From nobody Sun Apr 5 13:27:29 2026 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8CEBA30E84D for ; Wed, 4 Mar 2026 05:36:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772602602; cv=none; b=FSrzvp8mTFIlXhc5haxhpaNO5OIN5k4RUXV2w5X0G12ZGs6bmgvHKNrR4IhPKxL77sveKhvkGdf4HbPRWJBwXOYoLE4hjFkZ4wP0L+oUWJ9c5lA7WzUqkBGkwXFeIutNDGUzsnpr5CF/Y79XEy5lBbx+3bAuSCw7fOxu43avWDk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772602602; c=relaxed/simple; bh=Fh2w9GegkIjBGfvJYSj0dj5p+FWtLjoeXIvuAgbxRcI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bSeXgEtduRGpmIqL23Zjit9eufHbBI5efW8MUE0Ns+qEZeP/82yCYlmHtU+fwc1ZLaY0ufrpQ9jbhHs7n5LyKUpQGHeURRfeuU8yYP0FI1LIjGBvTbZdnFQqbowJrmrfwhClvFxYTTvajEpeNIj1t4HLwN1M08/3pVjXip9+Yyc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Bgkmp1KD; arc=none smtp.client-ip=209.85.216.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Bgkmp1KD" Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-35984cd0335so1421507a91.0 for ; Tue, 03 Mar 2026 21:36:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772602599; x=1773207399; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zXXONp/ELYPAk8Ra1lPAUCJk3t+/mDBCyOGivtl5sfY=; b=Bgkmp1KDJuaQ07bo2dOHwHZOm2eu5vU1YzXn/9rL4JC/Sx4E981uMZi6kt8Exs+Rj/ vSgYNagHqeOkH/P5UwaYgWJfgofpOHD2XI4Xy7noH/grWbYE1n6lehuA9He6JCDDJe/K R2N6yIQPUS4frlqnd3TvNkNyD6Cd9pQkECBOF9DaRGytMm4s8pSjrlh5h2TTcuFg6iY/ rWEjmbc8jlW9pzyJQDkp135gF96rVhRcU5eBbjkxOyl/fXDIjaoecrI4YL4kTMvpcadk wmKTZp5JMb0OBvGKrOOaJ0PPloxD/DT1S7E0HOwUqlAKUuYuwyrtgqhMuROneIkLqVwn 0XjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772602599; x=1773207399; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=zXXONp/ELYPAk8Ra1lPAUCJk3t+/mDBCyOGivtl5sfY=; b=ZMUZywJqViWZS/1dsBiBUspybSEletJ4A04ddLPFbt10/ciAP4zlzdhIh3YdLRa7IP 3mEQyVfyfJkMe5itLoYTRUqpwrkHuHHaQEAhgwsMPIymkIqvpzJiT/9kjnDTyB7XSMGs 5FxeiUORI7ctHDQDxs2MAKdOn2AAQ/mmbkQg7OQqZjj0+qES9R/V4Ak9JGnUPIRJCe1w /cL88t38yKV2b7pNtedTbsgOs7P37CJk8sEb3myCihyWc+Us6ILdfzfkwT6C9J/eYkZ5 F5b7kQjHj2CQl2ZhODI41iw6QX/fRgfw3XMlF4yOoIg+Im24FYGAlNgkquAZWY3B1NDL sQbA== X-Forwarded-Encrypted: i=1; AJvYcCVpS8Gp5EFtai4ye9eM6RkV3FtuUHZHA+XzHqd9+841v2LygozdVOPyFVtP0wvwYNAogD9E895ThTTOdoM=@vger.kernel.org X-Gm-Message-State: AOJu0YwUtRnPJ0wNI9Uz29M8tga7I3gan5wfxhyXgscsCwXG2+x5ubDC N/1uLygucDre6hiBgaiCBDwSsrfklyhoAt9EFjDuDXfipyKY+VJGb9sp X-Gm-Gg: ATEYQzwICo4NEoxSJLgE2MUBdXsBtordEhIVEsQDPdiw5HfYNDkWfpt/weDxjsqhYlc NtpPoMsUreH3q2S9zXkS5heLzQAd1OyPWgkk8KWruaSU5mNHg7nxj0F5XqH8AUQZXux9qVHoWFk 4YFWgUcT9B7AgKXvPS6anFpsCnIARjg0/5u042mMgF/uF5gmVpAh593di0ZOEYfVR9NBt8d1w9n rQkfqkxcVkq0ge9OAy8+nW4pBwjw4+zUKlIV74A416oAOXvudT9DzARZT6W0REQb0VINCY/18JT LP62YoJbaS+KcgLjZ4/SG3FpwThNbIFFn00eYcehfK1Yqjy4D07tLjWWka+U2mwjiGf8rykUdGx XN4t9VMwJbbnfSILczsJwMHEHT+U6j14U01uirdY8tfZlCAunKHlTkzwSfUVuBe2puCLUXIoCzD YSzZSkLvxKWyhQL/+RieQWpgW3QYiTJHk+b/ZneXDD2w== X-Received: by 2002:a17:90a:ec87:b0:359:8a78:5696 with SMTP id 98e67ed59e1d1-359a6ce6a46mr960709a91.1.1772602599018; Tue, 03 Mar 2026 21:36:39 -0800 (PST) Received: from toolbx.alistair23.me ([2403:581e:fdf9:0:6209:4521:6813:45b7]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-3599c090bfdsm4020057a91.8.2026.03.03.21.36.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Mar 2026 21:36:38 -0800 (PST) From: alistair23@gmail.com X-Google-Original-From: alistair.francis@wdc.com To: chuck.lever@oracle.com, hare@kernel.org, kernel-tls-handshake@lists.linux.dev, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-nvme@lists.infradead.org, linux-nfs@vger.kernel.org Cc: kbusch@kernel.org, axboe@kernel.dk, hch@lst.de, sagi@grimberg.me, kch@nvidia.com, hare@suse.de, alistair23@gmail.com, Alistair Francis Subject: [PATCH v7 2/5] net/handshake: Define handshake_req_keyupdate Date: Wed, 4 Mar 2026 15:34:57 +1000 Message-ID: <20260304053500.590630-3-alistair.francis@wdc.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260304053500.590630-1-alistair.francis@wdc.com> References: <20260304053500.590630-1-alistair.francis@wdc.