On 13/07/2020 1:32, David Miller wrote: > From: Boris Pismenny <bor...@mellanox.com> > Date: Sun, 12 Jul 2020 13:44:09 +0300 > >> This patch adds two configuration knobs to control TLS zerocopy sendfile: >> 1) socket option named TLS_TX_ZEROCOPY_SENDFILE that enables >> applications to use zerocopy sendfile on a per-socket basis. >> 2) global sysctl named tls_zerocopy_sendfile that defines the default >> for the entire system. > We already have too many knobs, don't add this until we find that > it is necessary and that the kernel can't do the optimal thing > on it's own.
An alternative approach that requires no knobs is to change the current TLS_DEVICE sendfile flow to skip the copy. It is really not necessary to copy the data, as the guarantees it provides to users, namely that users can modify page cache data sent via sendfile with no error, justifies the performance overhead. Users that sendfile data from the pagecache while modifying it cannot reasonably expect data on the other side to be consistent. TCP sendfile guarantees nothing except that the TCP checksum is correct. TLS sendfile with copy guarantees the same, but TLS sendfile zerocopy (with offload) will send the modified data, and this can trigger an authentication error on the TLS layer when inconsistent data is received. If the data is inconsistent, then letting the user know via an error is desirable, right? If there are no objections, I'd gladly resubmit it with the approach described above.
