From nobody Tue Dec 16 21:28:46 2025 Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E89B221F1C for ; Tue, 2 Dec 2025 01:35:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764639319; cv=none; b=js1hKVeVw0MzXGKGH3K9IeT6OxMRbFsk5DuNr+q5a69JmWDiSKzFl6mseYBAup3wKC0XAcUEzBEdpSQ4en8x7eo/ylw/JbSwO7AYBJTVZGJb8fCmDh5n/pGpnaBXEsfFeqLPcRlnCrjAI6TmthbAqStgjap5oWAV6EgUkf9wn4k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764639319; c=relaxed/simple; bh=vxpkGccNVOzZnxnGt+XxGTh2tk/X17iKXQnOD/cPnrU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JyUE9Ulb33hDqIRqLmqzIcGoXl/LD/SeDeWqQH3Bw2VDJX+u4ok9khDYCUMQnVrjPEap7QU1Qg5y3ZDVSOVX/Wz+nlkqoectW5yFW+VIr4Q31rLmx0GzsW2mrC2v8uLqWFk6lNNziui497oMDPLvzERCeFWEfrqsh4/nT9PsulQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=c2rEX/vB; arc=none smtp.client-ip=209.85.215.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="c2rEX/vB" Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-bbf2c3eccc9so2319117a12.0 for ; Mon, 01 Dec 2025 17:35:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764639317; x=1765244117; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=czIyAwG2XcUYBMND32our9jihcE3M72DjVQfcH7wVb4=; b=c2rEX/vB0yOkHxxHbXx/PQluwv8O5A6DKW+Tzr4JM7ySrR5wuOWafV+VFh//D5AzEb SNm6r5Zy38jGGqXsqvxh/ByS+bFnZX3HXUl3RB/LER2Ybwc8ds7JI9x7brveA46+dDBv cOBmDCErqF9704Xx6PkYkk8U0qTmS3SClttUujfLmnSr4e+PlH8V/GfwKzDNwC3/JB4M rCxlVswlq0cSUblTQMxrlaelaXGH9aK/Z9oHy1PXKjK2IziPlG2kEsX/5ldkPMAwRUgX E72bV88i3bbYlOyVXDIED+hBggFm1zSLL7CxYpqU7FneUuYq1StucDqqXXiOcDJVINnm 9wgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764639317; x=1765244117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=czIyAwG2XcUYBMND32our9jihcE3M72DjVQfcH7wVb4=; b=i6GBkVBH7UJmO8kwQX3txm+wcks6655e+bLxlLYk+9wGsffeXwl1mS1FObKcNruD+7 w6dcmjoM2af00a+bmnHNo6GPmQIO9mAq4QH4DNn3rbyBa1Yx4sy4B4jT96I4IIYBfiRG srAe6kaKnXJpEh9zFVFWCa/bgZ7VE6lkfDLfubFZmCLj6EGjLVMEGF46PFfVDFsvRL/q v0v5jwRVk0GNhSV/2QmSRStDmrhLR28R26c/NfL5yzWdKDxcGWslhXj/nOQ+n7MbDjnQ 6cQ6w7MVHlDz/vO0J66qtCrK8zKxAzbt5t0R5anfPLqIHtDnCMtG+UzzSgzpkxsuCoyC pOCw== X-Forwarded-Encrypted: i=1; AJvYcCUFWT7bJ5XUTCZKbmw6JafLTaHtWPxW93bMakvBba8FpD3hoEbJpLLtl6yXjzrLlm3V9+sdFKELH7BvyEE=@vger.kernel.org X-Gm-Message-State: AOJu0YyNWzglSp8vDDkzvhSjuumnS0tr+HndYjLOrCM7UEIpPAUZ67eq e5kzthCX+zfgUuSIrx1asnNtVojl2/ZSWi+d/5snwrpZ4Jge4KLefJ/f X-Gm-Gg: ASbGnctJCDFGlaWyyS99pA6D7o3UY749PwTQdwMtT8yIfG7uruzHEXezintfQFxsa01 r91ym402Ng5cY283gf1eoSG7GFbL03j26e8MYkFWpWMamIvQF/4CQwPiWiDOj7nWl6ua4J/tmt2 DQZ2BpmxoxY99/eWcFBRCOsR+H0LSPZRffXwl9sERt5JfZWWE3zsZoUaO9XpaXvdMZ5LjURSr/3 qh/eaL22nrpIdBU7m52CKmRWD2F306/anxSlFj5cEqjEE3Xxj5Q9dWpoGPy57SA65UJitEYC16z BWeSSV8Qud7XxaLKcQqtRt6y5Li3ueb9Rdn83AnayK57CrD6U2DFWOXOujAQl9sDkFFKAActTFT 4jIEbcSyMgB73DtP3JpFmat9gZdyL+vWfEVojw5LQZE7tSAGJqiyWi10jfs6VgNDWltjKFAAXdw tS4HKYWjWr0lQ/9IobZCOAeGSn0MPzGFng9xljo5vi7hd4Iv/8L05ZuE/c2Cl4f6RV3rozqvDCG HnBO6KdcCBq8dn5PuE= X-Google-Smtp-Source: AGHT+IEg+/N743oXcIq0ciRB44SxAmj3ck5rf7L8gATspDeLcAoYxScp44MI8ISyD4Zq0PaY2ptvmA== X-Received: by 2002:a17:903:1b03:b0:295:5da6:5ff7 with SMTP id d9443c01a7336-29d5a5379f5mr8003195ad.15.1764639317177; Mon, 01 Dec 2025 17:35:17 -0800 (PST) Received: from toolbx.alistair23.me (2403-580b-97e8-0-82ce-f179-8a79-69f4.ip6.aussiebb.net. [2403:580b:97e8:0:82ce:f179:8a79:69f4]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29bceb54563sm132378575ad.89.2025.12.01.17.35.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Dec 2025 17:35:16 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: chuck.lever@oracle.com, hare@kernel.org, kernel-tls-handshake@lists.linux.dev, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-nvme@lists.infradead.org, linux-nfs@vger.kernel.org Cc: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, kch@nvidia.com, hare@suse.de, alistair23@gmail.com, Alistair Francis Subject: [PATCH v6 2/5] net/handshake: Define handshake_req_keyupdate Date: Tue, 2 Dec 2025 11:34:26 +1000 Message-ID: <20251202013429.1199659-3-alistair.francis@wdc.