2016-01-22 02:23:18 +00:00
|
|
|
/*-
|
|
|
|
|
* Copyright (c) 2013-2015 Gleb Smirnoff <glebius@FreeBSD.org>
|
|
|
|
|
* Copyright (c) 1998, David Greenman. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2016-09-15 13:16:20 +00:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
2016-01-22 02:23:18 +00:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#include "opt_kern_tls.h"
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/systm.h>
|
|
|
|
|
#include <sys/capsicum.h>
|
|
|
|
|
#include <sys/kernel.h>
|
2019-06-29 00:49:35 +00:00
|
|
|
#include <netinet/in.h>
|
2016-01-22 02:23:18 +00:00
|
|
|
#include <sys/lock.h>
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#include <sys/ktls.h>
|
2016-01-22 02:23:18 +00:00
|
|
|
#include <sys/mutex.h>
|
|
|
|
|
#include <sys/sysproto.h>
|
|
|
|
|
#include <sys/malloc.h>
|
|
|
|
|
#include <sys/proc.h>
|
|
|
|
|
#include <sys/mman.h>
|
|
|
|
|
#include <sys/mount.h>
|
|
|
|
|
#include <sys/mbuf.h>
|
|
|
|
|
#include <sys/protosw.h>
|
|
|
|
|
#include <sys/rwlock.h>
|
|
|
|
|
#include <sys/sf_buf.h>
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <sys/socketvar.h>
|
|
|
|
|
#include <sys/syscallsubr.h>
|
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
|
#include <sys/vnode.h>
|
|
|
|
|
|
|
|
|
|
#include <net/vnet.h>
|
2019-10-08 21:34:06 +00:00
|
|
|
#include <netinet/tcp.h>
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
#include <security/audit/audit.h>
|
|
|
|
|
#include <security/mac/mac_framework.h>
|
|
|
|
|
|
|
|
|
|
#include <vm/vm.h>
|
|
|
|
|
#include <vm/vm_object.h>
|
|
|
|
|
#include <vm/vm_pager.h>
|
|
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
#define EXT_FLAG_SYNC EXT_FLAG_VENDOR1
|
|
|
|
|
#define EXT_FLAG_NOCACHE EXT_FLAG_VENDOR2
|
2019-06-29 00:49:35 +00:00
|
|
|
#define EXT_FLAG_CACHE_LAST EXT_FLAG_VENDOR3
|
2017-10-09 21:06:16 +00:00
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* Structure describing a single sendfile(2) I/O, which may consist of
|
|
|
|
|
* several underlying pager I/Os.
|
|
|
|
|
*
|
|
|
|
|
* The syscall context allocates the structure and initializes 'nios'
|
|
|
|
|
* to 1. As sendfile_swapin() runs through pages and starts asynchronous
|
|
|
|
|
* paging operations, it increments 'nios'.
|
|
|
|
|
*
|
|
|
|
|
* Every I/O completion calls sendfile_iodone(), which decrements the 'nios',
|
|
|
|
|
* and the syscall also calls sendfile_iodone() after allocating all mbufs,
|
|
|
|
|
* linking them and sending to socket. Whoever reaches zero 'nios' is
|
|
|
|
|
* responsible to * call pru_ready on the socket, to notify it of readyness
|
|
|
|
|
* of the data.
|
|
|
|
|
*/
|
|
|
|
|
struct sf_io {
|
|
|
|
|
volatile u_int nios;
|
|
|
|
|
u_int error;
|
|
|
|
|
int npages;
|
2017-09-13 22:11:05 +00:00
|
|
|
struct socket *so;
|
2016-01-22 02:23:18 +00:00
|
|
|
struct mbuf *m;
|
2019-08-27 22:21:18 +00:00
|
|
|
#ifdef KERN_TLS
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
struct ktls_session *tls;
|
2019-08-27 22:21:18 +00:00
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
vm_page_t pa[];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Structure used to track requests with SF_SYNC flag.
|
|
|
|
|
*/
|
|
|
|
|
struct sendfile_sync {
|
|
|
|
|
struct mtx mtx;
|
|
|
|
|
struct cv cv;
|
|
|
|
|
unsigned count;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)];
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
sfstat_init(const void *unused)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) / sizeof(uint64_t),
|
|
|
|
|
M_WAITOK);
|
|
|
|
|
}
|
|
|
|
|
SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL);
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sfstat_sysctl(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
struct sfstat s;
|
|
|
|
|
|
|
|
|
|
COUNTER_ARRAY_COPY(sfstat, &s, sizeof(s) / sizeof(uint64_t));
|
|
|
|
|
if (req->newptr)
|
|
|
|
|
COUNTER_ARRAY_ZERO(sfstat, sizeof(s) / sizeof(uint64_t));
|
|
|
|
|
return (SYSCTL_OUT(req, &s, sizeof(s)));
|
|
|
|
|
}
|
|
|
|
|
SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE | CTLFLAG_RW,
|
|
|
|
|
NULL, 0, sfstat_sysctl, "I", "sendfile statistics");
|
|
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
static void
|
|
|
|
|
sendfile_free_mext(struct mbuf *m)
|
2016-01-22 02:23:18 +00:00
|
|
|
{
|
2017-10-09 21:06:16 +00:00
|
|
|
struct sf_buf *sf;
|
|
|
|
|
vm_page_t pg;
|
2019-07-29 22:01:28 +00:00
|
|
|
int flags;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
KASSERT(m->m_flags & M_EXT && m->m_ext.ext_type == EXT_SFBUF,
|
|
|
|
|
("%s: m %p !M_EXT or !EXT_SFBUF", __func__, m));
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
sf = m->m_ext.ext_arg1;
|
|
|
|
|
pg = sf_buf_page(sf);
|
2019-07-29 22:01:28 +00:00
|
|
|
flags = (m->m_ext.ext_flags & EXT_FLAG_NOCACHE) != 0 ? VPR_TRYFREE : 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2017-10-09 21:06:16 +00:00
|
|
|
sf_buf_free(sf);
|
2019-07-29 22:01:28 +00:00
|
|
|
vm_page_release(pg, flags);
|
2017-10-09 21:06:16 +00:00
|
|
|
|
|
|
|
|
if (m->m_ext.ext_flags & EXT_FLAG_SYNC) {
|
|
|
|
|
struct sendfile_sync *sfs = m->m_ext.ext_arg2;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
mtx_lock(&sfs->mtx);
|
|
|
|
|
KASSERT(sfs->count > 0, ("Sendfile sync botchup count == 0"));
|
|
|
|
|
if (--sfs->count == 0)
|
|
|
|
|
cv_signal(&sfs->cv);
|
|
|
|
|
mtx_unlock(&sfs->mtx);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-29 00:49:35 +00:00
|
|
|
static void
|
|
|
|
|
sendfile_free_mext_pg(struct mbuf *m)
|
|
|
|
|
{
|
|
|
|
|
struct mbuf_ext_pgs *ext_pgs;
|
|
|
|
|
vm_page_t pg;
|
2019-07-29 22:01:28 +00:00
|
|
|
int flags, i;
|
|
|
|
|
bool cache_last;
|
2019-06-29 00:49:35 +00:00
|
|
|
|
|
|
|
|
KASSERT(m->m_flags & M_EXT && m->m_ext.ext_type == EXT_PGS,
|
|
|
|
|
("%s: m %p !M_EXT or !EXT_PGS", __func__, m));
|
|
|
|
|
|
|
|
|
|
cache_last = m->m_ext.ext_flags & EXT_FLAG_CACHE_LAST;
|
|
|
|
|
ext_pgs = m->m_ext.ext_pgs;
|
2019-07-29 22:01:28 +00:00
|
|
|
flags = (m->m_ext.ext_flags & EXT_FLAG_NOCACHE) != 0 ? VPR_TRYFREE : 0;
|
2019-06-29 00:49:35 +00:00
|
|
|
|
|
|
|
|
for (i = 0; i < ext_pgs->npgs; i++) {
|
|
|
|
|
if (cache_last && i == ext_pgs->npgs - 1)
|
2019-07-29 22:01:28 +00:00
|
|
|
flags = 0;
|
2019-06-29 00:49:35 +00:00
|
|
|
pg = PHYS_TO_VM_PAGE(ext_pgs->pa[i]);
|
2019-07-29 22:01:28 +00:00
|
|
|
vm_page_release(pg, flags);
|
2019-06-29 00:49:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (m->m_ext.ext_flags & EXT_FLAG_SYNC) {
|
|
|
|
|
struct sendfile_sync *sfs = m->m_ext.ext_arg2;
|
|
|
|
|
|
|
|
|
|
mtx_lock(&sfs->mtx);
|
|
|
|
|
KASSERT(sfs->count > 0, ("Sendfile sync botchup count == 0"));
|
|
|
|
|
if (--sfs->count == 0)
|
|
|
|
|
cv_signal(&sfs->cv);
|
|
|
|
|
mtx_unlock(&sfs->mtx);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* Helper function to calculate how much data to put into page i of n.
