From nobody Tue Feb 01 00:44:34 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E301A197CE64;
	Tue,  1 Feb 2022 00:44:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JnmR72mqrz4YXZ;
	Tue,  1 Feb 2022 00:44:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1643676275;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=xzU9/brtSQu8p4/HmWrtlzh1zxT9Ku53RrI1e9ty9oQ=;
	b=B6KqLbvq4U2ASyDs8DCTTeb+zrzD91kHq52hyYy1317DL6lPuQrDyFfeScT8lGlzQU5A7v
	SgWwAFAp+AqXCrX3xNPxSnm8E75JR5xJ2Nck3DqG2WmPajxuqypbxJFORaIwweRaFMuDSQ
	YRiRryzZLx+qImgFbYJk4VaqYSguKhZQZO8zESVym5FoukwhDChtsGHSpPipj3cruSIuo4
	gEr3w2g/1o+3U9jaMWvNV5S4XnbUEK8OFwt76gT6LrX+12BjyTGtm627KxcoxJhAwF5Tg6
	Tlu+ZRB1daw/KLJ11Vb73n2zJlljjypKTyjXikqhaEDR8IQqO90r2TUfAHPXOw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F3C3E266B6;
	Tue,  1 Feb 2022 00:44:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2110iYr1072640;
	Tue, 1 Feb 2022 00:44:34 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2110iYLr072639;
	Tue, 1 Feb 2022 00:44:34 GMT
	(envelope-from git)
Date: Tue, 1 Feb 2022 00:44:34 GMT
Message-Id: <202202010044.2110iYLr072639@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Subject: git: d782385e9bc7 - main - tcp_ratelimit: Handle some edge cases with TLS + RL send tags.
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jhb
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: d782385e9bc7bf14ab0f6577bad7526cc51b6b64
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1643676275;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=xzU9/brtSQu8p4/HmWrtlzh1zxT9Ku53RrI1e9ty9oQ=;
	b=I//70WtTiJtRGdZVg/fnMM2CKvOWQF2EET/qFoQLAvMrqojjG2QSuBIRmdlMr0RgJAbnJr
	DxDOgVGAYg7noCITVWWErWmgI0Dx7HVctl4bKQEg/U2cAbCLZVN9U8mOrnxCcNlgpD/e6A
	i+TDIstkeZw1/LN4KSmbbirGL38EBzk2ApTEkBVeRWdZxtXKBz1ueM3XDIf4OU70RKNkkQ
	ODxcNRihvpalnJb0TVgX/JAGytlhuADkSO9gzDbq6/QLPx70iZolh+Xc7kK+SGOTfkde0k
	PqskQwlFkW7cBXEmCLs3UZenqYV2uhM2Gu97qbIlGVF6KT4BqsUX2j7lFGoxCg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643676275; a=rsa-sha256; cv=none;
	b=MhCEgw+38NmcuqQQPcw/TLN2yrrVrFVvKM5sKqQBfxEgD6gu18BmvSdQwSHtTiT5rQ2FuK
	jUDZlI8Gz8deFSW7Q59gMB1Sr5YKY7nVLRGHRf992cgY1vxUzH4iCsYXvk0fmrpcQEfm41
	Jmdb2Xm3ou5XNmHN5Ru7rNmL1RDurvwFyeHUMB8kjTnrF0AZ0D46naBbUGweQKq23hUQLh
	q8LSXFV49ns3fMf7U+5xsX6miVsVow4JPKAUY3DZfWjfSRWpMRCyjkDIZ/ohR/jqTVIIMm
	Kzys8j6YLLJwOm531AJj6gssnbTSbgEBaSOYigCIkldFLMSGYTcXNbI8JADx/g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=d782385e9bc7bf14ab0f6577bad7526cc51b6b64

commit d782385e9bc7bf14ab0f6577bad7526cc51b6b64
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-02-01 00:40:04 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-02-01 00:40:04 +0000

    tcp_ratelimit: Handle some edge cases with TLS + RL send tags.
    
    - After a connection has fallen back from NIC TLS to SW TLS, any
      pacing rate changes should modify the inpcb send tag even though
      SB_TLS_IFNET is set.
    
    - If a connection tries to modify the pacing rate before the send
      tag has been converted from plain TLS to TLS + RL, don't fail
      the rate request set but let it fall through to setting the rate
      on the non-TLS inpcb RL tag.
    
    Reviewed by:    gallatin, rrs, hselasky
    Sponsored by:   Netflix
    Differential Revision:  https://reviews.freebsd.org/D34085
---
 sys/netinet/tcp_ratelimit.c | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/sys/netinet/tcp_ratelimit.c b/sys/netinet/tcp_ratelimit.c
index 2f36cea4faed..dc9a6b6650e1 100644
--- a/sys/netinet/tcp_ratelimit.c
+++ b/sys/netinet/tcp_ratelimit.c
@@ -1403,18 +1403,30 @@ tcp_chg_pacing_rate(const struct tcp_hwrate_limit_table *crte,
 #ifdef KERN_TLS
 	if (tp->t_inpcb->inp_socket->so_snd.sb_flags & SB_TLS_IFNET) {
 		tls = tp->t_inpcb->inp_socket->so_snd.sb_tls_info;
-		MPASS(tls->mode == TCP_TLS_MODE_IFNET);
-		if (tls->snd_tag != NULL &&
+		if (tls->mode != TCP_TLS_MODE_IFNET)
+			tls = NULL;
+		else if (tls->snd_tag != NULL &&
 		    tls->snd_tag->sw->type != IF_SND_TAG_TYPE_TLS_RATE_LIMIT) {
+			if (!tls->reset_pending) {
+				/*
+				 * NIC probably doesn't support
+				 * ratelimit TLS tags if it didn't
+				 * allocate one when an existing rate
+				 * was present, so ignore.
+				 */
+				tcp_rel_pacing_rate(crte, tp);
+				if (error)
+					*error = EOPNOTSUPP;
+				return (NULL);
+			}
+
 			/*
-			 * NIC probably doesn't support ratelimit TLS
-			 * tags if it didn't allocate one when an
-			 * existing rate was present, so ignore.
+			 * The send tag is being converted, so set the
+			 * rate limit on the inpcb tag.  There is a
+			 * race that the new NIC send tag might use
+			 * the current rate instead of this one.
 			 */
-			tcp_rel_pacing_rate(crte, tp);
-			if (error)
-				*error = EOPNOTSUPP;
-			return (NULL);
+			tls = NULL;
 		}
 	}
 #endif