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alistair Francis Add a new handshake_req_keyupdate() function which is similar to the existing handshake_req_submit(). The new handshake_req_keyupdate() does not add the request to the hash table (unlike handshake_req_submit()) but instead uses the existing request from the initial handshake. During the initial handshake handshake_req_submit() will add the request to the hash table. The request will not be removed from the hash table unless the socket is closed (reference count hits zero). After the initial handshake handshake_req_keyupdate() can be used to re-use the existing request in the hash table to trigger a KeyUpdate with userspace. Signed-off-by: Alistair Francis Reviewed-by: Hannes Reinecke --- v7: - No change v6: - New patch net/handshake/handshake.h | 2 + net/handshake/request.c | 97 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) diff --git a/net/handshake/handshake.h b/net/handshake/handshake.h index a48163765a7a..04feacd1e21d 100644 --- a/net/handshake/handshake.h +++ b/net/handshake/handshake.h @@ -84,6 +84,8 @@ void handshake_req_hash_destroy(void); void *handshake_req_private(struct handshake_req *req); struct handshake_req *handshake_req_hash_lookup(struct sock *sk); struct handshake_req *handshake_req_next(struct handshake_net *hn, int cla= ss); +int handshake_req_keyupdate(struct socket *sock, struct handshake_req *req, + gfp_t flags); int handshake_req_submit(struct socket *sock, struct handshake_req *req, gfp_t flags); void handshake_complete(struct handshake_req *req, unsigned int status, diff --git a/net/handshake/request.c b/net/handshake/request.c index 2829adbeb149..5653c8f69dce 100644 --- a/net/handshake/request.c +++ b/net/handshake/request.c @@ -196,6 +196,103 @@ struct handshake_req *handshake_req_next(struct hands= hake_net *hn, int class) } EXPORT_SYMBOL_IF_KUNIT(handshake_req_next); =20 +/** + * handshake_req_keyupdate - Submit a KeyUpdate request + * @sock: open socket on which to perform the handshake + * @req: handshake arguments, this must already be allocated and exist + * in the hash table, which happens as part of handshake_req_submit() + * @flags: memory allocation flags + * + * Return values: + * %0: Request queued + * %-EINVAL: Invalid argument + * %-EBUSY: A handshake is already under way for this socket + * %-ESRCH: No handshake agent is available + * %-EFAULT: An initial handshake hasn't happened yet + * %-EAGAIN: Too many pending handshake requests + * %-ENOMEM: Failed to allocate memory + * %-EMSGSIZE: Failed to construct notification message + * %-EOPNOTSUPP: Handshake module not initialized + * + * A zero return value from handshake_req_submit() means that + * exactly one subsequent completion callback is guaranteed. + * + * A negative return value from handshake_req_submit() means that + * no completion callback will be done and that @req has been + * destroyed. + */ +int handshake_req_keyupdate(struct socket *sock, struct handshake_req *req, + gfp_t flags) +{ + struct handshake_net *hn; + struct net *net; + struct handshake_req *req_lookup; + int ret; + + if (!sock || !req || !sock->file) { + kfree(req); + return -EINVAL; + } + + req->hr_sk =3D sock->sk; + if (!req->hr_sk) { + kfree(req); + return -EINVAL; + } + req->hr_odestruct =3D req->hr_sk->sk_destruct; + req->hr_sk->sk_destruct =3D handshake_sk_destruct; + + ret =3D -EOPNOTSUPP; + net =3D sock_net(req->hr_sk); + hn =3D handshake_pernet(net); + if (!hn) + goto out_err; + + ret =3D -EAGAIN; + if (READ_ONCE(hn->hn_pending) >=3D hn->hn_pending_max) + goto out_err; + + spin_lock(&hn->hn_lock); + ret =3D -EOPNOTSUPP; + if (test_bit(HANDSHAKE_F_NET_DRAINING, &hn->hn_flags)) + goto out_unlock; + + ret =3D -EFAULT; + req_lookup =3D handshake_req_hash_lookup(sock->sk); + if (!req_lookup) + goto out_unlock; + + ret =3D -EBUSY; + if (req_lookup !=3D req) + goto out_unlock; + if (!__add_pending_locked(hn, req)) + goto out_unlock; + spin_unlock(&hn->hn_lock); + + test_and_clear_bit(HANDSHAKE_F_REQ_COMPLETED, &req->hr_flags); + + ret =3D handshake_genl_notify(net, req->hr_proto, flags); + if (ret) { + trace_handshake_notify_err(net, req, req->hr_sk, ret); + if (remove_pending(hn, req)) + goto out_err; + } + + /* Prevent socket release while a handshake request is pending */ + sock_hold(req->hr_sk); + + trace_handshake_submit(net, req, req->hr_sk); + return 0; + +out_unlock: + spin_unlock(&hn->hn_lock); +out_err: + trace_handshake_submit_err(net, req, req->hr_sk, ret); + handshake_req_destroy(req); + return ret; +} +EXPORT_SYMBOL(handshake_req_keyupdate); + /** * handshake_req_submit - Submit a handshake request * @sock: open socket on which to perform the handshake --=20 2.53.0