|
|
|
|
|
* Only first and last pages are special.
|
|
|
|
|
*/
|
|
|
|
|
static inline off_t
|
|
|
|
|
xfsize(int i, int n, off_t off, off_t len)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (i == 0)
|
|
|
|
|
return (omin(PAGE_SIZE - (off & PAGE_MASK), len));
|
|
|
|
|
|
|
|
|
|
if (i == n - 1 && ((off + len) & PAGE_MASK) > 0)
|
|
|
|
|
return ((off + len) & PAGE_MASK);
|
|
|
|
|
|
|
|
|
|
return (PAGE_SIZE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Helper function to get offset within object for i page.
|
|
|
|
|
*/
|
2017-06-03 16:19:33 +00:00
|
|
|
static inline vm_ooffset_t
|
2016-01-22 02:23:18 +00:00
|
|
|
vmoff(int i, off_t off)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (i == 0)
|
2017-06-03 16:19:33 +00:00
|
|
|
return ((vm_ooffset_t)off);
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
return (trunc_page(off + i * PAGE_SIZE));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Helper function used when allocation of a page or sf_buf failed.
|
|
|
|
|
* Pretend as if we don't have enough space, subtract xfsize() of
|
|
|
|
|
* all pages that failed.
|
|
|
|
|
*/
|
|
|
|
|
static inline void
|
|
|
|
|
fixspace(int old, int new, off_t off, int *space)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
KASSERT(old > new, ("%s: old %d new %d", __func__, old, new));
|
|
|
|
|
|
|
|
|
|
/* Subtract last one. */
|
|
|
|
|
*space -= xfsize(old - 1, old, off, *space);
|
|
|
|
|
old--;
|
|
|
|
|
|
|
|
|
|
if (new == old)
|
|
|
|
|
/* There was only one page. */
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* Subtract first one. */
|
|
|
|
|
if (new == 0) {
|
|
|
|
|
*space -= xfsize(0, old, off, *space);
|
|
|
|
|
new++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Rest of pages are full sized. */
|
|
|
|
|
*space -= (old - new) * PAGE_SIZE;
|
|
|
|
|
|
|
|
|
|
KASSERT(*space >= 0, ("%s: space went backwards", __func__));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* I/O completion callback.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
sendfile_iodone(void *arg, vm_page_t *pg, int count, int error)
|
|
|
|
|
{
|
|
|
|
|
struct sf_io *sfio = arg;
|
2017-09-13 22:11:05 +00:00
|
|
|
struct socket *so = sfio->so;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
for (int i = 0; i < count; i++)
|
2016-11-17 21:02:55 +00:00
|
|
|
if (pg[i] != bogus_page)
|
2019-11-24 19:12:23 +00:00
|
|
|
vm_page_xunbusy_unchecked(pg[i]);
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
if (error)
|
|
|
|
|
sfio->error = error;
|
|
|
|
|
|
|
|
|
|
if (!refcount_release(&sfio->nios))
|
|
|
|
|
return;
|
|
|
|
|
|
2019-11-06 23:45:43 +00:00
|
|
|
if (__predict_false(sfio->error && sfio->m == NULL)) {
|
|
|
|
|
/*
|
|
|
|
|
* I/O operation failed, but pru_send hadn't been executed -
|
|
|
|
|
* nothing had been sent to the socket. The syscall has
|
|
|
|
|
* returned error to the user.
|
|
|
|
|
*/
|
|
|
|
|
free(sfio, M_TEMP);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-27 22:21:18 +00:00
|
|
|
#if defined(KERN_TLS) && defined(INVARIANTS)
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
if ((sfio->m->m_flags & M_EXT) != 0 &&
|
|
|
|
|
sfio->m->m_ext.ext_type == EXT_PGS)
|
|
|
|
|
KASSERT(sfio->tls == sfio->m->m_ext.ext_pgs->tls,
|
|
|
|
|
("TLS session mismatch"));
|
|
|
|
|
else
|
|
|
|
|
KASSERT(sfio->tls == NULL,
|
|
|
|
|
("non-ext_pgs mbuf with TLS session"));
|
|
|
|
|
#endif
|
2018-01-05 20:21:46 +00:00
|
|
|
CURVNET_SET(so->so_vnet);
|
2019-11-06 23:45:43 +00:00
|
|
|
if (__predict_false(sfio->error)) {
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* I/O operation failed. The state of data in the socket
|
|
|
|
|
* is now inconsistent, and all what we can do is to tear
|
|
|
|
|
* it down. Protocol abort method would tear down protocol
|
|
|
|
|
* state, free all ready mbufs and detach not ready ones.
|
|
|
|
|
* We will free the mbufs corresponding to this I/O manually.
|
|
|
|
|
*
|
|
|
|
|
* The socket would be marked with EIO and made available
|
|
|
|
|
* for read, so that application receives EIO on next
|
|
|
|
|
* syscall and eventually closes the socket.
|
|
|
|
|
*/
|
|
|
|
|
so->so_proto->pr_usrreqs->pru_abort(so);
|
|
|
|
|
so->so_error = EIO;
|
|
|
|
|
|
2019-06-29 00:49:35 +00:00
|
|
|
mb_free_notready(sfio->m, sfio->npages);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
2019-10-08 21:34:06 +00:00
|
|
|
} else if (sfio->tls != NULL && sfio->tls->mode == TCP_TLS_MODE_SW) {
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
/*
|
|
|
|
|
* I/O operation is complete, but we still need to
|
|
|
|
|
* encrypt. We cannot do this in the interrupt thread
|
|
|
|
|
* of the disk controller, so forward the mbufs to a
|
|
|
|
|
* different thread.
|
|
|
|
|
*
|
|
|
|
|
* Donate the socket reference from sfio to rather
|
|
|
|
|
* than explicitly invoking soref().
|
|
|
|
|
*/
|
|
|
|
|
ktls_enqueue(sfio->m, so, sfio->npages);
|
|
|
|
|
goto out_with_ref;
|
|
|
|
|
#endif
|
2018-01-05 20:21:46 +00:00
|
|
|
} else
|
2019-06-11 22:06:05 +00:00
|
|
|
(void)(so->so_proto->pr_usrreqs->pru_ready)(so, sfio->m,
|
2016-01-22 02:23:18 +00:00
|
|
|
sfio->npages);
|
|
|
|
|
|
2017-09-13 22:11:05 +00:00
|
|
|
SOCK_LOCK(so);
|
|
|
|
|
sorele(so);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
out_with_ref:
|
|
|
|
|
#endif
|
2018-01-05 20:21:46 +00:00
|
|
|
CURVNET_RESTORE();
|
2016-01-22 02:23:18 +00:00
|
|
|
free(sfio, M_TEMP);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Iterate through pages vector and request paging for non-valid pages.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2019-07-19 18:03:30 +00:00
|
|
|
sendfile_swapin(vm_object_t obj, struct sf_io *sfio, int *nios, off_t off,
|
|
|
|
|
off_t len, int npages, int rhpages, int flags)
|
2016-01-22 02:23:18 +00:00
|
|
|
{
|
|
|
|
|
vm_page_t *pa = sfio->pa;
|
2019-07-19 18:03:30 +00:00
|
|
|
int grabbed;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
2019-07-19 18:03:30 +00:00
|
|
|
*nios = 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
flags = (flags & SF_NODISKIO) ? VM_ALLOC_NOWAIT : 0;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* First grab all the pages and wire them. Note that we grab
|
|
|
|
|
* only required pages. Readahead pages are dealt with later.