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251202013429.1199659-1-alistair.francis@wdc.com> References: <20251202013429.1199659-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis Add a new handshake_req_keyupdate() function which is similar to the existing handshake_req_submit(). The new handshake_req_keyupdate() does not add the request to the hash table (unlike handshake_req_submit()) but instead uses the existing request from the initial handshake. During the initial handshake handshake_req_submit() will add the request to the hash table. The request will not be removed from the hash table unless the socket is closed (reference count hits zero). After the initial handshake handshake_req_keyupdate() can be used to re-use the existing request in the hash table to trigger a KeyUpdate with userspace. Signed-off-by: Alistair Francis Reviewed-by: Hannes Reinecke --- v6: - New patch net/handshake/handshake.h | 2 + net/handshake/request.c | 95 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) diff --git a/net/handshake/handshake.h b/net/handshake/handshake.h index a48163765a7a..04feacd1e21d 100644 --- a/net/handshake/handshake.h +++ b/net/handshake/handshake.h @@ -84,6 +84,8 @@ void handshake_req_hash_destroy(void); void *handshake_req_private(struct handshake_req *req); struct handshake_req *handshake_req_hash_lookup(struct sock *sk); struct handshake_req *handshake_req_next(struct handshake_net *hn, int cla= ss); +int handshake_req_keyupdate(struct socket *sock, struct handshake_req *req, + gfp_t flags); int handshake_req_submit(struct socket *sock, struct handshake_req *req, gfp_t flags); void handshake_complete(struct handshake_req *req, unsigned int status, diff --git a/net/handshake/request.c b/net/handshake/request.c index 274d2c89b6b2..916caab88fe0 100644 --- a/net/handshake/request.c +++ b/net/handshake/request.c @@ -196,6 +196,101 @@ struct handshake_req *handshake_req_next(struct hands= hake_net *hn, int class) } EXPORT_SYMBOL_IF_KUNIT(handshake_req_next); =20 +/** + * handshake_req_keyupdate - Submit a KeyUpdate request + * @sock: open socket on which to perform the handshake + * @req: handshake arguments, this must already be allocated and exist + * in the hash table, which happens as part of handshake_req_submit() + * @flags: memory allocation flags + * + * Return values: + * %0: Request queued + * %-EINVAL: Invalid argument + * %-EBUSY: A handshake is already under way for this socket + * %-ESRCH: No handshake agent is available + * %-EAGAIN: Too many pending handshake requests + * %-ENOMEM: Failed to allocate memory + * %-EMSGSIZE: Failed to construct notification message + * %-EOPNOTSUPP: Handshake module not initialized + * + * A zero return value from handshake_req_submit() means that + * exactly one subsequent completion callback is guaranteed. + * + * A negative return value from handshake_req_submit() means that + * no completion callback will be done and that @req has been + * destroyed. + */ +int handshake_req_keyupdate(struct socket *sock, struct handshake_req *req, + gfp_t flags) +{ + struct handshake_net *hn; + struct net *net; + struct handshake_req *req_lookup; + int ret; + + if (!sock || !req || !sock->file) { + kfree(req); + return -EINVAL; + } + + req->hr_sk =3D sock->sk; + if (!req->hr_sk) { + kfree(req); + return -EINVAL; + } + req->hr_odestruct =3D req->hr_sk->sk_destruct; + req->hr_sk->sk_destruct =3D handshake_sk_destruct; + + ret =3D -EOPNOTSUPP; + net =3D sock_net(req->hr_sk); + hn =3D handshake_pernet(net); + if (!hn) + goto out_err; + + ret =3D -EAGAIN; + if (READ_ONCE(hn->hn_pending) >=3D hn->hn_pending_max) + goto out_err; + + spin_lock(&hn->hn_lock); + ret =3D -EOPNOTSUPP; + if (test_bit(HANDSHAKE_F_NET_DRAINING, &hn->hn_flags)) + goto out_unlock; + ret =3D -EBUSY; + + req_lookup =3D handshake_req_hash_lookup(sock->sk); + if (!req_lookup) + goto out_unlock; + + if (req_lookup !=3D req) + goto out_unlock; + if (!__add_pending_locked(hn, req)) + goto out_unlock; + spin_unlock(&hn->hn_lock); + + test_and_clear_bit(HANDSHAKE_F_REQ_COMPLETED, &req->hr_flags); + + ret =3D handshake_genl_notify(net, req->hr_proto, flags); + if (ret) { + trace_handshake_notify_err(net, req, req->hr_sk, ret); + if (remove_pending(hn, req)) + goto out_err; + } + + /* Prevent socket release while a handshake request is pending */ + sock_hold(req->hr_sk); + + trace_handshake_submit(net, req, req->hr_sk); + return 0; + +out_unlock: + spin_unlock(&hn->hn_lock); +out_err: + trace_handshake_submit_err(net, req, req->hr_sk, ret); + handshake_req_destroy(req); + return ret; +} +EXPORT_SYMBOL(handshake_req_keyupdate); + /** * handshake_req_submit - Submit a handshake request * @sock: open socket on which to perform the handshake --=20 2.51.1