
flags);
|
2019-07-29 20:50:26 +00:00
|
|
|
if (error != 0) {
|
2019-07-19 18:03:30 +00:00
|
|
|
if (vp != NULL)
|
2020-01-03 22:29:58 +00:00
|
|
|
VOP_UNLOCK(vp);
|
2019-11-06 23:45:43 +00:00
|
|
|
sendfile_iodone(sfio, NULL, 0, error);
|
2019-07-19 18:03:30 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Loop and construct maximum sized mbuf chain to be bulk
|
|
|
|
|
* dumped into socket buffer.
|
|
|
|
|
*/
|
|
|
|
|
pa = sfio->pa;
|
2019-06-29 00:49:35 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Use unmapped mbufs if enabled for TCP. Unmapped
|
|
|
|
|
* bufs are restricted to TCP as that is what has been
|
|
|
|
|
* tested. In particular, unmapped mbufs have not
|
|
|
|
|
* been tested with UNIX-domain sockets.
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
*
|
|
|
|
|
* TLS frames always require unmapped mbufs.
|
2019-06-29 00:49:35 +00:00
|
|
|
*/
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
if ((mb_use_ext_pgs &&
|
|
|
|
|
so->so_proto->pr_protocol == IPPROTO_TCP)
|
|
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
|| tls != NULL
|
|
|
|
|
#endif
|
|
|
|
|
) {
|
2019-06-29 00:49:35 +00:00
|
|
|
use_ext_pgs = true;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
if (tls != NULL)
|
|
|
|
|
max_pgs = num_pages(tls->params.max_frame_len);
|
|
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
max_pgs = MBUF_PEXT_MAX_PGS;
|
2019-06-29 00:49:35 +00:00
|
|
|
|
|
|
|
|
/* Start at last index, to wrap on first use. */
|
|
|
|
|
ext_pgs_idx = max_pgs - 1;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
for (int i = 0; i < npages; i++) {
|
|
|
|
|
/*
|
|
|
|
|
* If a page wasn't grabbed successfully, then
|
|
|
|
|
* trim the array. Can happen only with SF_NODISKIO.
|
|
|
|
|
*/
|
|
|
|
|
if (pa[i] == NULL) {
|
|
|
|
|
SFSTAT_INC(sf_busy);
|
|
|
|
|
fixspace(npages, i, off, &space);
|
2020-12-26 21:07:40 +00:00
|
|
|
sfio->npages = i;
|
2016-01-22 02:23:18 +00:00
|
|
|
softerr = EBUSY;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2020-04-10 01:28:47 +00:00
|
|
|
pga = pa[i];
|
|
|
|
|
if (pga == bogus_page)
|
|
|
|
|
pga = vm_page_relookup(obj, sfio->pindex0 + i);
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2019-06-29 00:49:35 +00:00
|
|
|
if (use_ext_pgs) {
|
|
|
|
|
off_t xfs;
|
|
|
|
|
|
|
|
|
|
ext_pgs_idx++;
|
|
|
|
|
if (ext_pgs_idx == max_pgs) {
|
KTLS: Re-work unmapped mbufs to carry ext_pgs in the mbuf itself.
While the original implementation of unmapped mbufs was a large
step forward in terms of reducing cache misses by enabling mbufs
to carry more than a single page for sendfile, they are rather
cache unfriendly when accessing the ext_pgs metadata and
data. This is because the ext_pgs part of the mbuf is allocated
separately, and almost guaranteed to be cold in cache.
This change takes advantage of the fact that unmapped mbufs
are never used at the same time as pkthdr mbufs. Given this
fact, we can overlap the ext_pgs metadata with the mbuf
pkthdr, and carry the ext_pgs meta directly in the mbuf itself.
Similarly, we can carry the ext_pgs data (TLS hdr/trailer/array
of pages) directly after the existing m_ext.
In order to be able to carry 5 pages (which is the minimum
required for a 16K TLS record which is not perfectly aligned) on
LP64, I've had to steal ext_arg2. The only user of this in the
xmit path is sendfile, and I've adjusted it to use arg1 when
using unmapped mbufs.