|
|
|
|
|
*/
|
|
|
|
|
VM_OBJECT_WLOCK(obj);
|
2017-08-11 16:32:24 +00:00
|
|
|
|
|
|
|
|
grabbed = vm_page_grab_pages(obj, OFF_TO_IDX(off),
|
|
|
|
|
VM_ALLOC_NORMAL | VM_ALLOC_WIRED | flags, pa, npages);
|
|
|
|
|
if (grabbed < npages) {
|
|
|
|
|
for (int i = grabbed; i < npages; i++)
|
|
|
|
|
pa[i] = NULL;
|
|
|
|
|
npages = grabbed;
|
|
|
|
|
rhpages = 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (int i = 0; i < npages;) {
|
2019-07-19 18:03:30 +00:00
|
|
|
int j, a, count, rv;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
/* Skip valid pages. */
|
|
|
|
|
if (vm_page_is_valid(pa[i], vmoff(i, off) & PAGE_MASK,
|
|
|
|
|
xfsize(i, npages, off, len))) {
|
|
|
|
|
vm_page_xunbusy(pa[i]);
|
|
|
|
|
SFSTAT_INC(sf_pages_valid);
|
|
|
|
|
i++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2016-11-17 21:02:55 +00:00
|
|
|
* Next page is invalid. Check if it belongs to pager. It
|
|
|
|
|
* may not be there, which is a regular situation for shmem
|
|
|
|
|
* pager. For vnode pager this happens only in case of
|
|
|
|
|
* a sparse file.
|
2016-01-22 02:23:18 +00:00
|
|
|
*
|
|
|
|
|
* Important feature of vm_pager_has_page() is the hint
|
|
|
|
|
* stored in 'a', about how many pages we can pagein after
|
|
|
|
|
* this page in a single I/O.
|
|
|
|
|
*/
|
2016-11-17 21:02:55 +00:00
|
|
|
if (!vm_pager_has_page(obj, OFF_TO_IDX(vmoff(i, off)), NULL,
|
|
|
|
|
&a)) {
|
2016-01-22 02:23:18 +00:00
|
|
|
pmap_zero_page(pa[i]);
|
|
|
|
|
pa[i]->valid = VM_PAGE_BITS_ALL;
|
2017-08-11 16:27:54 +00:00
|
|
|
MPASS(pa[i]->dirty == 0);
|
2016-01-22 02:23:18 +00:00
|
|
|
vm_page_xunbusy(pa[i]);
|
|
|
|
|
i++;
|
|
|
|
|
continue;
|
2016-11-17 21:02:55 +00:00
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We want to pagein as many pages as possible, limited only
|
|
|
|
|
* by the 'a' hint and actual request.
|
|
|
|
|
*/
|
|
|
|
|
count = min(a + 1, npages - i);
|
|
|
|
|
|
2016-11-17 21:02:55 +00:00
|
|
|
/*
|
|
|
|
|
* We should not pagein into a valid page, thus we first trim
|
|
|
|
|
* any valid pages off the end of request, and substitute
|
|
|
|
|
* to bogus_page those, that are in the middle.
|
|
|
|
|
*/
|
|
|
|
|
for (j = i + count - 1; j > i; j--) {
|
|
|
|
|
if (vm_page_is_valid(pa[j], vmoff(j, off) & PAGE_MASK,
|
|
|
|
|
xfsize(j, npages, off, len))) {
|
|
|
|
|
count--;
|
|
|
|
|
rhpages = 0;
|
|
|
|
|
} else
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
for (j = i + 1; j < i + count - 1; j++)
|
|
|
|
|
if (vm_page_is_valid(pa[j], vmoff(j, off) & PAGE_MASK,
|
|
|
|
|
xfsize(j, npages, off, len))) {
|
|
|
|
|
vm_page_xunbusy(pa[j]);
|
|
|
|
|
SFSTAT_INC(sf_pages_valid);
|
|
|
|
|
SFSTAT_INC(sf_pages_bogus);
|
|
|
|
|
pa[j] = bogus_page;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
refcount_acquire(&sfio->nios);
|
|
|
|
|
rv = vm_pager_get_pages_async(obj, pa + i, count, NULL,
|
|
|
|
|
i + count == npages ? &rhpages : NULL,
|
|
|
|
|
&sendfile_iodone, sfio);
|
2019-11-06 23:45:43 +00:00
|
|
|
if (__predict_false(rv != VM_PAGER_OK)) {
|
|
|
|
|
/*
|
|
|
|
|
* Perform full pages recovery before returning EIO.
|
|
|
|
|
* Pages from 0 to npages are wired.
|
|
|
|
|
* Pages from i to npages are also busied.
|
|
|
|
|
* Pages from (i + 1) to (i + count - 1) may be
|
|
|
|
|
* substituted to bogus page, and not busied.
|
|
|
|
|
*/
|
|
|
|
|
for (j = 0; j < npages; j++) {
|
|
|
|
|
if (j > i && j < i + count - 1 &&
|
|
|
|
|
pa[j] == bogus_page)
|
|
|
|
|
pa[j] = vm_page_lookup(obj,
|
|
|
|
|
OFF_TO_IDX(vmoff(j, off)));
|
|
|
|
|
else if (j >= i)
|
|
|
|
|
vm_page_xunbusy(pa[j]);
|
|
|
|
|
KASSERT(pa[j] != NULL && pa[j] != bogus_page,
|
|
|
|
|
("%s: page %p[%d] I/O recovery failure",
|
|
|
|
|
__func__, pa, j));
|
|
|
|
|
vm_page_unwire(pa[j], PQ_INACTIVE);
|
2019-07-19 18:03:30 +00:00
|
|
|
}
|
|
|
|
|
VM_OBJECT_WUNLOCK(obj);
|
2019-07-29 20:50:26 +00:00
|
|
|
return (EIO);
|
2019-07-19 18:03:30 +00:00
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
SFSTAT_INC(sf_iocnt);
|
|
|
|
|
SFSTAT_ADD(sf_pages_read, count);
|
|
|
|
|
if (i + count == npages)
|
|
|
|
|
SFSTAT_ADD(sf_rhpages_read, rhpages);
|
|
|
|
|
|
2016-11-17 21:02:55 +00:00
|
|
|
/*
|
|
|
|
|
* Restore the valid page pointers. They are already
|
|
|
|
|
* unbusied, but still wired.
|
|
|
|
|
*/
|
|
|
|
|
for (j = i; j < i + count; j++)
|
|
|
|
|
if (pa[j] == bogus_page) {
|
|
|
|
|
pa[j] = vm_page_lookup(obj,
|
|
|
|
|
OFF_TO_IDX(vmoff(j, off)));
|
|
|
|
|
KASSERT(pa[j], ("%s: page %p[%d] disappeared",
|
|
|
|
|
__func__, pa, j));
|
|
|
|
|
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
i += count;
|
2019-07-19 18:03:30 +00:00
|
|
|
(*nios)++;
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
VM_OBJECT_WUNLOCK(obj);
|
|
|
|
|
|
2019-07-19 18:03:30 +00:00
|
|
|
if (*nios == 0 && npages != 0)
|
2016-01-22 02:23:18 +00:00
|
|
|
SFSTAT_INC(sf_noiocnt);
|
|
|
|
|
|
2019-07-19 18:03:30 +00:00
|
|
|
return (0);
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sendfile_getobj(struct thread *td, struct file *fp, vm_object_t *obj_res,
|
|
|
|
|
struct vnode **vp_res, struct shmfd **shmfd_res, off_t *obj_size,
|
|
|
|
|
int *bsize)
|
|
|
|
|
{
|
|
|
|
|
struct vattr va;
|
|
|
|
|
vm_object_t obj;
|
|
|
|
|
struct vnode *vp;
|
|
|
|
|
struct shmfd *shmfd;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
vp = *vp_res = NULL;
|
|
|
|
|
obj = NULL;
|
|
|
|
|
shmfd = *shmfd_res = NULL;
|
|
|
|
|
*bsize = 0;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The file descriptor must be a regular file and have a
|
|
|
|
|
* backing VM object.
