• Dmitry Safonov's avatar
    net/tcp: Disable TCP-MD5 static key on tcp_md5sig_info destruction · 459837b5
    Dmitry Safonov authored
    To do that, separate two scenarios:
    - where it's the first MD5 key on the system, which means that enabling
      of the static key may need to sleep;
    - copying of an existing key from a listening socket to the request
      socket upon receiving a signed TCP segment, where static key was
      already enabled (when the key was added to the listening socket).
    
    Now the life-time of the static branch for TCP-MD5 is until:
    - last tcp_md5sig_info is destroyed
    - last socket in time-wait state with MD5 key is closed.
    
    Which means that after all sockets with TCP-MD5 keys are gone, the
    system gets back the performance of disabled md5-key static branch.
    
    While at here, provide static_key_fast_inc() helper that does ref
    counter increment in atomic fashion (without grabbing cpus_read_lock()
    on CONFIG_JUMP_LABEL=y). This is needed to add a new user for
    a static_key when the caller controls the lifetime of another user.
    Signed-off-by: default avatarDmitry Safonov <dima@arista.com>
    Acked-by: default avatarJakub Kicinski <kuba@kernel.org>
    Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
    Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
    459837b5
tcp_minisocks.c 27.5 KB