This change is almost entirely mechanical, except that we
change mb_alloc_ext_pgs() to no longer allow allocating
pkthdrs, the change to avoid ext_arg2 as mentioned above,
and the removal of the ext_pgs zone,
This change saves roughly 2% "raw" CPU (~59% -> 57%), or over
3% "scaled" CPU on a Netflix 100% software kTLS workload at
90+ Gb/s on Broadwell Xeons.
In a follow-on commit, I plan to remove some hacks to avoid
access ext_pgs fields of mbufs, since they will now be in
cache.
Many thanks to glebius for helping to make this better in
the Netflix tree.
Reviewed by: hselasky, jhb, rrs, glebius (early version)
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D24213
2020-04-14 14:46:06 +00:00
|
|
|
m0 = mb_alloc_ext_pgs(M_WAITOK,
|
2019-06-29 00:49:35 +00:00
|
|
|
sendfile_free_mext_pg);
|
|
|
|
|
|
|
|
|
|
if (flags & SF_NOCACHE) {
|
|
|
|
|
m0->m_ext.ext_flags |=
|
|
|
|
|
EXT_FLAG_NOCACHE;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* See comment below regarding
|
|
|
|
|
* ignoring SF_NOCACHE for the
|
|
|
|
|
* last page.
|
|
|
|
|
*/
|
|
|
|
|
if ((npages - i <= max_pgs) &&
|
|
|
|
|
((off + space) & PAGE_MASK) &&
|
|
|
|
|
(rem > space || rhpages > 0))
|
|
|
|
|
m0->m_ext.ext_flags |=
|
|
|
|
|
EXT_FLAG_CACHE_LAST;
|
|
|
|
|
}
|
|
|
|
|
if (sfs != NULL) {
|
|
|
|
|
m0->m_ext.ext_flags |=
|
|
|
|
|
EXT_FLAG_SYNC;
|
2020-05-03 00:37:16 +00:00
|
|
|
m0->m_ext.ext_arg1 = sfs;
|
2019-06-29 00:49:35 +00:00
|
|
|
mtx_lock(&sfs->mtx);
|
|
|
|
|
sfs->count++;
|
|
|
|
|
mtx_unlock(&sfs->mtx);
|
|
|
|
|
}
|
|
|
|
|
ext_pgs_idx = 0;
|
|
|
|
|
|
|
|
|
|
/* Append to mbuf chain. */
|
|
|
|
|
if (mtail != NULL)
|
|
|
|
|
mtail->m_next = m0;
|
|
|
|
|
else
|
|
|
|
|
m = m0;
|
|
|
|
|
mtail = m0;
|
2020-05-03 00:12:56 +00:00
|
|
|
m0->m_epg_1st_off =
|
2019-06-29 00:49:35 +00:00
|
|
|
vmoff(i, off) & PAGE_MASK;
|
|
|
|
|
}
|
|
|
|
|
if (nios) {
|
|
|
|
|
mtail->m_flags |= M_NOTREADY;
|
2020-05-03 00:12:56 +00:00
|
|
|
m0->m_epg_nrdy++;
|
2019-06-29 00:49:35 +00:00
|
|
|
}
|
|
|
|
|
|
2020-05-02 22:39:26 +00:00
|
|
|
m0->m_epg_pa[ext_pgs_idx] = VM_PAGE_TO_PHYS(pga);
|
2020-05-03 00:12:56 +00:00
|
|
|
m0->m_epg_npgs++;
|
2019-06-29 00:49:35 +00:00
|
|
|
xfs = xfsize(i, npages, off, space);
|
2020-05-03 00:12:56 +00:00
|
|
|
m0->m_epg_last_len = xfs;
|
2020-05-02 22:39:26 +00:00
|
|
|
MBUF_EXT_PGS_ASSERT_SANITY(m0);
|
2019-06-29 00:49:35 +00:00
|
|
|
mtail->m_len += xfs;
|
|
|
|
|
mtail->m_ext.ext_size += PAGE_SIZE;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* Get a sendfile buf. When allocating the
|
|
|
|
|
* first buffer for mbuf chain, we usually
|
|
|
|
|
* wait as long as necessary, but this wait
|
|
|
|
|
* can be interrupted. For consequent
|
|
|
|
|
* buffers, do not sleep, since several
|
|
|
|
|
* threads might exhaust the buffers and then
|
|
|
|
|
* deadlock.