|
|
|
|
|
*/
|
|
|
|
|
if (fp->f_type == DTYPE_VNODE) {
|
|
|
|
|
vp = fp->f_vnode;
|
|
|
|
|
vn_lock(vp, LK_SHARED | LK_RETRY);
|
|
|
|
|
if (vp->v_type != VREG) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
*bsize = vp->v_mount->mnt_stat.f_iosize;
|
|
|
|
|
error = VOP_GETATTR(vp, &va, td->td_ucred);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
*obj_size = va.va_size;
|
|
|
|
|
obj = vp->v_object;
|
|
|
|
|
if (obj == NULL) {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
} else if (fp->f_type == DTYPE_SHM) {
|
|
|
|
|
error = 0;
|
|
|
|
|
shmfd = fp->f_data;
|
|
|
|
|
obj = shmfd->shm_object;
|
|
|
|
|
*obj_size = shmfd->shm_size;
|
|
|
|
|
} else {
|
|
|
|
|
error = EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
VM_OBJECT_WLOCK(obj);
|
|
|
|
|
if ((obj->flags & OBJ_DEAD) != 0) {
|
|
|
|
|
VM_OBJECT_WUNLOCK(obj);
|
|
|
|
|
error = EBADF;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Temporarily increase the backing VM object's reference
|
|
|
|
|
* count so that a forced reclamation of its vnode does not
|
|
|
|
|
* immediately destroy it.
|
|
|
|
|
*/
|
|
|
|
|
vm_object_reference_locked(obj);
|
|
|
|
|
VM_OBJECT_WUNLOCK(obj);
|
|
|
|
|
*obj_res = obj;
|
|
|
|
|
*vp_res = vp;
|
|
|
|
|
*shmfd_res = shmfd;
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
if (vp != NULL)
|
|
|
|
|
VOP_UNLOCK(vp, 0);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sendfile_getsock(struct thread *td, int s, struct file **sock_fp,
|
|
|
|
|
struct socket **so)
|
|
|
|
|
{
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
*sock_fp = NULL;
|
|
|
|
|
*so = NULL;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The socket must be a stream socket and connected.
|
|
|
|
|
*/
|
2018-05-09 18:47:24 +00:00
|
|
|
error = getsock_cap(td, s, &cap_send_rights,
|
2016-09-22 09:58:46 +00:00
|
|
|
sock_fp, NULL, NULL);
|
2016-01-22 02:23:18 +00:00
|
|
|
if (error != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
*so = (*sock_fp)->f_data;
|
|
|
|
|
if ((*so)->so_type != SOCK_STREAM)
|
|
|
|
|
return (EINVAL);
|
2018-10-16 15:57:16 +00:00
|
|
|
if (SOLISTENING(*so))
|
|
|
|
|
return (ENOTCONN);
|
2016-01-22 02:23:18 +00:00
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
|
|
|
|
|
struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
struct thread *td)
|
2016-01-22 02:23:18 +00:00
|
|
|
{
|
|
|
|
|
struct file *sock_fp;
|
|
|
|
|
struct vnode *vp;
|
|
|
|
|
struct vm_object *obj;
|
|
|
|
|
struct socket *so;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
struct ktls_session *tls;
|
|
|
|
|
#endif
|
2019-06-29 00:49:35 +00:00
|
|
|
struct mbuf_ext_pgs *ext_pgs;
|
2016-01-22 02:23:18 +00:00
|
|
|
struct mbuf *m, *mh, *mhtail;
|
|
|
|
|
struct sf_buf *sf;
|
|
|
|
|
struct shmfd *shmfd;
|
|
|
|
|
struct sendfile_sync *sfs;
|
|
|
|
|
struct vattr va;
|
|
|
|
|
off_t off, sbytes, rem, obj_size;
|
2019-06-29 00:49:35 +00:00
|
|
|
int bsize, error, ext_pgs_idx, hdrlen, max_pgs, softerr;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
int tls_enq_cnt;
|
|
|
|
|
#endif
|
2019-06-29 00:49:35 +00:00
|
|
|
bool use_ext_pgs;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
obj = NULL;
|
|
|
|
|
so = NULL;
|
|
|
|
|
m = mh = NULL;
|
|
|
|
|
sfs = NULL;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
tls = NULL;
|
|
|
|
|
#endif
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
hdrlen = sbytes = 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
softerr = 0;
|
2019-06-29 00:49:35 +00:00
|
|
|
use_ext_pgs = false;
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
error = sendfile_getobj(td, fp, &obj, &vp, &shmfd, &obj_size, &bsize);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
error = sendfile_getsock(td, sockfd, &sock_fp, &so);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
#ifdef MAC
|
|
|
|
|
error = mac_socket_check_send(td->td_ucred, so);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
SFSTAT_INC(sf_syscalls);
|
|
|
|
|
SFSTAT_ADD(sf_rhpages_requested, SF_READAHEAD(flags));
|
|
|
|
|
|
|
|
|
|
if (flags & SF_SYNC) {
|
|
|
|
|
sfs = malloc(sizeof *sfs, M_TEMP, M_WAITOK | M_ZERO);
|
|
|
|
|
mtx_init(&sfs->mtx, "sendfile", NULL, MTX_DEF);
|
|
|
|
|
cv_init(&sfs->cv, "sendfile");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rem = nbytes ? omin(nbytes, obj_size - offset) : obj_size - offset;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Protect against multiple writers to the socket.
|
|
|
|
|
*
|
|
|
|
|
* XXXRW: Historically this has assumed non-interruptibility, so now
|
|
|
|
|
* we implement that, but possibly shouldn't.
|
|
|
|
|
*/
|
|
|
|
|
(void)sblock(&so->so_snd, SBL_WAIT | SBL_NOINTR);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
tls = ktls_hold(so->so_snd.sb_tls_info);
|
|
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Loop through the pages of the file, starting with the requested
|
|
|
|
|
* offset. Get a file page (do I/O if necessary), map the file page
|
|
|
|
|
* into an sf_buf, attach an mbuf header to the sf_buf, and queue
|
|
|
|
|
* it on the socket.
|
|
|
|
|
* This is done in two loops. The inner loop turns as many pages
|
|
|
|
|
* as it can, up to available socket buffer space, without blocking
|
|
|
|
|
* into mbufs to have it bulk delivered into the socket send buffer.
|
|
|
|
|
* The outer loop checks the state and available space of the socket
|
|
|
|
|
* and takes care of the overall progress.
|
|
|
|
|
*/
|
|
|
|
|
for (off = offset; rem > 0; ) {
|
|
|
|
|
struct sf_io *sfio;
|
|
|
|
|
vm_page_t *pa;
|
|
|
|
|
struct mbuf *mtail;
|
|
|
|
|
int nios, space, npages, rhpages;
|
|
|
|
|
|
|
|
|
|
mtail = NULL;
|
|
|
|
|
/*
|
|
|
|
|
* Check the socket state for ongoing connection,
|
|
|
|
|
* no errors and space in socket buffer.
|
|
|
|
|
* If space is low allow for the remainder of the
|
|
|
|
|
* file to be processed if it fits the socket buffer.
|
|
|
|
|
* Otherwise block in waiting for sufficient space
|
|
|
|
|
* to proceed, or if the socket is nonblocking, return
|
|
|
|
|
* to userland with EAGAIN while reporting how far
|
|
|
|
|
* we've come.
|
|
|
|
|
* We wait until the socket buffer has significant free
|
|
|
|
|
* space to do bulk sends. This makes good use of file
|
|
|
|
|
* system read ahead and allows packet segmentation
|
|
|
|
|
* offloading hardware to take over lots of work. If
|
|
|
|
|
* we were not careful here we would send off only one
|
|
|
|
|
* sfbuf at a time.
