[RFC,10/12] SUNRPC: Add RPC-with-TLS tracepoints

Message ID	168426615568.74246.14196813436403192718.stgit@oracle-102.nfsv4bat.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-nfs-owner@vger.kernel.org> Subject: [PATCH RFC 10/12] SUNRPC: Add RPC-with-TLS tracepoints From: Chuck Lever <cel@kernel.org> To: anna.schumaker@netapp.com, trondmy@hammerspace.com Cc: Chuck Lever <chuck.lever@oracle.com>, linux-nfs@vger.kernel.org, kernel-tls-handshake@lists.linux.dev Date: Tue, 16 May 2023 15:42:45 -0400 Message-ID: <168426615568.74246.14196813436403192718.stgit@oracle-102.nfsv4bat.org> In-Reply-To: <168426587118.74246.214357450560967997.stgit@oracle-102.nfsv4bat.org> References: <168426587118.74246.214357450560967997.stgit@oracle-102.nfsv4bat.org> User-Agent: StGit/1.5 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk
Series	client-side RPC-with-TLS \| expand [RFC,00/12] client-side RPC-with-TLS [RFC,01/12] NFS: Improvements for fs_context-related tracepoints [RFC,02/12] SUNRPC: Plumb an API for setting transport layer security [RFC,03/12] SUNRPC: Trace the rpc_create_args [RFC,04/12] SUNRPC: Refactor rpc_call_null_helper() [RFC,05/12] SUNRPC: Add RPC client support for the RPC_AUTH_TLS auth flavor [RFC,06/12] SUNRPC: Ignore data_ready callbacks during TLS handshakes [RFC,07/12] SUNRPC: Capture CMSG metadata on client-side receive [RFC,08/12] SUNRPC: Add a connect worker function for TLS [RFC,09/12] SUNRPC: Add RPC-with-TLS support to xprtsock.c [RFC,10/12] SUNRPC: Add RPC-with-TLS tracepoints [RFC,11/12] NFS: Have struct nfs_client carry a TLS policy field [RFC,12/12] NFS: Add an "xprtsec=" NFS mount option

Message ID

168426615568.74246.14196813436403192718.stgit@oracle-102.nfsv4bat.org (mailing list archive)

State

New, archived

Headers

Subject: [PATCH RFC 10/12] SUNRPC: Add RPC-with-TLS tracepoints
From: Chuck Lever <cel@kernel.org>
To: anna.schumaker@netapp.com, trondmy@hammerspace.com
Cc: Chuck Lever <chuck.lever@oracle.com>, linux-nfs@vger.kernel.org,
        kernel-tls-handshake@lists.linux.dev
Date: Tue, 16 May 2023 15:42:45 -0400
Message-ID: 
 <168426615568.74246.14196813436403192718.stgit@oracle-102.nfsv4bat.org>
In-Reply-To: 
 <168426587118.74246.214357450560967997.stgit@oracle-102.nfsv4bat.org>
References: 
 <168426587118.74246.214357450560967997.stgit@oracle-102.nfsv4bat.org>
User-Agent: StGit/1.5
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Precedence: bulk

Series

client-side RPC-with-TLS | expand

Commit Message

Chuck Lever May 16, 2023, 7:42 p.m. UTC

From: Chuck Lever <chuck.lever@oracle.com>

RFC 9289 makes auditing TLS handshakes mandatory-to-implement.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 include/trace/events/sunrpc.h |   44 +++++++++++++++++++++++++++++++++++++++++
 net/sunrpc/xprtsock.c         |    5 ++++-
 2 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/include/trace/events/sunrpc.h b/include/trace/events/sunrpc.h
index 34784f29a63d..7cd4bbd6904c 100644
--- a/include/trace/events/sunrpc.h
+++ b/include/trace/events/sunrpc.h
@@ -1525,6 +1525,50 @@  TRACE_EVENT(rpcb_unregister,
 	)
 );
 
+/**
+ ** RPC-over-TLS tracepoints
+ **/
+
+DECLARE_EVENT_CLASS(rpc_tls_class,
+	TP_PROTO(
+		const struct rpc_clnt *clnt,
+		const struct rpc_xprt *xprt
+	),
+
+	TP_ARGS(clnt, xprt),
+
+	TP_STRUCT__entry(
+		__field(unsigned long, requested_policy)
+		__field(u32, version)
+		__string(servername, xprt->servername)
+		__string(progname, clnt->cl_program->name)
+	),
+
+	TP_fast_assign(
+		__entry->requested_policy = clnt->cl_xprtsec.policy;
+		__entry->version = clnt->cl_vers;
+		__assign_str(servername, xprt->servername);
+		__assign_str(progname, clnt->cl_program->name)
+	),
+
+	TP_printk("server=%s %sv%u requested_policy=%s",
+		__get_str(servername), __get_str(progname), __entry->version,
+		rpc_show_xprtsec_policy(__entry->requested_policy)
+	)
+);
+
+#define DEFINE_RPC_TLS_EVENT(name) \
+	DEFINE_EVENT(rpc_tls_class, rpc_tls_##name, \
+			TP_PROTO( \
+				const struct rpc_clnt *clnt, \
+				const struct rpc_xprt *xprt \
+			), \
+			TP_ARGS(clnt, xprt))
+
+DEFINE_RPC_TLS_EVENT(unavailable);
+DEFINE_RPC_TLS_EVENT(not_started);
+
+
 /* Record an xdr_buf containing a fully-formed RPC message */
 DECLARE_EVENT_CLASS(svc_xdr_msg_class,
 	TP_PROTO(
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 686dd313f89f..7ade414aa1cb 100644
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -2630,6 +2630,7 @@  static void xs_tls_connect(struct work_struct *work)
 	/* This implicitly sends an RPC_AUTH_TLS probe */
 	lower_clnt = rpc_create(&args);
 	if (IS_ERR(lower_clnt)) {
+		trace_rpc_tls_unavailable(upper_clnt, upper_xprt);
 		clear_bit(XPRT_SOCK_CONNECTING, &upper_transport->sock_state);
 		xprt_clear_connecting(upper_xprt);
 		xprt_wake_pending_tasks(upper_xprt, PTR_ERR(lower_clnt));
@@ -2645,8 +2646,10 @@  static void xs_tls_connect(struct work_struct *work)
 	lower_xprt = rcu_dereference(lower_clnt->cl_xprt);
 	rcu_read_unlock();
 	status = xs_tls_handshake_sync(lower_xprt, &upper_xprt->xprtsec);
-	if (status)
+	if (status) {
+		trace_rpc_tls_not_started(upper_clnt, upper_xprt);
 		goto out_close;
+	}
 
 	status = xs_tls_finish_connecting(lower_xprt, upper_transport);
 	if (status)

[RFC,10/12] SUNRPC: Add RPC-with-TLS tracepoints

Commit Message

Patch