|
|
|
|
|
*/
|
2020-04-10 01:28:47 +00:00
|
|
|
sf = sf_buf_alloc(pga,
|
2016-01-22 02:23:18 +00:00
|
|
|
m != NULL ? SFB_NOWAIT : SFB_CATCH);
|
|
|
|
|
if (sf == NULL) {
|
|
|
|
|
SFSTAT_INC(sf_allocfail);
|
2020-03-30 21:57:28 +00:00
|
|
|
sendfile_iowait(sfio, "sfnosf");
|
2020-12-26 21:07:40 +00:00
|
|
|
for (int j = i; j < npages; j++) {
|
2016-01-22 02:23:18 +00:00
|
|
|
vm_page_unwire(pa[j], PQ_INACTIVE);
|
2020-12-26 21:07:40 +00:00
|
|
|
pa[j] = NULL;
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
if (m == NULL)
|
|
|
|
|
softerr = ENOBUFS;
|
|
|
|
|
fixspace(npages, i, off, &space);
|
2020-12-26 21:07:40 +00:00
|
|
|
sfio->npages = i;
|
2016-01-22 02:23:18 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m0 = m_get(M_WAITOK, MT_DATA);
|
|
|
|
|
m0->m_ext.ext_buf = (char *)sf_buf_kva(sf);
|
|
|
|
|
m0->m_ext.ext_size = PAGE_SIZE;
|
|
|
|
|
m0->m_ext.ext_arg1 = sf;
|
2017-10-09 21:06:16 +00:00
|
|
|
m0->m_ext.ext_type = EXT_SFBUF;
|
|
|
|
|
m0->m_ext.ext_flags = EXT_FLAG_EMBREF;
|
|
|
|
|
m0->m_ext.ext_free = sendfile_free_mext;
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* SF_NOCACHE sets the page as being freed upon send.
|
|
|
|
|
* However, we ignore it for the last page in 'space',
|
|
|
|
|
* if the page is truncated, and we got more data to
|
|
|
|
|
* send (rem > space), or if we have readahead
|
|
|
|
|
* configured (rhpages > 0).
|
|
|
|
|
*/
|
2017-10-09 21:06:16 +00:00
|
|
|
if ((flags & SF_NOCACHE) &&
|
|
|
|
|
(i != npages - 1 ||
|
|
|
|
|
!((off + space) & PAGE_MASK) ||
|
|
|
|
|
!(rem > space || rhpages > 0)))
|
|
|
|
|
m0->m_ext.ext_flags |= EXT_FLAG_NOCACHE;
|
|
|
|
|
if (sfs != NULL) {
|
|
|
|
|
m0->m_ext.ext_flags |= EXT_FLAG_SYNC;
|
|
|
|
|
m0->m_ext.ext_arg2 = sfs;
|
|
|
|
|
mtx_lock(&sfs->mtx);
|
|
|
|
|
sfs->count++;
|
|
|
|
|
mtx_unlock(&sfs->mtx);
|
|
|
|
|
}
|
2016-03-01 00:17:14 +00:00
|
|
|
m0->m_ext.ext_count = 1;
|
2016-01-22 02:23:18 +00:00
|
|
|
m0->m_flags |= (M_EXT | M_RDONLY);
|
|
|
|
|
if (nios)
|
|
|
|
|
m0->m_flags |= M_NOTREADY;
|
|
|
|
|
m0->m_data = (char *)sf_buf_kva(sf) +
|
|
|
|
|
(vmoff(i, off) & PAGE_MASK);
|
|
|
|
|
m0->m_len = xfsize(i, npages, off, space);
|
|
|
|
|
|
|
|
|
|
/* Append to mbuf chain. */
|
|
|
|
|
if (mtail != NULL)
|
|
|
|
|
mtail->m_next = m0;
|
|
|
|
|
else
|
|
|
|
|
m = m0;
|
|
|
|
|
mtail = m0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (vp != NULL)
|
2020-01-03 22:29:58 +00:00
|
|
|
VOP_UNLOCK(vp);
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
/* Keep track of bytes processed. */
|
|
|
|
|
off += space;
|
|
|
|
|
rem -= space;
|
|
|
|
|
|
2020-02-25 19:29:05 +00:00
|
|
|
/*
|
|
|
|
|
* Prepend header, if any. Save pointer to first mbuf
|
|
|
|
|
* with a page.