|
|
|
|
|
*/
|
|
|
|
|
SOCKBUF_LOCK(&so->so_snd);
|
|
|
|
|
if (so->so_snd.sb_lowat < so->so_snd.sb_hiwat / 2)
|
|
|
|
|
so->so_snd.sb_lowat = so->so_snd.sb_hiwat / 2;
|
|
|
|
|
retry_space:
|
|
|
|
|
if (so->so_snd.sb_state & SBS_CANTSENDMORE) {
|
|
|
|
|
error = EPIPE;
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
goto done;
|
|
|
|
|
} else if (so->so_error) {
|
|
|
|
|
error = so->so_error;
|
|
|
|
|
so->so_error = 0;
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
2017-10-10 22:21:05 +00:00
|
|
|
if ((so->so_state & SS_ISCONNECTED) == 0) {
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
error = ENOTCONN;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
space = sbspace(&so->so_snd);
|
|
|
|
|
if (space < rem &&
|
|
|
|
|
(space <= 0 ||
|
|
|
|
|
space < so->so_snd.sb_lowat)) {
|
|
|
|
|
if (so->so_state & SS_NBIO) {
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
error = EAGAIN;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* sbwait drops the lock while sleeping.
|
|
|
|
|
* When we loop back to retry_space the
|
|
|
|
|
* state may have changed and we retest
|
|
|
|
|
* for it.
|
|
|
|
|
*/
|
|
|
|
|
error = sbwait(&so->so_snd);
|
|
|
|
|
/*
|
|
|
|
|
* An error from sbwait usually indicates that we've
|
|
|
|
|
* been interrupted by a signal. If we've sent anything
|
|
|
|
|
* then return bytes sent, otherwise return the error.
|
|
|
|
|
*/
|
|
|
|
|
if (error != 0) {
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
goto retry_space;
|
|
|
|
|
}
|
|
|
|
|
SOCKBUF_UNLOCK(&so->so_snd);
|
|
|
|
|
|
|
|
|
|
/*
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
* At the beginning of the first loop check if any headers
|
|
|
|
|
* are specified and copy them into mbufs. Reduce space in
|
|
|
|
|
* the socket buffer by the size of the header mbuf chain.
|
|
|
|
|
* Clear hdr_uio here and hdrlen at the end of the first loop.
|
2016-01-22 02:23:18 +00:00
|
|
|
*/
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
if (hdr_uio != NULL && hdr_uio->uio_resid > 0) {
|
|
|
|
|
hdr_uio->uio_td = td;
|
|
|
|
|
hdr_uio->uio_rw = UIO_WRITE;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
if (tls != NULL)
|
|
|
|
|
mh = m_uiotombuf(hdr_uio, M_WAITOK, space,
|
|
|
|
|
tls->params.max_frame_len, M_NOMAP);
|
|
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
mh = m_uiotombuf(hdr_uio, M_WAITOK,
|
|
|
|
|
space, 0, 0);
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
hdrlen = m_length(mh, &mhtail);
|
|
|
|
|
space -= hdrlen;
|
Fix regression from r297400, which truncates headers in case of low socket
buffer and put a small optimization for low socket buffer case:
- Do not hack uio_resid, and let m_uiotombuf() properly take care of it. This
fixes truncation of headers at low buffer.
- If headers ate all the space, jump right to the end of the cycle, to
avoid doing single page I/O and allocating zero length mbuf.
- Clear hdr_uio only if space is positive, which indicates that all uio
was copied in.
Reviewed by: pluknet, jtl, emax, rrs, lstewart, emax, gallatin, scottl
2016-09-22 20:34:44 +00:00
|
|
|
/*
|
|
|
|
|
* If header consumed all the socket buffer space,
|
|
|
|
|
* don't waste CPU cycles and jump to the end.
|
|
|
|
|
*/
|
|
|
|
|
if (space == 0) {
|
|
|
|
|
sfio = NULL;
|
|
|
|
|
nios = 0;
|
|
|
|
|
goto prepend_header;
|
|
|
|
|
}
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
hdr_uio = NULL;
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
if (vp != NULL) {
|
|
|
|
|
error = vn_lock(vp, LK_SHARED);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto done;
|
|
|
|
|
error = VOP_GETATTR(vp, &va, td->td_ucred);
|
|
|
|
|
if (error != 0 || off >= va.va_size) {
|
|
|
|
|
VOP_UNLOCK(vp, 0);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
if (va.va_size != obj_size) {
|
|
|
|
|
obj_size = va.va_size;
|
2017-03-24 16:01:19 +00:00
|
|
|
rem = nbytes ?
|
|
|
|
|
omin(nbytes + offset, obj_size) : obj_size;
|
|
|
|
|
rem -= off;
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (space > rem)
|
|
|
|
|
space = rem;
|
2019-06-29 00:49:35 +00:00
|
|
|
else if (space > PAGE_SIZE) {
|
|
|
|
|
/*
|
|
|
|
|
* Use page boundaries when possible for large
|
|
|
|
|
* requests.
|
|
|
|
|
*/
|
|
|
|
|
if (off & PAGE_MASK)
|
|
|
|
|
space -= (PAGE_SIZE - (off & PAGE_MASK));
|
|
|
|
|
space = trunc_page(space);
|
|
|
|
|
if (off & PAGE_MASK)
|
|
|
|
|
space += (PAGE_SIZE - (off & PAGE_MASK));
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
npages = howmany(space + (off & PAGE_MASK), PAGE_SIZE);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Calculate maximum allowed number of pages for readahead
|
2016-11-17 21:36:18 +00:00
|
|
|
* at this iteration. If SF_USER_READAHEAD was set, we don't
|
|
|
|
|
* do any heuristics and use exactly the value supplied by
|
|
|
|
|
* application. Otherwise, we allow readahead up to "rem".
|
2016-01-22 02:23:18 +00:00
|
|
|
* If application wants more, let it be, but there is no
|
|
|
|
|
* reason to go above MAXPHYS. Also check against "obj_size",
|
|
|
|
|
* since vm_pager_has_page() can hint beyond EOF.
|
|
|
|
|
*/
|
2016-11-17 21:36:18 +00:00
|
|
|
if (flags & SF_USER_READAHEAD) {
|
|
|
|
|
rhpages = SF_READAHEAD(flags);
|
|
|
|
|
} else {
|
|
|
|
|
rhpages = howmany(rem + (off & PAGE_MASK), PAGE_SIZE) -
|
|
|
|
|
npages;
|
|
|
|
|
rhpages += SF_READAHEAD(flags);
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
rhpages = min(howmany(MAXPHYS, PAGE_SIZE), rhpages);
|
|
|
|
|
rhpages = min(howmany(obj_size - trunc_page(off), PAGE_SIZE) -
|
|
|
|
|
npages, rhpages);
|
|
|
|
|
|
|
|
|
|
sfio = malloc(sizeof(struct sf_io) +
|
|
|
|
|
npages * sizeof(vm_page_t), M_TEMP, M_WAITOK);
|
|
|
|
|
refcount_init(&sfio->nios, 1);
|
2017-09-13 22:11:05 +00:00
|
|
|
sfio->so = so;
|
2016-01-22 02:23:18 +00:00
|
|
|
sfio->error = 0;
|
|
|
|
|
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
/*
|
|
|
|
|
* This doesn't use ktls_hold() because sfio->m will
|
|
|
|
|
* also have a reference on 'tls' that will be valid
|
|
|
|
|
* for all of sfio's lifetime.
|
|
|
|
|
*/
|
|
|
|
|
sfio->tls = tls;
|
|
|
|
|
#endif
|
|
|
|
|
|
2019-07-19 18:03:30 +00:00
|
|
|
error = sendfile_swapin(obj, sfio, &nios, off, space, npages,
|
|
|
|
|
rhpages, flags);
|
2019-07-29 20:50:26 +00:00
|
|
|
if (error != 0) {
|
2019-07-19 18:03:30 +00:00
|
|
|
if (vp != NULL)
|
|
|
|
|
VOP_UNLOCK(vp, 0);
|
2019-11-06 23:45:43 +00:00
|
|
|
sfio->m = NULL;
|
|
|
|
|
sendfile_iodone(sfio, NULL, 0, error);
|
2019-07-19 18:03:30 +00:00
|
|
|
goto done;
|
|
|
|
|
}
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Loop and construct maximum sized mbuf chain to be bulk
|
|
|
|
|
* dumped into socket buffer.
|
|
|
|
|
*/
|
|
|
|
|
pa = sfio->pa;
|
2019-06-29 00:49:35 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Use unmapped mbufs if enabled for TCP. Unmapped
|
|
|
|
|
* bufs are restricted to TCP as that is what has been
|
|
|
|
|
* tested. In particular, unmapped mbufs have not
|
|
|
|
|
* been tested with UNIX-domain sockets.
