From 009303dc06f8ecf4ed16c71e18c4e7fd40372eeb Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Tue, 29 Mar 2022 17:49:37 -0700 Subject: tls: use safe pool reallocs Type: improvement Signed-off-by: Florin Coras Change-Id: Ia2c771cbf826526d2d06b6da022509ab02917350 --- src/plugins/tlsmbedtls/tls_mbedtls.c | 3 +- src/plugins/tlsopenssl/tls_openssl.c | 5 ++-- src/plugins/tlspicotls/tls_picotls.c | 4 +-- src/vnet/tls/tls.c | 57 +++++------------------------------- src/vnet/tls/tls.h | 1 - 5 files changed, 14 insertions(+), 56 deletions(-) diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c index 8d6b7ac5498..a6b968eac14 100644 --- a/src/plugins/tlsmbedtls/tls_mbedtls.c +++ b/src/plugins/tlsmbedtls/tls_mbedtls.c @@ -74,7 +74,8 @@ mbedtls_ctx_alloc (void) mbedtls_main_t *tm = &mbedtls_main; mbedtls_ctx_t **ctx; - pool_get (tm->ctx_pool[thread_index], ctx); + pool_get_aligned_safe (tm->ctx_pool[thread_index], ctx, + CLIB_CACHE_LINE_BYTES); if (!(*ctx)) *ctx = clib_mem_alloc (sizeof (mbedtls_ctx_t)); diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 1e35f9d8e19..5ccc492328a 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -40,7 +40,8 @@ openssl_ctx_alloc_w_thread (u32 thread_index) openssl_main_t *om = &openssl_main; openssl_ctx_t **ctx; - pool_get (om->ctx_pool[thread_index], ctx); + pool_get_aligned_safe (om->ctx_pool[thread_index], ctx, 0); + if (!(*ctx)) *ctx = clib_mem_alloc (sizeof (openssl_ctx_t)); @@ -99,7 +100,7 @@ openssl_ctx_attach (u32 thread_index, void *ctx_ptr) session_handle_t sh; openssl_ctx_t **oc; - pool_get (om->ctx_pool[thread_index], oc); + pool_get_aligned_safe (om->ctx_pool[thread_index], oc, 0); /* Free the old instance instead of looking for an empty spot */ if (*oc) clib_mem_free (*oc); diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index afb48f1c72e..393f2bf9940 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -27,11 +27,11 @@ static ptls_key_exchange_algorithm_t *default_key_exchange[] = { static u32 picotls_ctx_alloc (void) { - u8 thread_id = vlib_get_thread_index (); + u32 thread_id = vlib_get_thread_index (); picotls_main_t *pm = &picotls_main; picotls_ctx_t **ctx; - pool_get (pm->ctx_pool[thread_id], ctx); + pool_get_aligned_safe (pm->ctx_pool[thread_id], ctx, CLIB_CACHE_LINE_BYTES); if (!(*ctx)) *ctx = clib_mem_alloc (sizeof (picotls_ctx_t)); diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index c1689954975..85ac7f8022c 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -115,59 +115,29 @@ u32 tls_ctx_half_open_alloc (void) { tls_main_t *tm = &tls_main; - u8 will_expand = pool_get_will_expand (tm->half_open_ctx_pool); tls_ctx_t *ctx; - u32 ctx_index; - if (PREDICT_FALSE (will_expand && vlib_num_workers ())) - { - clib_rwlock_writer_lock (&tm->half_open_rwlock); - pool_get_zero (tm->half_open_ctx_pool, ctx); - ctx->c_c_index = ctx - tm->half_open_ctx_pool; - ctx_index = ctx->c_c_index; - clib_rwlock_writer_unlock (&tm->half_open_rwlock); - } - else - { - /* reader lock assumption: only main thread will call pool_get */ - clib_rwlock_reader_lock (&tm->half_open_rwlock); - pool_get_zero (tm->half_open_ctx_pool, ctx); - ctx->c_c_index = ctx - tm->half_open_ctx_pool; - ctx_index = ctx->c_c_index; - clib_rwlock_reader_unlock (&tm->half_open_rwlock); - } - return ctx_index; + pool_get_aligned_safe (tm->half_open_ctx_pool, ctx, CLIB_CACHE_LINE_BYTES); + + clib_memset (ctx, 0, sizeof (*ctx)); + ctx->c_c_index = ctx - tm->half_open_ctx_pool; + + return ctx->c_c_index; } void tls_ctx_half_open_free (u32 ho_index) { - tls_main_t *tm = &tls_main; - clib_rwlock_writer_lock (&tm->half_open_rwlock); pool_put_index (tls_main.half_open_ctx_pool, ho_index); - clib_rwlock_writer_unlock (&tm->half_open_rwlock); } tls_ctx_t * tls_ctx_half_open_get (u32 ctx_index) { tls_main_t *tm = &tls_main; - clib_rwlock_reader_lock (&tm->half_open_rwlock); return pool_elt_at_index (tm->half_open_ctx_pool, ctx_index); } -void -tls_ctx_half_open_reader_unlock () -{ - clib_rwlock_reader_unlock (&tls_main.half_open_rwlock); -} - -u32 -tls_ctx_half_open_index (tls_ctx_t * ctx) -{ - return (ctx - tls_main.half_open_ctx_pool); -} - void tls_notify_app_enqueue (tls_ctx_t * ctx, session_t * app_session) { @@ -454,7 +424,6 @@ tls_session_cleanup_ho (session_t *s) ho_index = s->opaque; ctx = tls_ctx_half_open_get (ho_index); session_half_open_delete_notify (&ctx->connection); - tls_ctx_half_open_reader_unlock (); tls_ctx_half_open_free (ho_index); } @@ -567,7 +536,6 @@ tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index, ctx = tls_ctx_get (ctx_handle); clib_memcpy_fast (ctx, ho_ctx, sizeof (*ctx)); /* Half-open freed on tcp half-open cleanup notification */ - tls_ctx_half_open_reader_unlock (); ctx->c_thread_index = vlib_get_thread_index (); ctx->tls_ctx_handle = ctx_handle; @@ -628,7 +596,6 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index, api_context = ho_ctx->parent_app_api_context; app_worker_connect_notify (app_wrk, 0, err, api_context); } - tls_ctx_half_open_reader_unlock (); return 0; } @@ -766,7 +733,6 @@ tls_connect (transport_endpoint_cfg_t * tep) ctx->srv_hostname = format (0, "%s", ccfg->hostname); vec_terminate_c_string (ctx->srv_hostname); } - tls_ctx_half_open_reader_unlock (); ctx->tls_ctx_engine = engine_type; @@ -936,24 +902,18 @@ tls_listener_get (u32 listener_index) static transport_connection_t * tls_half_open_get (u32 ho_index) { - tls_main_t *tm = &tls_main; tls_ctx_t *ctx; ctx = tls_ctx_half_open_get (ho_index); - clib_rwlock_reader_unlock (&tm->half_open_rwlock); return &ctx->connection; } static void tls_cleanup_ho (u32 ho_index) { - tls_main_t *tm = &tls_main; - session_handle_t tcp_sh; tls_ctx_t *ctx; ctx = tls_ctx_half_open_get (ho_index); - tcp_sh = ctx->tls_session_handle; - clib_rwlock_reader_unlock (&tm->half_open_rwlock); - session_cleanup_half_open (tcp_sh); + session_cleanup_half_open (ctx->tls_session_handle); tls_ctx_half_open_free (ho_index); } @@ -1090,7 +1050,6 @@ format_tls_half_open (u8 * s, va_list * args) ho_ctx->parent_app_wrk_index, ho_ctx->tls_ctx_engine, tcp_ho->thread_index, tcp_ho->session_index); - tls_ctx_half_open_reader_unlock (); return s; } @@ -1334,8 +1293,6 @@ tls_init (vlib_main_t * vm) if (!tm->ca_cert_path) tm->ca_cert_path = TLS_CA_CERT_PATH; - clib_rwlock_init (&tm->half_open_rwlock); - vec_validate (tm->rx_bufs, num_threads - 1); vec_validate (tm->tx_bufs, num_threads - 1); diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h index 4a5da15a88f..2938cdb4a17 100644 --- a/src/vnet/tls/tls.h +++ b/src/vnet/tls/tls.h @@ -92,7 +92,6 @@ typedef struct tls_main_ u32 app_index; tls_ctx_t *listener_ctx_pool; tls_ctx_t *half_open_ctx_pool; - clib_rwlock_t half_open_rwlock; u8 **rx_bufs; u8 **tx_bufs; -- cgit 1.2.3-korg