|
|
|
|
|
*/
|
2016-01-22 02:23:18 +00:00
|
|
|
if (hdrlen) {
|
Fix regression from r297400, which truncates headers in case of low socket
buffer and put a small optimization for low socket buffer case:
- Do not hack uio_resid, and let m_uiotombuf() properly take care of it. This
fixes truncation of headers at low buffer.
- If headers ate all the space, jump right to the end of the cycle, to
avoid doing single page I/O and allocating zero length mbuf.
- Clear hdr_uio only if space is positive, which indicates that all uio
was copied in.
Reviewed by: pluknet, jtl, emax, rrs, lstewart, emax, gallatin, scottl
2016-09-22 20:34:44 +00:00
|
|
|
prepend_header:
|
2020-02-25 19:29:05 +00:00
|
|
|
m0 = mhtail->m_next = m;
|
2016-01-22 02:23:18 +00:00
|
|
|
m = mh;
|
|
|
|
|
mh = NULL;
|
2020-02-25 19:29:05 +00:00
|
|
|
} else
|
|
|
|
|
m0 = m;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
if (m == NULL) {
|
|
|
|
|
KASSERT(softerr, ("%s: m NULL, no error", __func__));
|
|
|
|
|
error = softerr;
|
2020-02-25 19:29:05 +00:00
|
|
|
sendfile_iodone(sfio, NULL, 0, 0);
|
2016-01-22 02:23:18 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Add the buffer chain to the socket buffer. */
|
|
|
|
|
KASSERT(m_length(m, NULL) == space + hdrlen,
|
|
|
|
|
("%s: mlen %u space %d hdrlen %d",
|
|
|
|
|
__func__, m_length(m, NULL), space, hdrlen));
|
|
|
|
|
|
|
|
|
|
CURVNET_SET(so->so_vnet);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
2020-02-25 19:26:40 +00:00
|
|
|
if (tls != NULL)
|
|
|
|
|
ktls_frame(m, tls, &tls_enq_cnt, TLS_RLTYPE_APP);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
if (nios == 0) {
|
|
|
|
|
/*
|
|
|
|
|
* If sendfile_swapin() didn't initiate any I/Os,
|
2020-02-25 19:29:05 +00:00
|
|
|
* which happens if all data is cached in VM, or if
|
|
|
|
|
* the header consumed all socket buffer space and
|
|
|
|
|
* sfio is NULL, then we can send data right now
|
|
|
|
|
* without the PRUS_NOTREADY flag.
|
2016-01-22 02:23:18 +00:00
|
|
|
*/
|
2020-02-25 19:29:05 +00:00
|
|
|
if (sfio != NULL)
|
|
|
|
|
sendfile_iodone(sfio, NULL, 0, 0);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
2019-10-08 21:34:06 +00:00
|
|
|
if (tls != NULL && tls->mode == TCP_TLS_MODE_SW) {
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
error = (*so->so_proto->pr_usrreqs->pru_send)
|
|
|
|
|
(so, PRUS_NOTREADY, m, NULL, NULL, td);
|
Fix handling of errors from pru_send(PRUS_NOTREADY)
PRUS_NOTREADY indicates that the caller has not yet populated the chain
with data, and so it is not ready for transmission. This is used by
sendfile (for async I/O) and KTLS (for encryption). In particular, if
pru_send returns an error, the caller is responsible for freeing the
chain since other implicit references to the data buffers exist.