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
*
|
|
|
|
|
* TLS frames always require unmapped mbufs.
|
2019-06-29 00:49:35 +00:00
|
|
|
*/
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
if ((mb_use_ext_pgs &&
|
|
|
|
|
so->so_proto->pr_protocol == IPPROTO_TCP)
|
|
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
|| tls != NULL
|
|
|
|
|
#endif
|
|
|
|
|
) {
|
2019-06-29 00:49:35 +00:00
|
|
|
use_ext_pgs = true;
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
if (tls != NULL)
|
|
|
|
|
max_pgs = num_pages(tls->params.max_frame_len);
|
|
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
max_pgs = MBUF_PEXT_MAX_PGS;
|
2019-06-29 00:49:35 +00:00
|
|
|
|
|
|
|
|
/* Start at last index, to wrap on first use. */
|
|
|
|
|
ext_pgs_idx = max_pgs - 1;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
for (int i = 0; i < npages; i++) {
|
|
|
|
|
struct mbuf *m0;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If a page wasn't grabbed successfully, then
|
|
|
|
|
* trim the array. Can happen only with SF_NODISKIO.
|
|
|
|
|
*/
|
|
|
|
|
if (pa[i] == NULL) {
|
|
|
|
|
SFSTAT_INC(sf_busy);
|
|
|
|
|
fixspace(npages, i, off, &space);
|
|
|
|
|
npages = i;
|
|
|
|
|
softerr = EBUSY;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-29 00:49:35 +00:00
|
|
|
if (use_ext_pgs) {
|
|
|
|
|
off_t xfs;
|
|
|
|
|
|
|
|
|
|
ext_pgs_idx++;
|
|
|
|
|
if (ext_pgs_idx == max_pgs) {
|
|
|
|
|
m0 = mb_alloc_ext_pgs(M_WAITOK, false,
|
|
|
|
|
sendfile_free_mext_pg);
|
|
|
|
|
|
|
|
|
|
if (flags & SF_NOCACHE) {
|
|
|
|
|
m0->m_ext.ext_flags |=
|
|
|
|
|
EXT_FLAG_NOCACHE;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* See comment below regarding
|
|
|
|
|
* ignoring SF_NOCACHE for the
|
|
|
|
|
* last page.
|
|
|
|
|
*/
|
|
|
|
|
if ((npages - i <= max_pgs) &&
|
|
|
|
|
((off + space) & PAGE_MASK) &&
|
|
|
|
|
(rem > space || rhpages > 0))
|
|
|
|
|
m0->m_ext.ext_flags |=
|
|
|
|
|
EXT_FLAG_CACHE_LAST;
|
|
|
|
|
}
|
|
|
|
|
if (sfs != NULL) {
|
|
|
|
|
m0->m_ext.ext_flags |=
|
|
|
|
|
EXT_FLAG_SYNC;
|
|
|
|
|
m0->m_ext.ext_arg2 = sfs;
|
|
|
|
|
mtx_lock(&sfs->mtx);
|
|
|
|
|
sfs->count++;
|
|
|
|
|
mtx_unlock(&sfs->mtx);
|
|
|
|
|
}
|
|
|
|
|
ext_pgs = m0->m_ext.ext_pgs;
|
|
|
|
|
if (i == 0)
|
|
|
|
|
sfio->m = m0;
|
|
|
|
|
ext_pgs_idx = 0;
|
|
|
|
|
|
|
|
|
|
/* Append to mbuf chain. */
|
|
|
|
|
if (mtail != NULL)
|
|
|
|
|
mtail->m_next = m0;
|
|
|
|
|
else
|
|
|
|
|
m = m0;
|
|
|
|
|
mtail = m0;
|
|
|
|
|
ext_pgs->first_pg_off =
|
|
|
|
|
vmoff(i, off) & PAGE_MASK;
|
|
|
|
|
}
|
|
|
|
|
if (nios) {
|
|
|
|
|
mtail->m_flags |= M_NOTREADY;
|
|
|
|
|
ext_pgs->nrdy++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ext_pgs->pa[ext_pgs_idx] = VM_PAGE_TO_PHYS(pa[i]);
|
|
|
|
|
ext_pgs->npgs++;
|
|
|
|
|
xfs = xfsize(i, npages, off, space);
|
|
|
|
|
ext_pgs->last_pg_len = xfs;
|
|
|
|
|
MBUF_EXT_PGS_ASSERT_SANITY(ext_pgs);
|
|
|
|
|
mtail->m_len += xfs;
|
|
|
|
|
mtail->m_ext.ext_size += PAGE_SIZE;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* Get a sendfile buf. When allocating the
|
|
|
|
|
* first buffer for mbuf chain, we usually
|
|
|
|
|
* wait as long as necessary, but this wait
|
|
|
|
|
* can be interrupted. For consequent
|
|
|
|
|
* buffers, do not sleep, since several
|
|
|
|
|
* threads might exhaust the buffers and then
|
|
|
|
|
* deadlock.
|
|
|
|
|
*/
|
|
|
|
|
sf = sf_buf_alloc(pa[i],
|
|
|
|
|
m != NULL ? SFB_NOWAIT : SFB_CATCH);
|
|
|
|
|
if (sf == NULL) {
|
|
|
|
|
SFSTAT_INC(sf_allocfail);
|
Change synchonization rules for vm_page reference counting.
There are several mechanisms by which a vm_page reference is held,
preventing the page from being freed back to the page allocator. In
particular, holding the page's object lock is sufficient to prevent the
page from being freed; holding the busy lock or a wiring is sufficent as
well. These references are protected by the page lock, which must
therefore be acquired for many per-page operations. This results in
false sharing since the page locks are external to the vm_page
structures themselves and each lock protects multiple structures.
Transition to using an atomically updated per-page reference counter.
The object's reference is counted using a flag bit in the counter. A
second flag bit is used to atomically block new references via
pmap_extract_and_hold() while removing managed mappings of a page.
Thus, the reference count of a page is guaranteed not to increase if the
page is unbusied, unmapped, and the object's write lock is held. As
a consequence of this, the page lock no longer protects a page's
identity; operations which move pages between objects are now
synchronized solely by the objects' locks.
The vm_page_wire() and vm_page_unwire() KPIs are changed. The former
requires that either the object lock or the busy lock is held. The
latter no longer has a return value and may free the page if it releases
the last reference to that page. vm_page_unwire_noq() behaves the same
as before; the caller is responsible for checking its return value and
freeing or enqueuing the page as appropriate. vm_page_wire_mapped() is
introduced for use in pmap_extract_and_hold(). It fails if the page is
concurrently being unmapped, typically triggering a fallback to the
fault handler. vm_page_wire() no longer requires the page lock and
vm_page_unwire() now internally acquires the page lock when releasing
the last wiring of a page (since the page lock still protects a page's
queue state). In particular, synchronization details are no longer
leaked into the caller.
The change excises the page lock from several frequently executed code
paths. In particular, vm_object_terminate() no longer bounces between
page locks as it releases an object's pages, and direct I/O and
sendfile(SF_NOCACHE) completions no longer require the page lock. In
these latter cases we now get linear scalability in the common scenario
where different threads are operating on different files.
__FreeBSD_version is bumped. The DRM ports have been updated to
accomodate the KPI changes.