For async sendfile, it happens that an error will only be returned if
the connection was dropped, in which case tcp_usr_ready() will handle
freeing the chain. But since KTLS can be used in conjunction with the
regular socket I/O system calls, many more error cases - which do not
result in the connection being dropped - are reachable. In these cases,
KTLS was effectively assuming success.
So:
- Change sosend_generic() to free the mbuf chain if
pru_send(PRUS_NOTREADY) fails. Nothing else owns a reference to the
chain at that point.
- Similarly, in vn_sendfile() change the !async I/O && KTLS case to free
the chain.
- If async I/O is still outstanding when pru_send fails in
vn_sendfile(), set an error in the sfio structure so that the
connection is aborted and the mbuf chain is freed.
Reviewed by: gallatin, tuexen
Discussed with: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30349
2021-05-21 21:44:46 +00:00
|
|
|
if (error != 0) {
|
|
|
|
|
m_freem(m);
|
|
|
|
|
} else {
|
|
|
|
|
soref(so);
|
|
|
|
|
ktls_enqueue(m, so, tls_enq_cnt);
|
|
|
|
|
}
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
} else
|
|
|
|
|
#endif
|
|
|
|
|
error = (*so->so_proto->pr_usrreqs->pru_send)
|
|
|
|
|
(so, 0, m, NULL, NULL, td);
|
2016-01-22 02:23:18 +00:00
|
|
|
} else {
|
2020-02-25 19:29:05 +00:00
|
|
|
sfio->so = so;
|
|
|
|
|
sfio->m = m0;
|
2017-09-13 22:11:05 +00:00
|
|
|
soref(so);
|
2016-01-22 02:23:18 +00:00
|
|
|
error = (*so->so_proto->pr_usrreqs->pru_send)
|
|
|
|
|
(so, PRUS_NOTREADY, m, NULL, NULL, td);
|
Fix handling of errors from pru_send(PRUS_NOTREADY)
PRUS_NOTREADY indicates that the caller has not yet populated the chain
with data, and so it is not ready for transmission. This is used by
sendfile (for async I/O) and KTLS (for encryption). In particular, if
pru_send returns an error, the caller is responsible for freeing the
chain since other implicit references to the data buffers exist.
For async sendfile, it happens that an error will only be returned if
the connection was dropped, in which case tcp_usr_ready() will handle
freeing the chain. But since KTLS can be used in conjunction with the
regular socket I/O system calls, many more error cases - which do not
result in the connection being dropped - are reachable. In these cases,
KTLS was effectively assuming success.
So:
- Change sosend_generic() to free the mbuf chain if
pru_send(PRUS_NOTREADY) fails. Nothing else owns a reference to the
chain at that point.
- Similarly, in vn_sendfile() change the !async I/O && KTLS case to free
the chain.
- If async I/O is still outstanding when pru_send fails in
vn_sendfile(), set an error in the sfio structure so that the
connection is aborted and the mbuf chain is freed.
Reviewed by: gallatin, tuexen
Discussed with: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30349
2021-05-21 21:44:46 +00:00
|
|
|
sendfile_iodone(sfio, NULL, 0, error);
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
CURVNET_RESTORE();
|
|
|
|
|
|
Fix handling of errors from pru_send(PRUS_NOTREADY)
PRUS_NOTREADY indicates that the caller has not yet populated the chain
with data, and so it is not ready for transmission. This is used by
sendfile (for async I/O) and KTLS (for encryption). In particular, if
pru_send returns an error, the caller is responsible for freeing the
chain since other implicit references to the data buffers exist.
For async sendfile, it happens that an error will only be returned if
the connection was dropped, in which case tcp_usr_ready() will handle
freeing the chain. But since KTLS can be used in conjunction with the
regular socket I/O system calls, many more error cases - which do not
result in the connection being dropped - are reachable. In these cases,
KTLS was effectively assuming success.