Reviewed by: jeff (earlier version)
Tested by: gallatin (earlier version), pho
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D20486
2019-09-09 21:32:42 +00:00
|
|
|
for (int j = i; j < npages; j++)
|
2016-01-22 02:23:18 +00:00
|
|
|
vm_page_unwire(pa[j], PQ_INACTIVE);
|
|
|
|
|
if (m == NULL)
|
|
|
|
|
softerr = ENOBUFS;
|
|
|
|
|
fixspace(npages, i, off, &space);
|
|
|
|
|
npages = i;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m0 = m_get(M_WAITOK, MT_DATA);
|
|
|
|
|
m0->m_ext.ext_buf = (char *)sf_buf_kva(sf);
|
|
|
|
|
m0->m_ext.ext_size = PAGE_SIZE;
|
|
|
|
|
m0->m_ext.ext_arg1 = sf;
|
2017-10-09 21:06:16 +00:00
|
|
|
m0->m_ext.ext_type = EXT_SFBUF;
|
|
|
|
|
m0->m_ext.ext_flags = EXT_FLAG_EMBREF;
|
|
|
|
|
m0->m_ext.ext_free = sendfile_free_mext;
|
2016-01-22 02:23:18 +00:00
|
|
|
/*
|
|
|
|
|
* SF_NOCACHE sets the page as being freed upon send.
|
|
|
|
|
* However, we ignore it for the last page in 'space',
|
|
|
|
|
* if the page is truncated, and we got more data to
|
|
|
|
|
* send (rem > space), or if we have readahead
|
|
|
|
|
* configured (rhpages > 0).
|
|
|
|
|
*/
|
2017-10-09 21:06:16 +00:00
|
|
|
if ((flags & SF_NOCACHE) &&
|
|
|
|
|
(i != npages - 1 ||
|
|
|
|
|
!((off + space) & PAGE_MASK) ||
|
|
|
|
|
!(rem > space || rhpages > 0)))
|
|
|
|
|
m0->m_ext.ext_flags |= EXT_FLAG_NOCACHE;
|
|
|
|
|
if (sfs != NULL) {
|
|
|
|
|
m0->m_ext.ext_flags |= EXT_FLAG_SYNC;
|
|
|
|
|
m0->m_ext.ext_arg2 = sfs;
|
|
|
|
|
mtx_lock(&sfs->mtx);
|
|
|
|
|
sfs->count++;
|
|
|
|
|
mtx_unlock(&sfs->mtx);
|
|
|
|
|
}
|
2016-03-01 00:17:14 +00:00
|
|
|
m0->m_ext.ext_count = 1;
|
2016-01-22 02:23:18 +00:00
|
|
|
m0->m_flags |= (M_EXT | M_RDONLY);
|
|
|
|
|
if (nios)
|
|
|
|
|
m0->m_flags |= M_NOTREADY;
|
|
|
|
|
m0->m_data = (char *)sf_buf_kva(sf) +
|
|
|
|
|
(vmoff(i, off) & PAGE_MASK);
|
|
|
|
|
m0->m_len = xfsize(i, npages, off, space);
|
|
|
|
|
|
|
|
|
|
if (i == 0)
|
|
|
|
|
sfio->m = m0;
|
|
|
|
|
|
|
|
|
|
/* Append to mbuf chain. */
|
|
|
|
|
if (mtail != NULL)
|
|
|
|
|
mtail->m_next = m0;
|
|
|
|
|
else
|
|
|
|
|
m = m0;
|
|
|
|
|
mtail = m0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (vp != NULL)
|
|
|
|
|
VOP_UNLOCK(vp, 0);
|
|
|
|
|
|
|
|
|
|
/* Keep track of bytes processed. */
|
|
|
|
|
off += space;
|
|
|
|
|
rem -= space;
|
|
|
|
|
|
|
|
|
|
/* Prepend header, if any. */
|
|
|
|
|
if (hdrlen) {
|
Fix regression from r297400, which truncates headers in case of low socket
buffer and put a small optimization for low socket buffer case:
- Do not hack uio_resid, and let m_uiotombuf() properly take care of it. This
fixes truncation of headers at low buffer.
- If headers ate all the space, jump right to the end of the cycle, to
avoid doing single page I/O and allocating zero length mbuf.
- Clear hdr_uio only if space is positive, which indicates that all uio
was copied in.
Reviewed by: pluknet, jtl, emax, rrs, lstewart, emax, gallatin, scottl
2016-09-22 20:34:44 +00:00
|
|
|
prepend_header:
|
2016-01-22 02:23:18 +00:00
|
|
|
mhtail->m_next = m;
|
|
|
|
|
m = mh;
|
|
|
|
|
mh = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (m == NULL) {
|
|
|
|
|
KASSERT(softerr, ("%s: m NULL, no error", __func__));
|
|
|
|
|
error = softerr;
|
|
|
|
|
free(sfio, M_TEMP);
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Add the buffer chain to the socket buffer. */
|
|
|
|
|
KASSERT(m_length(m, NULL) == space + hdrlen,
|
|
|
|
|
("%s: mlen %u space %d hdrlen %d",
|
|
|
|
|
__func__, m_length(m, NULL), space, hdrlen));
|
|
|
|
|
|
|
|
|
|
CURVNET_SET(so->so_vnet);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
if (tls != NULL) {
|
|
|
|
|
error = ktls_frame(m, tls, &tls_enq_cnt,
|
|
|
|
|
TLS_RLTYPE_APP);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
if (nios == 0) {
|
|
|
|
|
/*
|
|
|
|
|
* If sendfile_swapin() didn't initiate any I/Os,
|
|
|
|
|
* which happens if all data is cached in VM, then
|
|
|
|
|
* we can send data right now without the
|
|
|
|
|
* PRUS_NOTREADY flag.
|
|
|
|
|
*/
|
|
|
|
|
free(sfio, M_TEMP);
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
2019-10-08 21:34:06 +00:00
|
|
|
if (tls != NULL && tls->mode == TCP_TLS_MODE_SW) {
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
error = (*so->so_proto->pr_usrreqs->pru_send)
|
|
|
|
|
(so, PRUS_NOTREADY, m, NULL, NULL, td);
|
|
|
|
|
soref(so);
|
|
|
|
|
ktls_enqueue(m, so, tls_enq_cnt);
|
|
|
|
|
} else
|
|
|
|
|
#endif
|
|
|
|
|
error = (*so->so_proto->pr_usrreqs->pru_send)
|
|
|
|
|
(so, 0, m, NULL, NULL, td);
|
2016-01-22 02:23:18 +00:00
|
|
|
} else {
|
|
|
|
|
sfio->npages = npages;
|
2017-09-13 22:11:05 +00:00
|
|
|
soref(so);
|
2016-01-22 02:23:18 +00:00
|
|
|
error = (*so->so_proto->pr_usrreqs->pru_send)
|
|
|
|
|
(so, PRUS_NOTREADY, m, NULL, NULL, td);
|
|
|
|
|
sendfile_iodone(sfio, NULL, 0, 0);
|
|
|
|
|
}
|
|
|
|
|
CURVNET_RESTORE();
|
|
|
|
|
|
|
|
|
|
m = NULL; /* pru_send always consumes */
|
|
|
|
|
if (error)
|
|
|
|
|
goto done;
|
|
|
|
|
sbytes += space + hdrlen;
|
|
|
|
|
if (hdrlen)
|
|
|
|
|
hdrlen = 0;
|
|
|
|
|
if (softerr) {
|
|
|
|
|
error = softerr;
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Send trailers. Wimp out and use writev(2).
|
|
|
|
|
*/
|
|
|
|
|
if (trl_uio != NULL) {
|
|
|
|
|
sbunlock(&so->so_snd);
|
|
|
|
|
error = kern_writev(td, sockfd, trl_uio);
|
|
|
|
|
if (error == 0)
|
|
|
|
|
sbytes += td->td_retval[0];
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
sbunlock(&so->so_snd);
|
|
|
|
|
out:
|
|
|
|
|
/*
|
|
|
|
|
* If there was no error we have to clear td->td_retval[0]
|
|
|
|
|
* because it may have been set by writev.
|
|
|
|
|
*/
|
|
|
|
|
if (error == 0) {
|
|
|
|
|
td->td_retval[0] = 0;
|
|
|
|
|
}
|
|
|
|
|
if (sent != NULL) {
|
|
|
|
|
(*sent) = sbytes;
|
|
|
|
|
}
|
|
|
|
|
if (obj != NULL)
|
|
|
|
|
vm_object_deallocate(obj);
|
|
|
|
|
if (so)
|
|
|
|
|
fdrop(sock_fp, td);
|
|
|
|
|
if (m)
|
|
|
|
|
m_freem(m);
|
|
|
|
|
if (mh)
|
|
|
|
|
m_freem(mh);
|
|
|
|
|
|
|
|
|
|
if (sfs != NULL) {
|
|
|
|
|
mtx_lock(&sfs->mtx);
|
|
|
|
|
if (sfs->count != 0)
|
|
|
|
|
cv_wait(&sfs->cv, &sfs->mtx);
|
|
|
|
|
KASSERT(sfs->count == 0, ("sendfile sync still busy"));
|
|
|
|
|
cv_destroy(&sfs->cv);
|
|
|
|
|
mtx_destroy(&sfs->mtx);
|
|
|
|
|
free(sfs, M_TEMP);
|
|
|
|
|
}
|
Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets. KTLS only supports
offload of TLS for transmitted data. Key negotation must still be
performed in userland. Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option. All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.
Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type. Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.
At present, rekeying is not supported though the in-kernel framework
should support rekeying.
KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer. Each TLS frame is described by a single
ext_pgs mbuf. The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.
KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.
Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame(). ktls_enqueue() is then
called to schedule TLS frames for encryption. In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed. For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().
A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue(). Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.
(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)
KTLS supports pluggable software encryption backends. Internally,
Netflix uses proprietary pure-software backends. This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames. As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.
Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready(). At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.
ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation. In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session. TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted. The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface. If so, the packet is tagged
with the TLS send tag and sent to the interface. The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation. If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped. In addition, a task is scheduled to refresh the TLS send
tag for the TLS session. If a new TLS send tag cannot be allocated,
the connection is dropped. If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag. (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another. As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)
ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8). ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.
Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option. They can also use this socket
option to toggle between software and ifnet TLS modes.
In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax. However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.
Various sysctls and counters are available under the kern.ipc.tls
sysctl node. The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default). The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.
KTLS is enabled via the KERN_TLS kernel option.
This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.
Reviewed by: gallatin, hselasky, rrs
Obtained from: Netflix
Sponsored by: Netflix, Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D21277
2019-08-27 00:01:56 +00:00
|
|
|
#ifdef KERN_TLS
|
|
|
|
|
if (tls != NULL)
|
|
|
|
|
ktls_free(tls);
|
|
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
|
|
|
|
|
if (error == ERESTART)
|
|
|
|
|
error = EINTR;
|
|
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sendfile(struct thread *td, struct sendfile_args *uap, int compat)
|
|
|
|
|
{
|
|
|
|
|
struct sf_hdtr hdtr;
|
|
|
|
|
struct uio *hdr_uio, *trl_uio;
|
|
|
|
|
struct file *fp;
|
|
|
|
|
off_t sbytes;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* File offset must be positive. If it goes beyond EOF
|
|
|
|
|
* we send only the header/trailer and no payload data.
|
|
|
|
|
*/
|
|
|
|
|
if (uap->offset < 0)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
2017-08-09 17:48:38 +00:00
|
|
|
sbytes = 0;
|
2016-01-22 02:23:18 +00:00
|
|
|
hdr_uio = trl_uio = NULL;
|
|
|
|
|
|
|
|
|
|
if (uap->hdtr != NULL) {
|
|
|
|
|
error = copyin(uap->hdtr, &hdtr, sizeof(hdtr));
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
if (hdtr.headers != NULL) {
|
|
|
|
|
error = copyinuio(hdtr.headers, hdtr.hdr_cnt,
|
|
|
|
|
&hdr_uio);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
#ifdef COMPAT_FREEBSD4
|
|
|
|
|
/*
|
|
|
|
|
* In FreeBSD < 5.0 the nbytes to send also included
|
|
|
|
|
* the header. If compat is specified subtract the
|
|
|
|
|
* header size from nbytes.
|
|
|
|
|
*/
|
|
|
|
|
if (compat) {
|
|
|
|
|
if (uap->nbytes > hdr_uio->uio_resid)
|
|
|
|
|
uap->nbytes -= hdr_uio->uio_resid;
|
|
|
|
|
else
|
|
|
|
|
uap->nbytes = 0;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2016-01-22 02:23:18 +00:00
|
|
|
}
|
|
|
|
|
if (hdtr.trailers != NULL) {
|
|
|
|
|
error = copyinuio(hdtr.trailers, hdtr.trl_cnt,
|
|
|
|
|
&trl_uio);
|
|
|
|
|
if (error != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
AUDIT_ARG_FD(uap->fd);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* sendfile(2) can start at any offset within a file so we require
|
|
|
|
|
* CAP_READ+CAP_SEEK = CAP_PREAD.
|
|
|
|
|
*/
|
2018-05-09 18:47:24 +00:00
|
|
|
if ((error = fget_read(td, uap->fd, &cap_pread_rights, &fp)) != 0)
|
2016-01-22 02:23:18 +00:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
error = fo_sendfile(fp, uap->s, hdr_uio, trl_uio, uap->offset,
|
The sendfile(2) allows to send extra data from userspace before the file
data (headers). Historically the size of the headers was not checked
against the socket buffer space. Application could easily overcommit the
socket buffer space.
With the new sendfile (r293439) the problem remained, but a KASSERT was
inserted that checked that amount of data written to the socket matches
its space. In case when size of headers is bigger that socket space,
KASSERT fires. Without INVARIANTS the new sendfile won't panic, but
would report incorrect amount of bytes sent.
o With this change, the headers copyin is moved down into the cycle, after
the sbspace() check. The uio size is trimmed by socket space there,
which fixes the overcommit problem and its consequences.
o The compatibility handling for FreeBSD 4 sendfile headers API is pushed
up the stack to syscall wrappers. This required a copy and paste of the
code, but in turn this allowed to remove extra stack carried parameter
from fo_sendfile_t, and embrace entire compat code into #ifdef. If in
future we got more fo_sendfile_t function, the copy and paste level would
even reduce.
Reviewed by: emax, gallatin, Maxim Dounin <mdounin mdounin.ru>
Tested by: Vitalij Satanivskij <satan ukr.net>
Sponsored by: Netflix
2016-03-29 19:57:11 +00:00
|
|
|
uap->nbytes, &sbytes, uap->flags, td);
|
2016-01-22 02:23:18 +00:00
|
|
|
fdrop(fp, td);
|
|
|
|
|
|
|
|
|
|
if (uap->sbytes != NULL)
|
|
|
|
|
copyout(&sbytes, uap->sbytes, sizeof(off_t));
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
free(hdr_uio, M_IOV);
|
|
|
|
|
free(trl_uio, M_IOV);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* sendfile(2)
|
|
|
|
|
*
|
|
|
|
|
* int sendfile(int fd, int s, off_t offset, size_t nbytes,
|
|
|
|
|
* struct sf_hdtr *hdtr, off_t *sbytes, int flags)
|
|
|
|
|
*
|
|
|
|
|
* Send a file specified by 'fd' and starting at 'offset' to a socket
|
|
|
|
|
* specified by 's'. Send only 'nbytes' of the file or until EOF if nbytes ==
|
|
|
|
|
* 0. Optionally add a header and/or trailer to the socket output. If
|
|
|
|
|
* specified, write the total number of bytes sent into *sbytes.
|
|
|
|
|
*/
|
|
|
|
|
int
|
|
|
|
|
sys_sendfile(struct thread *td, struct sendfile_args *uap)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
return (sendfile(td, uap, 0));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef COMPAT_FREEBSD4
|
|
|
|
|
int
|
|
|
|
|
freebsd4_sendfile(struct thread *td, struct freebsd4_sendfile_args *uap)
|
|
|
|
|
{
|
|
|
|
|
struct sendfile_args args;
|
|
|
|
|
|
|
|
|
|
args.fd = uap->fd;
|
|
|
|
|
args.s = uap->s;
|
|
|
|
|
args.offset = uap->offset;
|
|
|
|
|
args.nbytes = uap->nbytes;
|
|
|
|
|
args.hdtr = uap->hdtr;
|
|
|
|
|
args.sbytes = uap->sbytes;
|
|
|
|
|
args.flags = uap->flags;
|
|
|
|
|
|
|
|
|
|
return (sendfile(td, &args, 1));
|
|
|
|
|
}
|
|
|
|
|
#endif /* COMPAT_FREEBSD4 */
|