So:
- Change sosend_generic() to free the mbuf chain if
pru_send(PRUS_NOTREADY) fails. Nothing else owns a reference to the
chain at that point.
- Similarly, in vn_sendfile() change the !async I/O && KTLS case to free
the chain.
- If async I/O is still outstanding when pru_send fails in
vn_sendfile(), set an error in the sfio structure so that the
connection is aborted and the mbuf chain is freed.
Reviewed by: gallatin, tuexen
Discussed with: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D30349
2021-05-21 21:44:46 +00:00
|
|
|
m = NULL;
|
2016-01-22 02:23:18 +00:00
|
|
|
if (error)
|
|
|
|
|
goto done;
|
|
|
|
|
sbytes += space + hdrlen;
|
|
|
|
|
if (hdrlen)
|
|
|
|
|
hdrlen = 0;
|
|
|
|
|
if (softerr) {
|
|
|
|
|
error = softerr;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Send trailers. Wimp out and use writev(2).
|
|
|
|
|
*/
|
|
|
|
|
if (trl_uio != NULL) {
|
2021-09-07 18:49:31 +00:00
|
|
|
SOCK_IO_SEND_UNLOCK(so);
|
2016-01-22 02:23:18 +00:00
|
|
|
error = kern_writev(td, sockfd, trl_uio);
|
|
|
|
|
if (error == 0)
|
|
|
|
|
sbytes += td->td_retval[0];
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
done:
|
2021-09-07 18:49:31 +00:00
|
|
|
SOCK_IO_SEND_UNLOCK(so);
|
2016-01-22 02:23:18 +00:00
|
|
|
out:
|
|
|
|
|
/*
|
|
|
|
|
* If there was no error we have to clear td->td_retval[0]
|
|
|
|
|
* because it may have been set by writev.
|
|
|
|
|
*/
|
|
|
|
|
if (error == 0) {
|
|
|
|
|
td->td_retval[0] = 0;
|
|
|
|
|
}
|
|
|
|
|
if (sent != NULL) {
|
|
|
|
|
(*sent) = sbytes;
|
|
|
|
|
}
|
|
|
|
|
if (obj != NULL)
|
|
|
|
|
vm_object_deallocate(obj);
|
|
|
|
|
if (so)
|
|
|
|
|
fdrop(sock_fp, td);
|
|
|
|
|
if (m)
|
|
|
|
|
m_freem(m);
|
|
|
|
|
if (mh)
|
|
|
|
|
m_freem(mh);
|
|
|
|
|
|
|
|
|
|
if (sfs != NULL) {
|
|
|
|
|
mtx_lock(&sfs->mtx);
|
|
|
|
|
if (sfs->count != 0)
|
2020-04-28 15:02:44 +00:00
|
|
|
error = cv_wait_sig(&sfs->cv, &sfs->mtx);
|
|
|
|
|
if (sfs->count == 0) {
|
|
|
|
|
sendfile_sync_destroy(sfs);
|
|
|
|
|
} else {
|
|
|
|
|
sfs->waiting = false;
|
|
|
|
|
mtx_unlock(&sfs->mtx);
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
if (tls != NULL)
|
|
|
|
|
ktls_free(tls);
|
|
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
if (error == ERESTART)
|
|
|
|
|
error = EINTR;
|
|
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sendfile(struct thread *td, struct sendfile_args *uap, int compat)
|
|
|
|
|
{
|
|
|
|
|
struct sf_hdtr hdtr;
|
|
|
|
|
struct uio *hdr_uio, *trl_uio;
|
|
|
|
|
struct file *fp;
|
|
|
|
|
off_t sbytes;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* File offset must be positive. If it goes beyond EOF
|
|
|
|
|
* we send only the header/trailer and no payload data.
|
|
|
|
|
*/
|
|
|
|
|
if (uap->offset < 0)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
2017-08-09 17:48:38 +00:00
|
|
|
sbytes = 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
hdr_uio = trl_uio = NULL;
|
|
|
|
|
|
|
|
|
|
if (uap->hdtr != NULL) {
|
|
|
|
|
error = copyin(uap->hdtr, &hdtr, sizeof(hdtr));
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
if (hdtr.headers != NULL) {
|
|
|
|
|
error = copyinuio(hdtr.headers, hdtr.hdr_cnt,
|
|
|
|
|
&hdr_uio);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
#ifdef COMPAT_FREEBSD4
|
|
|
|
|
/*
|
|
|
|
|
* In FreeBSD < 5.0 the nbytes to send also included
|
|
|
|
|
* the header. If compat is specified subtract the
|
|
|
|
|
* header size from nbytes.
|
|
|
|
|
*/
|
|
|
|
|
if (compat) {
|
|
|
|
|
if (uap->nbytes > hdr_uio->uio_resid)
|
|
|
|
|
uap->nbytes -= hdr_uio->uio_resid;
|
|
|
|
|
else
|
|
|
|
|
uap->nbytes = 0;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
if (hdtr.trailers != NULL) {
|
|
|
|
|
error = copyinuio(hdtr.trailers, hdtr.trl_cnt,
|
|
|
|
|
&trl_uio);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
AUDIT_ARG_FD(uap->fd);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* sendfile(2) can start at any offset within a file so we require
|
|
|
|
|
* CAP_READ+CAP_SEEK = CAP_PREAD.
|
|
|
|
|
*/
|
2018-05-09 18:47:24 +00:00
|
|
|
if ((error = fget_read(td, uap->fd, &cap_pread_rights, &fp)) != 0)
|
2016-01-22 02:23:18 +00:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
error = fo_sendfile(fp, uap->s, hdr_uio, trl_uio, uap->offset,
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
uap->nbytes, &sbytes, uap->flags, td);
|
2016-01-22 02:23:18 +00:00
|
|
|
fdrop(fp, td);
|
|
|
|
|
|
|
|
|
|
if (uap->sbytes != NULL)
|
|
|
|
|
copyout(&sbytes, uap->sbytes, sizeof(off_t));
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
free(hdr_uio, M_IOV);
|
|
|
|
|
free(trl_uio, M_IOV);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* sendfile(2)
|
|
|
|
|
*
|
|
|
|
|
* int sendfile(int fd, int s, off_t offset, size_t nbytes,
|
|
|
|
|
* struct sf_hdtr *hdtr, off_t *sbytes, int flags)
|
|
|
|
|
*
|
|
|
|
|
* Send a file specified by 'fd' and starting at 'offset' to a socket
|
|
|
|
|
* specified by 's'. Send only 'nbytes' of the file or until EOF if nbytes ==
|
|
|
|
|
* 0. Optionally add a header and/or trailer to the socket output. If
|
|
|
|
|
* specified, write the total number of bytes sent into *sbytes.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
sys_sendfile(struct thread *td, struct sendfile_args *uap)
|
|
|
|
|
{
|
2020-09-01 22:12:32 +00:00
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
return (sendfile(td, uap, 0));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef COMPAT_FREEBSD4
|
|
|
|
|
int
|
|
|
|
|
freebsd4_sendfile(struct thread *td, struct freebsd4_sendfile_args *uap)
|
|
|
|
|
{
|
|
|
|
|
struct sendfile_args args;
|
|
|
|
|
|
|
|
|
|
args.fd = uap->fd;
|
|
|
|
|
args.s = uap->s;
|
|
|
|
|
args.offset = uap->offset;
|
|
|
|
|
args.nbytes = uap->nbytes;
|
|
|
|
|
args.hdtr = uap->hdtr;
|
|
|
|
|
args.sbytes = uap->sbytes;
|
|
|
|
|
args.flags = uap->flags;
|
|
|
|
|
|
|
|
|
|
return (sendfile(td, &args, 1));
|
|
|
|
|
}
|
|
|
|
|
#endif /* COMPAT_FREEBSD4 */
|
